Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Wm0uFsapfrnONF16Njxegq7s.exe

Overview

General Information

Sample name:Wm0uFsapfrnONF16Njxegq7s.exe
Analysis ID:1505022
MD5:b3757b09ed2150ce857f446c0c61363c
SHA1:04536100a4a8fc27dde91e006f4e2ea6b398b65e
SHA256:4bb311ba0e479264b1d3c7deab5bfb44b0c1fb100d82aa7d605369b0ac938981
Infos:

Detection

Djvu
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found ransom note / readme
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Djvu Ransomware
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Modifies existing user documents (likely ransomware behavior)
Tries to harvest and steal browser information (history, passwords, etc)
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses cacls to modify the permissions of files
Yara signature match

Classification

Process Tree

  • System is w10x64_ra
  • Wm0uFsapfrnONF16Njxegq7s.exe (PID: 2980 cmdline: "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe" MD5: B3757B09ED2150CE857F446C0C61363C)
    • Wm0uFsapfrnONF16Njxegq7s.exe (PID: 3048 cmdline: "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe" MD5: B3757B09ED2150CE857F446C0C61363C)
      • icacls.exe (PID: 5560 cmdline: icacls "C:\Users\user\AppData\Local\56554587-8dd7-478c-81eb-46ed5e155f58" /deny *S-1-1-0:(OI)(CI)(DE,DC) MD5: 2E49585E4E08565F52090B144062F97E)
      • Wm0uFsapfrnONF16Njxegq7s.exe (PID: 2148 cmdline: "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe" --Admin IsNotAutoStart IsNotTask MD5: B3757B09ED2150CE857F446C0C61363C)
        • Wm0uFsapfrnONF16Njxegq7s.exe (PID: 3956 cmdline: "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe" --Admin IsNotAutoStart IsNotTask MD5: B3757B09ED2150CE857F446C0C61363C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
STOP, DjvuSTOP Djvu Ransomware it is a ransomware which encrypts user data through AES-256 and adds one of the dozen available extensions as marker to the encrypted file's name. It is not used to encrypt the entire file but only the first 5 MB. In its original version it was able to run offline and, in that case, it used a hard-coded key which could be extracted to decrypt files.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stop

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.1075915397.0000000003EFF000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.1046285046.0000000003FAA000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.1046355756.0000000004040000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
    00000000.00000002.1046355756.0000000004040000.00000040.00001000.00020000.00000000.sdmpWindows_Ransomware_Stop_1e8d48ffunknownunknown
    • 0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
    • 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
    00000002.00000002.1061246215.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_DjvuYara detected Djvu RansomwareJoe Security
      Click to see the 2 entries

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: CurrentVersion Autorun Keys Modification
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\56554587-8dd7-478c-81eb-46ed5e155f58\Wm0uFsapfrnONF16Njxegq7s.exe" --AutoStart, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe, ProcessId: 3048, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-09-05T17:35:16.997676+020020363351A Network Trojan was detected185.18.245.5880192.168.2.1749699TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-09-05T17:35:16.997451+020020363341A Network Trojan was detected192.168.2.1749699185.18.245.5880TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-09-05T17:35:16.997451+020028032742Potentially Bad Traffic192.168.2.1749699185.18.245.5880TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: Wm0uFsapfrnONF16Njxegq7s.exeReversingLabs: Detection: 100%
      Machine Learning detection for dropped file
      Source: C:\Users\user\AppData\Local\56554587-8dd7-478c-81eb-46ed5e155f58\Wm0uFsapfrnONF16Njxegq7s.exeJoe Sandbox ML: detected
      Source: C:\Users\user\AppData\Local\56554587-8dd7-478c-81eb-46ed5e155f58\Wm0uFsapfrnONF16Njxegq7s.exeJoe Sandbox ML: detected
      Source: Wm0uFsapfrnONF16Njxegq7s.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\_readme.txt
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\$WinREAgent\_readme.txt
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\$WinREAgent\Scratch\_readme.txt
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\_readme.txt
      Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.17:49697 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.17:49698 version: TLS 1.2

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2036334 - Severity 1 - ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key : 192.168.2.17:49699 -> 185.18.245.58:80
      Source: Network trafficSuricata IDS: 2036335 - Severity 1 - ET MALWARE Win32/Filecoder.STOP Variant Public Key Download : 185.18.245.58:80 -> 192.168.2.17:49699
      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.17:49699 -> 185.18.245.58:80
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /test1/get.php?pid=81DFF148796B74576BAF1441CC320074&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: cajgtus.com
      Source: global trafficDNS traffic detected: DNS query: api.2ip.ua
      Source: global trafficDNS traffic detected: DNS query: cajgtus.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
      Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
      Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.17:49697 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.17:49698 version: TLS 1.2

      Spam, unwanted Advertisements and Ransom Demands

      barindex
      Found ransom note / readme
      Source: C:\_readme.txtDropped file: ATTENTION!Don't worry, you can return all your files!All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.The only method of recovering files is to purchase decrypt tool and unique key for you.This software will decrypt all your encrypted files.What guarantees you have?You can send one of your encrypted file from your PC and we decrypt it for free.But we can decrypt only 1 file for free. File must not contain valuable information.Do not ask assistants from youtube and recovery data sites for help in recovering your data.They can use your free decryption quota and scam you.Our contact is emails in this text document only.You can get and look video overview decrypt tool:https://wetransfer.com/downloads/abe121434ad837dd5bdd03878a14485820240531135509/34284dPrice of private key and decrypt software is $999.Discount 50% available if you contact us first 72 hours, that's price for you is $499.Please note that you'll never restore your data without payment.Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:support@freshingmail.topReserve e-mail address to contact us:datarestorehelpyou@airmail.ccYour personal ID:0874PsawqS9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6Jump to dropped file
      Yara detected Djvu Ransomware
      Source: Yara matchFile source: 00000000.00000002.1046355756.0000000004040000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000002.00000002.1061246215.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
      Modifies existing user documents (likely ransomware behavior)
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile moved: C:\Users\user\Desktop\SQRKHNBNYN\NEBFQQYWPS.mp3
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile deleted: C:\Users\user\Desktop\SQRKHNBNYN\NEBFQQYWPS.mp3
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile moved: C:\Users\user\Desktop\UOOJJOZIRH.xlsx
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile deleted: C:\Users\user\Desktop\UOOJJOZIRH.xlsx
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile moved: C:\Users\user\Desktop\SQRKHNBNYN\IPKGELNTQY.png
      Writes a notice file (html or txt) to demand a ransom
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile dropped: C:\_readme.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.do not ask assistants from youtube and recovery data sites for help in recovering your data.they can use your free decryption quota and scam you.our contact is emails in this text document only.you can get and look video overview decrypt tool:https://wetransfer.com/downloads/abe121434ad837dd5bdd03878a14485820240531135509/34284dprice of private key and decrypt software is $999.discount 50% available if you contact us first 72 hours, that's price for you is $499.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshingmail.topreserve e-mail addressJump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{b6e2d5d0-7cd6-4302-b3d8-f8809d966acd}\appsglobals.txt -> decrypter\dvddecrypter.exe12438{6d809377-6af0-444b-8957-a3773f02200e}\renderdoc\qrenderdoc.exe12438{6d809377-6af0-444b-8957-a3773f02200e}\microsoft system center 2012 r2\service manager\microsoft.enterprisemanagement.servicemanager.ui.console.exe12438microsoft.appv.603b45325cf2a147a217bc0826e85cce12439{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\pro evolution soccer 2018\pes2018.exe12439c:\ignition\ignitioncasino.exe12440{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\splashdata\splashid safe\splashid safe.exe12440{6d809377-6af0-444b-8957-a3773f02200e}\native instruments\komplete kontrol\komplete kontrol.exe1244025342asdf3333.stoppuhrtimer_1xbryz0n7krfa!app12441{6d809377-6af0-444b-8957-a3773f02200e}\owasp\zed attack proxy\zap.exe12441{6d809377-6af0-444b-8957-a3773f02200e}\dell\toad for oracle 2015 r2 suite\toad for oracle 12.8\toad.exe12441{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\mysql\mysql workbench 6.0 ce\mysqlworkbench.exe12441212377tik.7tik-tiktokforwindows_da70t93mgq52j!app12442{7cJump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{2f653c34-93d5-49fe-923d-7a89486b82d4}\0.0.filtertrie.intermediate.txt -> decryption settings~decrease zoom level~decrease volume~decrease mouse speed~decrease mouse acceleration~decrease brightness~decode~decice~deault~deaf~deafult~ddevice~daylight saving time on or off~davice~dates~date time~date settings~date and time~date and time settings~date and time from a time server~date and time formats~data~data you send to microsoft~data viewer~data usage overview~data to improve narrator~data systemwide~data settings~data sense~data saver~data restore~data plan~data limit~data instead of wifi~data for all apps~data connection with other devices~data captured by windows mixed reality~dark~darker touch feedback~dark theme~dark theme settings~dark mode systemwide~dark mode settings~dark mode for apps~dark colours~dark colors~dafault~c~cutting and pasting~cut and paste~customizing~customize~customize narrator sounds setting~customize narrator sound effects setting~customising~custJump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile dropped: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{3c1df65b-e1b4-4534-b489-7dfc2f9d79b4}\0.0.filtertrie.intermediate.txt -> decryption settings~decrease zoom level~decrease volume~decrease mouse speed~decrease mouse acceleration~decrease brightness~decode~decice~deault~deaf~deafult~ddevice~daylight saving time on or off~davice~dates~date time~date settings~date and time~date and time settings~date and time from a time server~date and time formats~data~data you send to microsoft~data viewer~data usage overview~data to improve narrator~data systemwide~data settings~data sense~data saver~data restore~data plan~data limit~data instead of wifi~data for all apps~data connection with other devices~data captured by windows mixed reality~dark~darker touch feedback~dark theme~dark theme settings~dark mode systemwide~dark mode settings~dark mode for apps~dark colours~dark colors~dafault~c~cutting and pasting~cut and paste~customizing~customize~customize narrator sounds setting~customize narrator sound effects setting~customising~custJump to dropped file
      Writes many files with high entropy
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2[1].css entropy: 7.99811930162Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\PreSignInSettingsConfig[1].json entropy: 7.99742632136Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\PreSignInSettingsConfig[1].json entropy: 7.99716636763Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\PreSignInSettingsConfig[2].json entropy: 7.99740435782Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOqiqEgQ2[1].js entropy: 7.99514703323Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg entropy: 7.99061941443Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html entropy: 7.99811812712Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cookies.sqlite entropy: 7.99823142059Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cookies.sqlite-shm entropy: 7.99418753214Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\extensions.json entropy: 7.99435152152Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\favicons.sqlite-shm entropy: 7.99483764166Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\permissions.sqlite entropy: 7.99830042517Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\places.sqlite-shm entropy: 7.9948425701Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\protections.sqlite entropy: 7.9969924541Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat entropy: 7.99857828906Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1 entropy: 7.99783181693Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\webappsstore.sqlite entropy: 7.99805921655Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\webappsstore.sqlite-shm entropy: 7.99467658603Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico entropy: 7.99871441249Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm entropy: 7.9944806102Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl entropy: 7.99719762102Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin entropy: 7.99715703528Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db entropy: 7.99617075531Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat entropy: 7.99443492045Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat entropy: 7.99031329279Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2 entropy: 7.99038659317Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat entropy: 7.99612814566Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db entropy: 7.9983648875Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl entropy: 7.99726201452Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db entropy: 7.99097126702Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl entropy: 7.99723619373Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db entropy: 7.99304556735Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Office\OTele\officesetup.exe.db entropy: 7.99338636397Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat entropy: 7.99444653445Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1 entropy: 7.99381962377Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db entropy: 7.99199617554Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.session64 entropy: 7.99727837994Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Temp\chrome.exe entropy: 7.9986484489Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000014.db entropy: 7.99818848402Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db entropy: 7.99838147528Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231006-1147.log entropy: 7.9952176936Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db entropy: 7.9982363681Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.db entropy: 7.99825816746Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl entropy: 7.99302567658Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231006-1151.log entropy: 7.99849611514Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Temp\jusched.log entropy: 7.99427562041Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Temp\offline.session64 entropy: 7.99753603494Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-06 12-09-32-741.log entropy: 7.99045089742Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696586115564995300_071F4AD3-0F0A-43B1-A566-0CD1A278F3ED.log entropy: 7.99165369583Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml entropy: 7.99735418177Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx entropy: 7.99708390882Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT entropy: 7.99575139457Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt entropy: 7.9943835107Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d8eea0ca-370b-4392-a71e-20684e70489d}\Apps.ft entropy: 7.9965757109Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d8eea0ca-370b-4392-a71e-20684e70489d}\0.0.filtertrie.intermediate.txt entropy: 7.99551011901Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a5e39447-b6a3-49d2-bea7-436a496a2204}\Apps.ft entropy: 7.99615034916Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a5e39447-b6a3-49d2-bea7-436a496a2204}\0.0.filtertrie.intermediate.txt entropy: 7.99585100569Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{b6e2d5d0-7cd6-4302-b3d8-f8809d966acd}\settingssynonyms.txt entropy: 7.99809479533Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{b6e2d5d0-7cd6-4302-b3d8-f8809d966acd}\settingsglobals.txt entropy: 7.99587720469Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log entropy: 7.99799865875Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\6qhc82nhlRe74lC1CBjrzThsaXw.br[1].js entropy: 7.99522308676Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\6hU_LneafI_NFLeDvM367ebFaKQ[1].js entropy: 7.99066207131Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\584482RVjBIoEvVSe0RsuS1I4YQ.br[1].js entropy: 7.99590509083Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\4-xJy3tX6bM2BGl5zKioiEcQ1TU[1].css entropy: 7.99001885622Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\1_gc11zDuaJOyBP7gyptBGdPRf4.br[1].js entropy: 7.99715074708Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\1Sd5265G8OlnRColAI8O_SxSQ1Q.br[1].js entropy: 7.99859273795Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\DccpWCpoNzCwM4Qymi_Ji67Ilso.br[1].js entropy: 7.99868170941Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\aABLNT_FV45QjYQfnRHrBCAk4GU[1].js entropy: 7.99843149608Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\lh0O3d6Fmm9PYPDqG8PqHJ4MS7w.br[1].js entropy: 7.99767675184Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\Ix6gLNUjdsfo1b44Xv9sX0Ilnxw.br[1].js entropy: 7.99798519675Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\Init[1].htm entropy: 7.99869106013Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\f8FI06PDUmw1Zws81nUDYY3bWsY.br[1].js entropy: 7.99604857087Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-06_094423_2784-2798.log entropy: 7.99427343941Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\MSIMGSIZ.DAT entropy: 7.99581679436Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\onra7PQl9o5bYT2lASI1BE4DDEs[1].css entropy: 7.99722719331Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\MgSq5EEOyYvlI1qVlLOXfgRHmzM.br[1].js entropy: 7.99817677002Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\ZNvOyS-r2rT3Al22ByUYXLQ5kPY.br[1].js entropy: 7.99808195804Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\x9TiBFKPhYF4yOf0IfKaPIf64qI.br[1].js entropy: 7.99848241147Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\uANxnX_BheDjd2-cdR8N9DEWlds[1].css entropy: 7.9906800693Jump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\u9BHPK6Ysm_7E45ERhG9lu3epIw.br[1].js entropy: 7.9969140821Jump to dropped file

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000004.00000002.1075915397.0000000003EFF000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
      Source: 00000000.00000002.1046285046.0000000003FAA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
      Source: 00000000.00000002.1046355756.0000000004040000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
      Source: 00000002.00000002.1061246215.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
      Source: 00000002.00000002.1061246215.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects STOP ransomware Author: ditekSHen
      Source: Wm0uFsapfrnONF16Njxegq7s.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: 00000004.00000002.1075915397.0000000003EFF000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
      Source: 00000000.00000002.1046285046.0000000003FAA000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
      Source: 00000000.00000002.1046355756.0000000004040000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
      Source: 00000002.00000002.1061246215.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
      Source: 00000002.00000002.1061246215.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
      Source: Wm0uFsapfrnONF16Njxegq7s.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: classification engineClassification label: mal100.rans.spyw.evad.winEXE@9/1028@4/15
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\geo[1].json
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeMutant created: \Sessions\1\BaseNamedObjects\{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
      Source: Wm0uFsapfrnONF16Njxegq7s.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile read: C:\Users\user\Desktop\desktop.ini
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
      Source: Wm0uFsapfrnONF16Njxegq7s.exeReversingLabs: Detection: 100%
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile read: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
      Source: unknownProcess created: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe"
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess created: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe"
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\56554587-8dd7-478c-81eb-46ed5e155f58" /deny *S-1-1-0:(OI)(CI)(DE,DC)
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess created: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe" --Admin IsNotAutoStart IsNotTask
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess created: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe" --Admin IsNotAutoStart IsNotTask
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess created: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe"
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\56554587-8dd7-478c-81eb-46ed5e155f58" /deny *S-1-1-0:(OI)(CI)(DE,DC)
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess created: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe" --Admin IsNotAutoStart IsNotTask
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess created: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe" --Admin IsNotAutoStart IsNotTask
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: apphelp.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: msimg32.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: uxtheme.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: mpr.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: wininet.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: winmm.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: iphlpapi.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: dnsapi.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: iertutil.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: sspicli.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: windows.storage.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: wldp.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: profapi.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: kernel.appcore.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: winhttp.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: mswsock.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: winnsi.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: urlmon.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: srvcli.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: netutils.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: rasadhlp.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: fwpuclnt.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: schannel.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: mskeyprotect.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: ntasn1.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: msasn1.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: dpapi.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: cryptsp.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: rsaenh.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: cryptbase.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: gpapi.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: ncrypt.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: ncryptsslp.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: ntmarta.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: uxtheme.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: taskschd.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: xmllite.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: propsys.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: edputil.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: windows.staterepositoryps.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: wintypes.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: appresolver.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: bcp47langs.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: slc.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: userenv.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: sppc.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: onecorecommonproxystub.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: onecoreuapcommonproxystub.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: pcacli.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: sfc_os.dll
      Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: msimg32.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: uxtheme.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: mpr.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: wininet.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: winmm.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: iphlpapi.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: dnsapi.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: iertutil.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: sspicli.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: windows.storage.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: wldp.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: profapi.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: kernel.appcore.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: ondemandconnroutehelper.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: winhttp.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: mswsock.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: winnsi.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: dpapi.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: msasn1.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: cryptsp.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: rsaenh.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: cryptbase.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: gpapi.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: urlmon.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: srvcli.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: netutils.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: rasadhlp.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: fwpuclnt.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: schannel.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: mskeyprotect.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: ntasn1.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: ncrypt.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: ncryptsslp.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: uxtheme.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: taskschd.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: xmllite.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: dhcpcsvc.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: drprov.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: winsta.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: ntlanman.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: davclnt.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: davhlpr.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: wkscli.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: cscapi.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: browcli.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeSection loaded: netapi32.dll
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32
      Source: Wm0uFsapfrnONF16Njxegq7s.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Wm0uFsapfrnONF16Njxegq7s.exeStatic PE information: section name: .yug
      Source: Wm0uFsapfrnONF16Njxegq7s.exeStatic PE information: section name: .ruwuvoh
      Source: Wm0uFsapfrnONF16Njxegq7s.exeStatic PE information: section name: .text entropy: 7.882834863988078
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Temp\tmp3AF1.tmpJump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Temp\wctD44F.tmpJump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\Temp\chrome.exeJump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\AppData\Local\56554587-8dd7-478c-81eb-46ed5e155f58\Wm0uFsapfrnONF16Njxegq7s.exeJump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\_readme.txt
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\$WinREAgent\_readme.txt
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\$WinREAgent\Scratch\_readme.txt
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile created: C:\Users\user\_readme.txt
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysHelper
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysHelper
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\56554587-8dd7-478c-81eb-46ed5e155f58" /deny *S-1-1-0:(OI)(CI)(DE,DC)
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeThread delayed: delay time: 1100000
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\tmp3AF1.tmpJump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\wctD44F.tmpJump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\chrome.exeJump to dropped file
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe TID: 3112Thread sleep time: -1100000s >= -30000s
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeThread delayed: delay time: 1100000
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess information queried: ProcessInformation

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Injects a PE file into a foreign processes
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeMemory written: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe base: 400000 value starts with: 4D5A
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeMemory written: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe base: 400000 value starts with: 4D5A
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess created: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe"
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess created: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe" --Admin IsNotAutoStart IsNotTask
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeProcess created: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe "C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe" --Admin IsNotAutoStart IsNotTask
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

      Stealing of Sensitive Information

      barindex
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\addonStartup.json.lz4
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\search.json.mozlz4
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cert9.db
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\places.sqlite-shm
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\favicons.sqlite-shm
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\places.sqlite
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\webappsstore.sqlite
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\containers.json
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\prefs.js
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\AlternateServices.txt
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\arvhxlpc.default\times.json
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\pkcs11.txt
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\protections.sqlite
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\times.json
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\webappsstore.sqlite-wal
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\xulstore.json
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db-journal
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\sessionstore.jsonlz4
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\handlers.json
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\storage.sqlite
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\places.sqlite-wal
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cookies.sqlite-shm
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\sessionCheckpoints.json
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\ExperimentStoreData.json
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\key4.db
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cookies.sqlite
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\addons.json
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\permissions.sqlite
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Google Profile.ico
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\trusted_vault.pb
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\favicons.sqlite-wal
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\extension-preferences.json
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\webappsstore.sqlite-shm
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\parent.lock
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cookies.sqlite-wal
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\favicons.sqlite
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\targeting.snapshot.json
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\content-prefs.sqlite
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\SiteSecurityServiceState.txt
      Source: C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\shield-preference-experiments.json

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Registry Run Keys / Startup Folder      		111
      Process Injection      		1
      Masquerading      		1
      OS Credential Dumping      		1
      Process Discovery      		Remote Services1
      Data from Local System      		2
      Encrypted Channel      		Exfiltration Over Other Network Medium2
      Data Encrypted for Impact
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      Services File Permissions Weakness      		1
      Registry Run Keys / Startup Folder      		21
      Virtualization/Sandbox Evasion      		LSASS Memory21
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable Media1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAt1
      DLL Side-Loading      		1
      Services File Permissions Weakness      		111
      Process Injection      		Security Account Manager1
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive2
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
      DLL Side-Loading      		1
      Obfuscated Files or Information      		NTDS2
      System Information Discovery      		Distributed Component Object ModelInput Capture3
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Services File Permissions Weakness      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
      Software Packing      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Wm0uFsapfrnONF16Njxegq7s.exe100%ReversingLabsWin32.Trojan.MintZitirez

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\56554587-8dd7-478c-81eb-46ed5e155f58\Wm0uFsapfrnONF16Njxegq7s.exe100%Joe Sandbox ML
      C:\Users\user\AppData\Local\56554587-8dd7-478c-81eb-46ed5e155f58\Wm0uFsapfrnONF16Njxegq7s.exe100%Joe Sandbox ML

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      cajgtus.com
      		185.18.245.58
      		truetrue
        		unknown
        api.2ip.ua
        		188.114.97.3
        		truefalse
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          188.114.97.3
          		api.2ip.uaEuropean Union
          		13335CLOUDFLARENETUSfalse
          185.18.245.58
          		cajgtus.comAzerbaijan
          		39232UNINETAZtrue

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1505022
          Start date and time:2024-09-05 17:34:37 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:31
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Sample name:Wm0uFsapfrnONF16Njxegq7s.exe
          Detection:MAL
          Classification:mal100.rans.spyw.evad.winEXE@9/1028@4/15
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe
          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtCreateFile calls found.
          • Report size getting too big, too many NtOpenFile calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtReadFile calls found.
          • Report size getting too big, too many NtSetInformationFile calls found.
          • Report size getting too big, too many NtWriteFile calls found.
          • VT rate limit hit for: Wm0uFsapfrnONF16Njxegq7s.exe

          Created / dropped Files

          C:\SystemID\PersonalID.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):42
          Entropy (8bit):5.0589840894454285
          Encrypted:false
          SSDEEP:
          MD5:3A1495B596FA89F2E2D5BB50FB25A3BE
          SHA1:E428E30FBADAC91D65AEB3070890667F3A242C6E
          SHA-256:B6FB25E6010C88C35663FB2B87A308BAB74533286F1715AC59FFE5C064DE24D8
          SHA-512:D10FD881EF3ECC4F669A4A7F1E7C9AFB373D3BEBB51DCCD61D49D671008207395FC1C680CC093F60B93918E165796ECA553A05629497D7B68314E8E62A3A01C9
          Malicious:false
          Reputation:unknown
          Preview:9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6..

          C:\Users\user\.curlrc

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):342
          Entropy (8bit):7.222897883852434
          Encrypted:false
          SSDEEP:
          MD5:85762F6D4D1CBC891AB342F817CD7AC1
          SHA1:66E556C8FEC2D96086B158B4F66467BB39978B68
          SHA-256:0E6AF76350B28195C22EA36F9CF150158350A8C7DBD50CB1EE632F1D7DEF71E6
          SHA-512:7E01C528028CC3B789D6DA3D79F1335497E409492B43A20F2C8D765A251FC878C705D2F8F80FB82EB7ADDB856812751D33CBFBA4ADE0BB0BF3E067C68A9634D4
          Malicious:false
          Reputation:unknown
          Preview:inseci.HrC-a<z..1.7..sq'.6...Q...x..."ic6...m...9y..2xm.2O..>...9.J.9....#...g.h!.....c.......a.]M...ye... ...........D..1..qC@....{... .q|^i2.dY....u.[....s..7..wMM/........(...M.Z..9......L...y.V.3.z..|....@N.C....7..0P.....7...&....(..76......3i.J.&L`9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\.curlrc.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:85762F6D4D1CBC891AB342F817CD7AC1
          SHA1:66E556C8FEC2D96086B158B4F66467BB39978B68
          SHA-256:0E6AF76350B28195C22EA36F9CF150158350A8C7DBD50CB1EE632F1D7DEF71E6
          SHA-512:7E01C528028CC3B789D6DA3D79F1335497E409492B43A20F2C8D765A251FC878C705D2F8F80FB82EB7ADDB856812751D33CBFBA4ADE0BB0BF3E067C68A9634D4
          Malicious:false
          Reputation:unknown
          Preview:inseci.HrC-a<z..1.7..sq'.6...Q...x..."ic6...m...9y..2xm.2O..>...9.J.9....#...g.h!.....c.......a.]M...ye... ...........D..1..qC@....{... .q|^i2.dY....u.[....s..7..wMM/........(...M.Z..9......L...y.V.3.z..|....@N.C....7..0P.....7...&....(..76......3i.J.&L`9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):628
          Entropy (8bit):7.580988431828119
          Encrypted:false
          SSDEEP:
          MD5:53010148530472D5BEDCBA7E73F5550F
          SHA1:126BF5D53E2C875A115CE970286EAA4C0BBBFB79
          SHA-256:E00AAEE1F252B6C0E408CA3A0817B3BF11F3B7EE35CEADB3F42B8FFBCD2D5B5C
          SHA-512:6382F3753BB0E9B697D7EF00C8AF025A7F74674749E98BE3DD2E80ECCB434368D78AE9FF10F1BB37ECB5CC33561421FCA03E5F7B24F29E7ED87B1CAD0D2DFE06
          Malicious:false
          Reputation:unknown
          Preview:2023/+j?.bu.S..HR...Y.0t?T..8GyD.p....wD9.-.~._q..}D.Z..0U.b.1c...+..y..t.H..~.<..:.......#cC.4[D.DfbD....^.I..C.U.8[..Yen..T.....n.'So...[.B.M.U.Lp..8.BQ...'..~+.McI^9.........,....f.d.'.B.......|C..]\Y..n.M.......?..[\../......h.:.....:..p..s|.....SG...IoQ/....$8.\.'b..........)@..@...V..=.Y{b{.xElc/.....V.......aU.2.-.Y....(..-..%.].....'...y..!B!.$u...Z../.H_..KF... .6....*.7.<....m.!..}..U..L......58I.g.>6..H......?.......$c........U...M..v.....}.....:E..W.&...T.#.....K^.2...s<..v.......?..Z.7?m.M.5.."..W92.V...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):818
          Entropy (8bit):7.721269031543375
          Encrypted:false
          SSDEEP:
          MD5:11833E4F758474A2359EFDEACD353BB8
          SHA1:94BDA493EA3E83C1E2A3677C6F31C2F89821BAE4
          SHA-256:07C1F407E1431AF0B5050D2412F6D28AFC1D702B1FC65889C3DE4372801879D4
          SHA-512:661060D4EEDBB4901E068BFD83ED46C5BDB9B11CBE27AE36CB1442C196482D71A9EA82519A0E04674A94D1AA8A076C6C0F5E619B5028A32A2FD7B91C352776E7
          Malicious:false
          Reputation:unknown
          Preview:{"os_.8.sV*..b.......Z...+1..`...-){..-.\5k.+..[..>..c.J...e<....vc.A.....v.I.C..8..xn<&..l.H.q.R...V8B.Y1..L.C..P..w...[=...6.>..{....y.)...L.^i.qb..iC.A...K...h......ye..*...}.3.M..32.. ............eF..y....y..'..V...!.^..F...w4..Y.%.7....5.q.Z...~......V....u.VP~.....<;.'.... ...rL...=.<.0~...{.CR...(.6.....h.8h......O12.-.8.\Z.y....+..z...Z.d......%......u.Eb.eR....~\.....+.K...'lE..z.. .._.p....`...2.i..,6..#..L?Ue../.Oa....!.H+......t...$-..k.V.......=..r..9'C\........+...p..Y.P[.yR.....2...O.i.TP.4...c..l....sx...R02.....%.nI........n(.I..{v.W...0.0.D.M(.)....|>..,.y.GQ2.....21..........|...{N.U...>f`.E.y7...G...e...`.3z"......U..hC......H...p..~...t5..,i......hU..<.8.8`0.......$....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):6116
          Entropy (8bit):7.970492149236455
          Encrypted:false
          SSDEEP:
          MD5:28069722AE7EDD3D4C05E3844D13C645
          SHA1:44A7BCF78C7EBD947DFF56BD992ACE8C5A95ED9F
          SHA-256:117B4650197E640CB4AA4C6106E2F5F27033D389EA5203B29A0DBE0D31187AEF
          SHA-512:01A0D4388EFCE1F7920B6CEBC7DE0E0ABBD0C748A7F79FE004D0F19BD40853696BFBC686BC45DC99A7D4DC9AB9E523DCB845A3FD96756E1548151DE0CD0A7193
          Malicious:false
          Reputation:unknown
          Preview:*...#.....R.kU...=.........i..|....f#~.....CD...1.9..p.....x.,R-........W...Vu.<....W...w..[).y.....f.3...Y.v8.#FT...>\.%...r....R....:....dE..,n.:W3.i...X0>Ue.....}............ .h........{n...]Fd.....-.9...2Zb...d..t.=.2_.@.....m.Yv.........z.....z.Dg.T..(...m.u..2.....M.......z..h4.S..c..5..)}k..R[.x.#t.....1...0>.>..),.1.....p......j.....s.!..Cz...:.1.T .......d... +x...5C.e,...mH......>U.UKe9.2v..%.$......T....\w....G....ZT.b.z.Z.Z@..8...]L.{..ug...1\T..?...q....s.].&.b"2@.l`|}f-yl.c..~.<a....ujW6.y...B-.(.d.U...b...6.F.]}.......r..=......w|4....}#fVKke.a>.......'..5......ZB.\.?.646....?.....nv...Q..N`..H..=...ah|... .2L.'R#...0.5A.V.U....5I..n".....?y..9j.....^......}....I....Sy..I.=.3jj.'...|.}.:..Qn.........\...w..1..tY..+-..)?E[4...,....{....UT.n.6..*{............C..v8>........l....W.!...Bh....../....Y.+.h...C....5....6-.o].....mH$..~.88.9W.J\f...m..a.O%..u..[.n:...I9...~..p1A. ...&2......2omOX.U.....K....[3...L...d.Iv1

          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):660
          Entropy (8bit):7.678223604117185
          Encrypted:false
          SSDEEP:
          MD5:0A0199DC79B22EEE2DADBC5506F81BA2
          SHA1:D9B4A52DE691114A7BF379E046E8596A67564BA2
          SHA-256:010CBB8B0BF00EF5B25BB8A91C4E3CC705AF36E66B011F899EA68093D224D637
          SHA-512:19D904C8DEBEC0477CB05E7CFFBB6AE524A5FDF34DB391741E3BFB77AA8B5997C9520864CCA6FD00C6CE3C100F823FD34CC38DDED7775D4632FBF1EAFCD87015
          Malicious:false
          Reputation:unknown
          Preview:2023/..E>y....6..:p....*.....M..^..S...>P....+g,.(.'....y....7..f..o ..(....|g).....*_ s.%..Qij'.y5..-}#.m(.l.U..8%O{..1#6..`N..../....s... .~.=m..|.f.'.'({..\...`..4...P..m..........Mj....<...V...v..x..{.Nx.{....q[.t...r..._...K.......u.]..Z..U.>....3 ...f.....*h.A8.~....d..G.LO]T...A.._....]..1..^.....m.....w...w.8.5..i..v..-#.;...!p..W..Y.._f.`<.^}.....L....M.}....XB+...../,..6.c..P0.....Up./..)........b.8T....('...u#........R..#.....T.E.`I}..J.1rn..G+..04.......<T.....v..N.O..<....K......d..<.".G.3....J.....S....a..8...k....b\.v..P4....t...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\.curlrc

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):342
          Entropy (8bit):7.229942082446661
          Encrypted:false
          SSDEEP:
          MD5:336AAC72871824AB83303B43106BF0FB
          SHA1:1F955081424FC351B8C0531A8EA289630ABE25CE
          SHA-256:FC73C113844B478199D133ADBBC0815150EA227A62364F56579A2FA5208BB8B4
          SHA-512:F9581ADA7652C54062A0583AB4DEAE3EC33E67C2C31FB90C4731CA3266F81EB2D130F0C47CB656D794A33CB6F0C46E3493D45CB7F76FB97613562E8DBB90FC46
          Malicious:false
          Reputation:unknown
          Preview:insec.izk L.&..Ock..2.0W.....,z(.......%`...1.&.h?>.0*..8.'`z%.D......O....B.gh.?:.O.....i.;.w...\>.T2$w...s...M...b....9...J...:.io..ni....d..{...q.(...~....FbK.N.......JlP....m!.E.Sg.K.r.hX1...d.....YE.I......=.Fs@....F.69..;.W.........a.3O .bQ9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\56554587-8dd7-478c-81eb-46ed5e155f58\Wm0uFsapfrnONF16Njxegq7s.exe

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):857600
          Entropy (8bit):6.827754205591974
          Encrypted:false
          SSDEEP:
          MD5:B3757B09ED2150CE857F446C0C61363C
          SHA1:04536100A4A8FC27DDE91E006F4E2EA6B398B65E
          SHA-256:4BB311BA0E479264B1D3C7DEAB5BFB44B0C1FB100D82AA7D605369B0AC938981
          SHA-512:C7FB0EFB95A96177BCBC50A60F2D900F4F7328A0A98A64EAD6FC6E00F52502C904815E1E0A8B309A764C77DB1FA65A8E5DA5104593E0D987FB6BF3F794A82119
          Malicious:true
          Antivirus:
          • Antivirus: Joe Sandbox ML, Detection: 100%
          • Antivirus: Joe Sandbox ML, Detection: 100%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V..............!............... ....................%.....................Rich............PE..L......c............................d ............@.................................K........................................7..<.... ...............................8..............................x1..@............................................text............................... ..`.rdata..f0.......2..................@..@.data........P...L...*..............@....yug.................v..............@..@.ruwuvohF............z..............@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\56554587-8dd7-478c-81eb-46ed5e155f58\Wm0uFsapfrnONF16Njxegq7s.exe:Zone.Identifier

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:ASCII text, with CRLF line terminators
          Category:modified
          Size (bytes):26
          Entropy (8bit):3.95006375643621
          Encrypted:false
          SSDEEP:
          MD5:187F488E27DB4AF347237FE461A079AD
          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
          Malicious:true
          Reputation:unknown
          Preview:[ZoneTransfer]....ZoneId=0

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):1567
          Entropy (8bit):7.86502417593808
          Encrypted:false
          SSDEEP:
          MD5:F6678171902812967BDE1773D77B00EE
          SHA1:0291FFC31B4C1688D612D9C01D93574224AD5342
          SHA-256:DFA34F19410C60D6E06602FB5D9F97061F9CB9E6D02E4D43C05CF4412E0F0BCD
          SHA-512:3C4C4A7FD0A034BC42E38F1F309C06B73AD105AD4253DF6BA3FF0DF179B7A9F66E5067310516891389F961D2A67DBEFEA155CE8EB3A434B97150D29949CF7C44
          Malicious:false
          Reputation:unknown
          Preview:%!Ado'.?..L.@4v.59.P,.~T.u.]..j....EB.&..5.VX........Y..hc....$.'...J$.9..jA...5VbWNj.n. ..z.5/..{...7;X.iZ%.],...Y.<....2..sS.8[......e..H...x.4x....y.....g....4..,...._..\0mq......cQ.*...`}.&04..sO.....!.9.9..!.K.&..K..!..9.h...w%.3..p.Dhe...{m...i..gr*.'.a0.s..fG..K..._...L./...6...J..M..V....;N).U..{.m..'.;....b.g?..] /.&/.x3..l.V:........|.G9.Q.B..~0..Q....}1.-2....u.4a,.eF8:.J$.0..Zo..0A|..[g+...(Q.gF...iN7...K..0+-..vk......>...jr.q..X..<\C"...;.E.......9..&l.DI...w..lK..|..7-a.W.......=..D..d..8-.v.VE 8[...M..>..\gQ.o.E...z...^^.....9..O...;.~.RK.b..j.k..P..w..27&..!w..<.&.?..a.....>al.'..............K-.......1.0..R.[#R...5...k.@....B.....I.......q&.X...y...T..Z..5Z..H....,t....Aa2...Z.1M..jv.t.P....9U.&q.xG..z.......|P.fU....}.2S.G..qJ...Z.`G..^i;....<cz...il........v...r..+F...C-...fyR...O.r0..Az....t.....S_>.q.....Rt.(.n...d........U.M......m....9.GV.D.....[*-......T.l..~. ...J."pEX?..7v(..Y..=.7..[.!......@.......q..=../4

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):185433
          Entropy (8bit):7.87703258125517
          Encrypted:false
          SSDEEP:
          MD5:D956D38F7A84943FB58DD3BD9A4FC928
          SHA1:2FAB247A5016FC07C30BC3758E70C34317625989
          SHA-256:E475C19E38557543020FA90AE9FAEAB8E7FCF12CF9C213864E02CEE6410E4F33
          SHA-512:F2B68465386320333C2A6BF577D43C9CB91B77AC8872BD4DBA3C5E213C38E7FE2F09A9D2333137294E22F4CAA6FB88D4B4519F9D1DD975174A128C55462994FB
          Malicious:false
          Reputation:unknown
          Preview:%!Ado......H<..?..\8..=..fF...@/..j5.2._..@2......q.....(G..fJ......cs..L.&_^l.Uo..k.HW...eD[...V......il.4..}.H..BG.......%..{....g...g.G.g.....^..d..X../...b..^..R.'5..~+.7r.......S.".+k1.....27y\@.(n.....e..f.*..."..........14B..B.|.......7....1...|.....f.......u.c......c(".C..I..&..,.Z......)%$..K......?...>..7....O.-.W.w....1%8l.-..j.VL.IO~.1.%H*K..p....3|.............I-....Q....N......he......=R.$J._b=T...........#....F..._..k.JH.....P..]...4.RB>..."~H...b...^...B.z.0~....(......X..g ."9.1;......rk..pv-.Y.3...c*".A...WG.=KG.~.g..=.....`{...=.<..D....J_$..2m].Gnfa..)j.....V.]I..=../x..."..G..S^..tK...I..$P.H0x.b$%..q.......2.%.W"\s..z...w.=..j.......P[..-%n....o:.....by0.&...u.....Q.U.N.}.)]......"........$.'..s..V..d.p.J.q..vPw...#.g.y.0..\.;[.o.ZR..*a.\. i.>.VoS!.\.K*.Q......D7.|.Y.^........];.$L...4.;...s....2I/..j#B..r.%_^.#V.k.u(..Cn...l6..V...N..S...$..y....S...l....D..d.IT.....a.+bX...b.3=.Q.I+}6.;.....2.....)O..l .

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):11214
          Entropy (8bit):7.982938268357863
          Encrypted:false
          SSDEEP:
          MD5:C746281D2317F907B128D76EEF728483
          SHA1:09B3D4ADFC52330CBE7BB9D10E0F06BDF2D0C88B
          SHA-256:03E3A36C71ACAFB4D07E6FA992AD2B9C38827349A862951070FEDD73FD3F7790
          SHA-512:378E761D6AB88D0206848B068996339B07EDB0C4003F8053E94F0644A88EBA6F291CDE443EF09DC14FAF96BDF6841CBD9B21DA393D91E524790EB1742035FBAE
          Malicious:false
          Reputation:unknown
          Preview:%!Ado.. .SlY....rP6zPN....6].....-..E....T<T0..."....qO2S.j}J......]..3.+..4..5..C..>.E.......f5!.*...}.....4pjGT......U-u....=..%..f.!RV...#.eQC2B..f.;`...\...6..w@.`..%..v..k..*2.L|..,...R....C...#Z..e...t.a....'...l.7..m.51..........nv.Kq]..`..2q...f(.......5.l.h@....PQ..H...ScV=.v>.6....H..tQ.yu....p!.....L.'40Z.2Z..>...#..U=..7~5........L.h...nkp.Mj.g.P%:s.GK/[9W.P%...N....jD....gy...NH$._.i.\..e..W...a.0..$>..1@....'..D..d...m..Sq..#L..s9....5.;...~.r*....k..+..c.Cr.?.....,..!8..y].#..J+....0.8y.)...`..jP..;...*.N.e(..xi..........H..U..5i..&.b..e..;.Dc.\.(.T ...3...T.....R.r)...5T.2p..4.hZ.m...g;..J..v..... A.Y.....U.p.......Y..(>.J.Jhb..`.'....\.......3.j.......!A..Rb.7_...o..#...9.6eF.~g...A........(....(...|i2.>..;.f~....9../s..3...].h.r.......].5.`m%.........(..*g..Xip...`W.(..@\Sw.0.J......b...J....D@._...F.Nu.}.6.....M..yZ$..}.;........R...d...O.......?...K..ri(...0`..g.r.n......~...:...OR........(... O...9..%..Q.$.>N.

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):260198
          Entropy (8bit):6.4583901370774
          Encrypted:false
          SSDEEP:
          MD5:77A4A7CFAB223C6DFDC6338F99F3AB63
          SHA1:31BD3183B96D82D2A5ADF947B4CBF36587B1CF9C
          SHA-256:CF18533FE8023CF15DD9477B09C3C767DB75937490335584BD818CAF0FFA548D
          SHA-512:8F7272C69A2ED8D83083F54A4DC51CFD8E1F8FFCF1D56AE248004D29F09C6F7F8ED2ECA17826C227CFD996FB4A6812727B46EA8729EC695FC25619F6602E2FF5
          Malicious:false
          Reputation:unknown
          Preview:AdobeZ.Z8....g..1.c....hJ...,U.|....$..F....'#.4|...................5.^~.a..P..a..@..[n.o.....}_.GG........~..\5....]....L_.a<.........f.N..........4<YEzU^{.5.-..s......1'q.da7...Z......,eD..._.G...W...(..-.......6.TA^V-.....%......O#..D.7..+..u.\;.v..w....SO...Q..T.P..ieF..E..Lyz.2A....t..nx..*..\9w..(u+...8..8..4..),B.....d7..Q.8...H.....Z....5K...?h..F~!.cT%.;.}.Z)Vb.pU<k..ty...\J.....".`.ZRj#`..9r...]..........h......dqXRQ.....Bvj....k9."J....6zM......_T'...5...R....'..a.Yl.g.RbM+......WU<.Yi.h.4...kK.~...?...........).7\...[.......?$.+|........6......n.....6....U'....W./...#....i...T..M...P.i.,V.Z(.U1t2..a.............lY.+*.L_....}.W.o....$-kh.qhM#.{..*............;.j..a1.(....`..8[%r..7.d....)...em...$.X.....:.D6.....Ko.I2......3.._....G.\....O..J..W...\#..l.f.....'....VW....I.W.=.Y..Hx...A..e.F....d.....bK%...Q...x2e.2.7.I....1{.0..4^..Y!..5u.K.q3.,.\..^.1....3...;'.=..8y..Z._P......I.n.>HA..?....x....h......~...x....E._2Y

          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):67060
          Entropy (8bit):7.997157035281142
          Encrypted:true
          SSDEEP:
          MD5:5607DF563BC5A6A86BF9737A403194F0
          SHA1:3DE1198E69FAF27A302D3EB2ED2BF4139B44C7F8
          SHA-256:4AA0797EE8B48AF61DA22F10ACA4BE41F65A49FA5DF7840BF36D82C542D13718
          SHA-512:C3FE3B45EC8B1680681733E147D224CA2A7035DC2E5C17ADA0F8F5C96A6151D7B18F5773757FE9AB3A269C8956A42160DDC940812910C1E1B33D7F9D0553A419
          Malicious:true
          Reputation:unknown
          Preview:4.397..@x...:.]..!..]...k..-\D.E.,.5Z....B...&C..e..wQq....m..!.pxAL.~.P......|..b.....`....?W.Gx.Ig.,.....>..E.o..Sr7.>.....J..5.\....T.w.Y.7^1.N.....U.a..-.s3.PB......."...p..@N.......c-...G...Nu8.@:PI..2.Fo[f]......3 .Ha${.K.W.......^1p....lI.....|...........R/....nv.G...:,...5`1.......5.d..c.........$.........IR....*....N|DA.....u...=B6.LE.qw.....]8...*X...6c.~..fx..1...>}s...)t..j..wy...u.\.X..u...Nu`.r..v..t..tH.[e>~.QZ...2.AUk(.....=.|.r....L....P*Lo...p~g..1..-.n(....e...;.E.x.i..+.(z..].N?..#.y...F>...(!'rc0.r.|."..7..ey..........].N.....`..i..G..:.....+...K#..}.s..`..x......@....q+..{..Q,...@d.g.}pF.y...=}...`.7.]7B.9..m.$.HHb..8.VY...K.!|"i...Mn%....n<..S..f'.gM.B&...j......4.WK=...u...m...../...F........I..t..j#-.%-n.(....G.....HJ..X..aV..4.Igf...y...[y3.$?.I..v.....U.8.i.....M>+.,...`.....^.6.<..v.......G}...y.<s)i.9c.E"..RfO.R....|...abqM.>_....|...P3g....E*..7......"p.W.5O0..._..u.5.h..o.8.<..XG.p..|%.^....y7!8.;.(.g.

          C:\Users\user\AppData\Local\Adobe\Color\ACECache11.lst

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):932
          Entropy (8bit):7.801432920312043
          Encrypted:false
          SSDEEP:
          MD5:52D53BF561C22AF3FF6723DDE853BBFA
          SHA1:DE41AEFFD71187634F4DC79974CD2A6227888CED
          SHA-256:25976F965BB73049A98C05C3643B9E652D9EF0B7B055B4B496F9ACEABF170171
          SHA-512:5EF4A379E33737FEC933388BA5E4D72DD1A2630F404EB5F3A40B411C4E6C18D31D124E9AD8928B392E1DFCADE3A797B93312EE93FA36330827263C2D5AADDE7D
          Malicious:false
          Reputation:unknown
          Preview:CPSA.A ...[F..==.c..i/kZ..|.M^.kc.^$.gy&...*[LY....0(.'+..8w..*...N).............T.t8/.x....$...>.Lr.... mSvA3.T...4...k.yp..,.Q.M.'p......Iw2...,......Q7F.......p..U.C...W5....;..$J'g...S..~..t.8..:S#...+T..x.&C.q...../.I....<._.L@.....c.......d........,...5.Pf.f.y...........B...V...E......i......*1.Xx.l.9.G..?..w4`...+R..T._..J....B.......v..<..l.{.Y...GE..9(.U......./..A:..5......"...eD}....VO...Kcp....t....T.Li.V/$"..?..U.Y....\.....g.M...t.t...xh.I.m@.].L'j_J.XnG4(....\.E..2...\.w}..B..4?.n;(...>...,....[.>..S...gF.V..DN...Q...>...............o.<.y._...H..+N...3..&...w..KeN.+(:gA.~.W?.}...8)..@....1....;...D..tn...H..M.5...z..W..w.,)..W...mf...8..m..&....~M....S../....[......e.@.F..ugY......A..]...}.^.E$...E..m..+3MY.A...1y+........*H,.?5!....'....x...,...`...\]7._.>.........2.Q&9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jcp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.982674194788685
          Encrypted:false
          SSDEEP:
          MD5:627845FA0CD7AD0AEDC4EFF779F3E0F9
          SHA1:D3C14D0E73FCDD66203573D5659873B8C8F07EFA
          SHA-256:1289DBD1D3FA71E8EF778AFC96EB9FE4B1AD6C1CF7341FAB16871D89804CB684
          SHA-512:8667A3F43D3D0AF96A8AFF14C1AEF7956590F980229B7B16B37F2F3E9A1531FB8F48B3EA240C593B011462BB9C54EF958F45AD48BA17DDD5E7A8A0533B7C5B98
          Malicious:false
          Reputation:unknown
          Preview:...t..d..e.-\...-N=P...<4..`.'.@..Z.X.Nhf+. V...W.`.|v5[...:..|&.!...u)...G.p..;....)...V(........o..2Z\&..J....].P....@.....z.XW.....kwsd%..B.@..4.G........a...6.*..{\.<3..+a...RF}..dhy.g4.{hU2z.r....B.W.R...E............U.|..2c............"F.ny...x/03...e.w#{....L.n...dw....."..U..G.~..+...@".SCQ..+e......>.[Np1*l...5...Q+...R....%.f..^#uf$!.m+<~0......!.Y.N3...4.}B.Y_.S...8/.b.G..|.....f..x?.:....Lm....A.^...1>..&....fZbc.\....1.:...9"..4EOw..........3..i.....$.....L....We.7I.i.N>.Ph3.fY^#Q .....#U..S....Z..+[SE...........^.L*.u.8.aU.d9.yI........Y.2.r.ce.\ ..q..n.<V-.Pa..!pq.I\.:....Y5#...##N....'...}.......g.2.x&.0...m><.`.u..g...t.}.A.:.U.....^./..2.!.1...H......."..?)r...:..D.Q...%..RjC.r.....DY.Db]....p.f....8~:eQ.NJ....n72c...."?...v.".....c..{JTB...._..h..1d.n.|...D....Nwv.-.&..T.O$J...RWV..N8.........Y`r,.9.bPf.*9...z.w.B.H..b..wOw.,..."...,..!..o?...p.C.ky`M.....(...Y.Vvl...A*'....Lv...5R..k..Q?2;T...7.....K..'l6.....?.y...

          C:\Users\user\AppData\Local\Comms\UnistoreDB\USS.jtx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3146062
          Entropy (8bit):1.7358842053932664
          Encrypted:false
          SSDEEP:
          MD5:E3CD6D862C27409650DC2881A8227D6B
          SHA1:CBFAE6078F0DDC46C08E10B3E5ED53DBCB3F9AA2
          SHA-256:15FAED6D607B5B1783952880E047316BCDF2244D96DD7FC66714ED7170A64C96
          SHA-512:915A59F24E9066D31ADE06FB382A54C760C71EDA3135194CF7682E1F4942974B6502432B60BA836801AF4B1697282D659D6A7F8B53A10B69F2BA5A353E280F67
          Malicious:false
          Reputation:unknown
          Preview:.j.o.o..&.:.L.cza7.[a...EZ1.#..zWt+v.u.j..}.P.T.N......F...%.\..j.;..y...>e..FV9V.,.F>.p.....E."P.U.K....D.jPm....B...<$5M..,..6.Bw91.M.6.k...d......gA..6..../...2......I..3.i.4...2...m.+e....)..PB1,X.^.^..T.FL.hR...d.....?}.?k.z<$..b1.q\......e.3^.rm.....Z....T..CR.:...Q..P.e....9p......P.P-.R...~...Y..G....*.....B......*/2#J:..g..).*...Z....B....P.......y.v...L........7..~Smr....Y'B..0....c...I.,{......UB...j6..?s...-Me.v..0..E..D...?a.S...S.z...........F.>.U..0....H... .wV.S....V..c% ...@.&../.8-..v!M.~\S.s*N..].@.e.K....)..-..:.9..P.OI9......v....K..:t.....e.y.'.o.B..N*.z.Dm.v..5.j.[...Q.s...{.m..C.6s.....a'=d..=u.../F........RSD..4v]m...........5H<S............b. .b.h..t..)O..<........]..`8....Y......i...]... .~.[J..Pc/.6F.%./.g/...&..j..ls....Y....smM.-.&>.S...... ~.N9.%":.....>bM."..P.$.dj...s...(..f......].45....h.t.HF*..&U.....~...(.C...c.@..y...Zn\q.%.#.C.0}....k.....}...dP.Q.....\.".pN..c1z.:U.#)...T..."t.h..s..".|.^.

          C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00001.jrs

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3146062
          Entropy (8bit):0.6705418706600251
          Encrypted:false
          SSDEEP:
          MD5:4CE7DD5AC739132C4F83F79D9642707E
          SHA1:4CD7BFBA0562AB19AFA52799CA0FF9187611444F
          SHA-256:9E2E535AC4B3AEFC9F2DE6BFAD20B8AA4567E407FA7A425993C641ABA2B52465
          SHA-512:852BC57D25171DF079297A25D04E99EA4D7DD91E11F4C1806FF6F48542B9BF31126CD07CC584B8408BA05CC3381FB3F8E6B687DEF8E63EA540394A5CB5D2E4AF
          Malicious:false
          Reputation:unknown
          Preview:.......v..........~Y.....x.i...Q5o...$.S.d...9....8.s.. ..'....|..aR.....t.yQ.+.L..D...O..99/N.L......I.}..L@..T.......6.y...D.4.On........v.kh.Z.!e...R.4=$_X...Q.<M...2.7..`^&..n<..V..c.E7...8DS.#.'.......|..c...D[Xf.........`..n#...:.0UZo...,..6....Tm h...nd.......V..........NH.M.6.... .c.i...)..7..R.2S;.|w...&...Y...Z8.J%..W....%+.A.....(j#.d5.9sJ.+Or.z.i.)P1...k.5_3sY..g.K..w.x_.......~.<.H=%.U4.1.......C..v......%.j.@.[.."..`Pp..b.....bc......vj..t.A..W..Q.D..W#..>.6.......F..Yl.2.Y.cf."...!jF...(rQE......V...$.P..QG3."..;,l...+.{.2.M#....@.dDl.l9.....nxi@..k..e.ctx..w..}&....*<D_..8./......2.Q..p.h........B....L..B7..\..cQ,v.9w...'*...Bwq...Tgt.u.L.5 wZ...h.vH+y..[..'.....!.K...9@.w{K...KE....[.I.)5..ez..p.q.tGL......!.....?....l....S... lZ ....2....Fz.....>.-.X.+..hJ<...X.~.J.k....SCG.S......6."p...z].O..F.P....~T.....s.$u.T.l....2....m..C.......E..."......\l..3P..g/..p..={&..J9../..XB.n.....".v....? P..d.<...Z&..U.5

          C:\Users\user\AppData\Local\Comms\UnistoreDB\USSres00002.jrs

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3146062
          Entropy (8bit):0.6706130797045089
          Encrypted:false
          SSDEEP:
          MD5:724C595095E403E6BA896DCDC42DA27C
          SHA1:57DD8B370A13883F6653AEDE9AD0FDEB6E89BA22
          SHA-256:70705997D2AD5F3D05B3C00FA549798FC39B82752E9D4B0EB918749AA837B241
          SHA-512:6BA30719B14A24BA63CED4508105962AD894FD2F1E5B95E5664179F8DC8FF65020012BEC27B69E3D3FD1C73214B016F4B3855ECBE838E592182FC1F724974980
          Malicious:false
          Reputation:unknown
          Preview:......O.. 045..d{4.M.t.:2.H.1.{_d...-..o.....-...P`!$7..._.n.....P..0..........4.?.1...y....H..Y.7.O........!........&..Y....y..|L.^......i.]s.ntx...c..t\`.I..e.>..g.FDi.. E.......(:.^,L....b4......'.,.......bD.:.....N...=..G.$..I..r.'49..u.k....4[P..j.l.(.....C.."...,.h..gF...T.x.$...a..0....T.n...v&....V.&......P...^@....6N...c...'...d.....!^/j...tc...h2...+.l.....>.O..&....|#^..J.f........,.")\s......*=.VG^.@..%...N.8.S..D.>..j..P....E$..[.`B...-.....H2[9g5*I.u.....by..d...,hx.]+(F.nz.e...~`9...lK.....0...lpk.....^...^.3.~g.(....A.4.Yl...[R....6C3.(....X....m.Z.m...R ....%.+..=]..@V....A_h.~.W..i.b....j.........1.N.{.....6...&=hy.2#.....ts....M....!..j.....R.%.z.Ce.;...y{..2.M....w[Q....y....[.mx.X..a.]......S.).EC.'.H..&C.A.,.=..Za.2#.E.nF.o;..Fi.l*o......s..;M......}.?.k;.b..|.__.....(.x.z6....B..Q..J.*C.A.0.h.+b....jnBW.G.....q..../.'-....y..P.qE!.\..I..=`*L.@%f....s.n.c...g.@..75x.V..?.dfE..Q.y....Xui....Q.........lb...U&.

          C:\Users\user\AppData\Local\Comms\UnistoreDB\USStmp.jtx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3146062
          Entropy (8bit):0.6707139402488065
          Encrypted:false
          SSDEEP:
          MD5:BC0950CF0967FA09A062F5A3A01EB84F
          SHA1:1EE31618DA9B31A809F6478B3C353832416A8344
          SHA-256:BC3B859F10D1C280EF0C2A37EBC5417EAB9C9ECCEDEF4A1756E0C09C3E7B7307
          SHA-512:C4DF853D63DFD9FBE194D32D441C9CAA7B58885E266923EEB83B24E199C2F415601FD7B3AEA786E8C5EFE65CF336EFC4206306269FB4899F3672583BB54662B7
          Malicious:false
          Reputation:unknown
          Preview:.....[H..n.>.....g.FBR..;`Q......m...J.MN............e..........Y@....../.I.....x..a..?.#6....W..=........A3..7..M..`e....O.a..(.?v.r...<.....`C[).x...H.r.n.O.{.6..........q..L.~`..K.....qI...6...W..O.E-~...UzOo.M..pUt..azi.=..v{3..1.B.nV&..*.V..R.. .I...O..^<e.[.&...|D..x.....6.NG....{...T}..7..8.LSE..T..m.......g. lZ.!:....0i..L...C..p......z.5).ui..(....d(l...d@A..56...2.d7.^2..G.5...T*......!......&.."....ST...2........P...c......`x..Z.?./...A..w.....>/.s..o.I...4..}.=.$I...>..0..Eo!..L..~uv...K"'K...q`..k.4!..r....g?..R{..x.W-..._.......R..gvWX./.b..\.p.Ln$]...4..?.P_a.q...n=JK...{.....A...!...7..i..X)....%...^.H.n..#...9,.].....=O.CVk.A.<._7...zTKy...N.....;'.~.....W{......y...xQ...i..6.B..L.#C........K"C.l.2...........lF.....@....zE^...vK........#..=......n.V&b.. C>.."+A.=$.(.d...{5Ti..r..~..oO.".../..'....II.eS..U4.P....).H..ji...gPA..:#*.|.e...S.........k.4gf....i,.4.L..Wpw<.U.._.va..Z...f..F..@.X.. ..}...\>6l~(.g..ln...(.l...

          C:\Users\user\AppData\Local\Comms\UnistoreDB\store.jfm

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16718
          Entropy (8bit):7.989359706840421
          Encrypted:false
          SSDEEP:
          MD5:2E09F8F39C32E943D218D8ACFD67B4A4
          SHA1:6A8FF67DE42A5F147A05E29EA52C6F564B3B284A
          SHA-256:C586F712350F979EC1458444C4A84801C2938B26B417ADE3CE45CE166801E95C
          SHA-512:E5D438F373EBE9150533B9CBBDBE6B3C0A631007924B02DB62A19F69B82C9C5B951778C09057DA857F4C04C18E96FA215E9472E590DAE83AD28EAFBC4E8745F6
          Malicious:false
          Reputation:unknown
          Preview:<b..!em..^.Q.....r..h..a.)..>..e[N..q.h3....).y...l`..N..1......bK.g..^.7~...;q.b.....u..\./.G@....#..VA..m..CQ..TKF.x.z../t.4..-.k[.k"...4#.r..].C_...:3.I..D(8.c...<.P..`...&.........E\9.b.@%..[...\.k.*...uA...ni.....c.%......t....$&.%y..=.......=......,.N.8)W.h/s.r%.".....,...o.DO..n..>B....%......:.......u./...B...-...X...L?.t.k.5l..d.?..H...W>../.........7=k...m.X.=....FM.h\.......&....a.R....)...21...kw.cR.L.........`..J..u..!.O.."...).4.....n...a..v.G......{.h8.B....XL.b.. u...9.?.....hx..F..!..?.K!..`k[q...<%.L...;h...0....g9[y5.@B....}Z...(YL..8Rp...S...T..:wl..5.K..axi.......m...#.qY..4..q.{..{.....uf.(../.bXM......+..........t..1.n....V.+. <..x3z..S.U....+IdK..7Q....mM.Z.u=..4<7M.'.E.|.k.w...H.....-..N...A..$...51.F=......2...[...#..| .>...t["d.PU.TO.:..lG.....z.6.(e.MJ.S\.x..f.x...!.f..%#...J.Y.W.....n#.<.....$O....8<.L.Z.... .A.'./<...v.....LP...h2g..jE_...p..{."j6=g..i./x...,.9...".o..k.x.K..<..<0.t..&.=......K...*....2.+.

          C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):5767502
          Entropy (8bit):0.7576003929527011
          Encrypted:false
          SSDEEP:
          MD5:38296FA94D89A4130CB306D7CC01ED7D
          SHA1:D8D09DA7BFBDD280626E076D54C1954E9416D0D1
          SHA-256:42401F9803000DDFF139ACB55A1F22866C2107C4D2C9C0165C96149E0BEAD6F1
          SHA-512:39B525666ADD10D0C9BFDCC5B17F10AC476A85F0F19AFA8D550DCDC1451ADACD9FC664E4367D8F5944213FE3263BEFF54B0A6DF56D1C9225F8C5424020F8CE99
          Malicious:false
          Reputation:unknown
          Preview:.&C..o#i.....b.1.M.......@;b..z...v}b.......R......{U.Q......w.Z6l...f.Zv.m..G.+.#q<....LN..J(`.+..!..L3r.F.9.,....:./9%.!.u.....M..9N.m.:...G[.P;a...*......v.D..~..YG....%.....]ydrI....ez)/.s.p...v...-.....*.......I8.?P'^q..h\p......-...:.Jhq8_D!...}.c....5j.X..+....8..c.&..]....2.kk.......A+.*).Ms#..VLju....a.su...>.$......X..o...L\.U._Y.I.$B....\B...1K..r.4....A..k....Q..b5.D..O...Y...F...t<%..;..#.....S....k.z.CA.rS.Bl.N...Z'8}..)<Z..._.....|.X..@\...G.I.%'.n|.c).=&...#....G\v3v[...Nj.{..L..cF'..%....5..?.0....F.ZT.b1...H....n..S...<....xr.....:.3%...*j..1...$N...*........D.....M.DQEzC..Mp..o.4...A..:&..F..#....d.v.T..w.....WK.........D./....!. 3F....A.z..MA.......m.*.....=.<.....a.o.;..7:T...m.y,i..j|'....si. .p:..U..J.W4/.I.T-.....w.......v.L.(|S0..|tk.(..h.2.m.@S4D....Q....I0....@...."7P6..xjnXF=.p...&.~. .yI.F..m.H....D[.;V..7X....#P.)....i..V...2np.V..-.$...Nsk.....J..o.!.Zs.h..<<.Y. ..}..*#'..+.....W.qws.#..v...O.2.....

          C:\Users\user\AppData\Local\ConnectedDevicesPlatform\CDPGlobalSettings.cdp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):5197
          Entropy (8bit):7.967122232422232
          Encrypted:false
          SSDEEP:
          MD5:D044288877BA201DB688ECEA6738CEA5
          SHA1:451C312E4E1A71DDDD0F114242DA7665A1A08B41
          SHA-256:ACAD7C31CD92327C0D56AEBCC020BE970637B63F0AFA281DCE88B60300A376FF
          SHA-512:E2203A225494EB0CDE7886357E6E0B81DF1086BC6C44BBFCA9F24DFC48526056D1949400E787840BED24CAE64C45266DE2A158F1C8099622C67C5642FBFF1B13
          Malicious:false
          Reputation:unknown
          Preview:.{.C.^..t....f..H...[.9.W.bJ,.Ht.....;.wP/J..4.~.~....0..H..S...m.a....5.M>..:..:..%......P:C.p.<Cp@X.w7Js...Uq$RC..[o%bkv.k[#.m.E.s...Rz/.....?~..~...%.g.w.ne-....d..6....C*T..O.....P/f.T..dS..m...DO%]b.......*h.l........N.......K..^`....=.n.K y|6EV....C..........R.[.a....#.j........I@.w.J...K...A...U.|..HP.E.e.j........m.y.b.....5vx$..>Q..,.z.A..y.Zef.7.?tf...;-#.. ....L..RZ7....H........0..$.....c-U..I!.\Q.Y8L}b.W..T.Q.#._.Zj.&.........=x=..D.2.u.w..-nQO.(e1....J...v+...%....c?*<......^....hq.O.#[...B.z.Sd...e.(..w...G.(.....{..f...D.......p.....KbI.W.&S%..m....H!.......t...G..]l.5......OQdY...~.ci....O....=z).%#\......?^..p......=.\....m....f).......*.......iJ^f..&9.<..E..(.q.A......Oq<.d.....U...9..r.R....D?......[..;XF...[z.jq.....ff.a.4.....z"...dnd'...8 ..*-..Ui.....Z..`/^ol..]........[>O.,.$F....S-..S6c............_=-.2Jpmq.6.....(......\?.Gb...:.*....$D...wjV.mEy..u.6...{@....@.0.//I..x..........HT.]9t.Y.;..\....r. .|n.D.....

          C:\Users\user\AppData\Local\ConnectedDevicesPlatform\Connected Devices Platform certificates.sst

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):988
          Entropy (8bit):7.782203421299556
          Encrypted:false
          SSDEEP:
          MD5:9026FA374AC1CE96A5A25E85F25B8E8F
          SHA1:9A7E0CE4A8E6E7D369250A9F1EC6FF7BBCE11C6D
          SHA-256:2B90B1502D048746837D67BF3E259DDA5E0395D9A02296216BAAA1437B4E30FC
          SHA-512:DE4AA0DAFC69B574453EBC472C102B416C75F2CABAC81A471344D8CAC9FA7C49DDFEAA8030E4DB7A8D23B0DFE1C0FF01C2AC6F8449EF0747FC07B396DC4D38CD
          Malicious:false
          Reputation:unknown
          Preview:....C.B..0.....H.....l^.Y...!yCj....>.'........O7....-.rY..EsK.*jPF ......G<...:...X........,I:;..Cr$WQ.......S..u.J....B......^...}'.[...........Kw.$.#.d2&...S...b.E....W.>.....$. ...J.e.<...u9..#j...OQ.......H.9.0)..6.|u.i....X.{..1Z3%...w1.|4...=....PI..)d..+.I..0I..X...Qs.F4......z^.XGj{_..,..;... .......j.''l..P.7.....s.8.......@-.....g..C.?...jC.t*.....s@..(z.G....N.s...)......7i...8....1...l...b..4.'...25..m..C.AU..,..p..2....r.*.\i......C.DP...*.Xc........q<]......E.i$.M..#..0'Z.A$.HL..a..K...$....6v.o..,...........A.pIu....J.9..`.:.9......@.l...04lYX...|.97.....|02o...G..%..(...U.cTP...8>....^i5....sQ.....Q.HXJ...M.v......-....zo...cf..da....6q($?]...IL.qJ....Yje.)%..p.....,..mHN...JFa.w..R..[.B...'L5.......w&..2.?pMS ......1...VZV:...X.r...$`j...-*..s1."Q....a.P.,#..i..S.`.A....F."'B..!6.........,.e..H...yl.u..O..1..{..}.~l..t.).:9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1303
          Entropy (8bit):7.826173872780306
          Encrypted:false
          SSDEEP:
          MD5:3ED331089574E83960C3BD9939C81ADD
          SHA1:70D60DF8748F1CEE1C908DDF276486261B2378F7
          SHA-256:2AC21E8A954588C77618973FA9DAD444F101D3AAB7C5F3404F19753F232382E2
          SHA-512:ED0E89B8521B464237A2A055A5E978DDD6E28EECB16CDCE4046ACD9912903BD28B5F4573F8A86CD737FC552E177F587C681A1EED24C8029652AE70BCD0547FA1
          Malicious:false
          Reputation:unknown
          Preview:.{...b..5xx...A|F....Kv..sv..h........H......Y...U..&-i.)L..n...pg.B.o.<0b.n.....s.%.?9Z...>...W0......._.&..*...(..0....I.mC.....o.....w...efU 9.;,Ps2*..i.)${..t..s...Q.D..<.e}FQ.ha..$w&..;.$.U.....2.)...5.N..+{>x.3-.t.k..&nx:..R....tWqO..o..p.......E..[..A.H=.....".,.F"...8.LtJ../w..S}f]S~M.u.).J.;...'..Qx 2.5...$..D8..y....s.....L4].\t.1.....!l.......T.zK..P.(`...i..Q9.<...RP..w.yOF......v.i.V..V./..S..X....5.!.....&C..r....E....OW.....lwM.o.8......YoX..8W..+'v.N1..'..!......#.....%.RX{]..........T:r.........q..2""C...qf"..Ir{B......V..FYw.Q..7.$V.c#..w.l..6..o'z.vs...9>.....|f...D....>7.p....\(`....O.-.(.Q.......?.#i.G......z/Z..#.2....jJ..s.e^..s..-..iL.._.1.p9....._Y2.:...D..F><rP..`..1:.:.5...%.%.B..L0...N.F.s..:.WhHN..*...u....9....\.a...w......5MQA..{6R.........BE.4.R_.P].VE...5.7.Q9.{(?..N,...&......%.l/.z.7.. ....#+B.u..`&.z...,.`.....@.`_pV3..i.Jq^.P. d1j..[...x$..Z.G......~......(........`...#i....B..%A..I.6J.C..~F.._..QF.

          C:\Users\user\AppData\Local\ConnectedDevicesPlatform\L.user.cdpresource

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):388
          Entropy (8bit):7.306901125958293
          Encrypted:false
          SSDEEP:
          MD5:7B2CD6F8628A7DC2AEAF5F6B29587FDF
          SHA1:DA898786377E8C119A012A200920F8281B873461
          SHA-256:7B757EF44F072E2AACB1C095D7DC548B378EC413DEFF6BCD8BE63DE9E5E8BDF1
          SHA-512:9B3AC5AC81851C6EC54F1E0C1A41E27C1137FD45627E0B9AC96322DDC33313CCCEA4FB5065669B721053F9B3BF83E6A1E900D8799D547D344CE55A2B9F115E3F
          Malicious:false
          Reputation:unknown
          Preview:.{.I..s..e...F.... ..G.^....M..8@...KU.......Jb3....a....h.{_.^..!..&....._._5.FJ:.P..W.....<...S....g.v..BF....:..oi.P.me..a....4.........m7..0lEb..VXO.&.cQS{-...........g..I].......j.....4Xj.*u.l..B.6.?@.N?...!....{..(..._..jOh.^|6.V..W.(....!..b...d..>.'.ggr.}q..>SjJ......9...w.i9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65886
          Entropy (8bit):7.997083908815337
          Encrypted:true
          SSDEEP:
          MD5:2EF2B5324C72EFD7BA0EC0AEEDCA02B7
          SHA1:3859DD0E34359B3F8C1F09933846BE101090B4E0
          SHA-256:FFAA3D41BC9A14453E1127FF6E7E2DE0934F40129F05EF9AE616703358B415D9
          SHA-512:31D1EFF847445A44A8DD320FD7977265B22019739FCF4E169852353A7CCA63A6B9EDF90DFE9424AA1FEB35A4D4DEF5518933453D3F971011773F63858C845735
          Malicious:true
          Reputation:unknown
          Preview:...S.....Z.w.<...-.....(%.].O.....u..p....E.f..d!..{........<rk.`..l.?.Cj../......m..K..y..qs'..;H.,&w..MK;DK.4.....r..w.c..y2......!......."9........Z...........j7.0....J...s.=.fa..v.<......x...FqC.rV.(r....GCn............b0.........mW..s."..x.f.MQD..,6.....0|~V.S...":...^.c..p...7T......b..F+n'o'....`.....E....*...8O.x}..(.'\..I....J(.*2.}:i ..s..!...b....7...F I%.LG}/....uv..N..#..'h../..F1.J..0.0........9.aD...Ti`V..@.t...#...7..=....D..g...`.#t'vq.m..r{,...j.1..w.<...V8V..kH..|._%hap..+.&..^y.......v....^".U~.2.9..L..t.g...... T..D.Q\....=..9...|.o........?.73I......nB..7tR.......5..e....Nn.......N..tih.a.d4...AJ.A.X.u...&.P..%. t+.T...G..%3.^.4...9.'.kX.B.C...L..XK..6UY-87...3.tV...Ld.*Z.m5k>...]......L.R..>N...F....NW.C..&{u.b...)`{uS.y^i.Y..x..%f....G2.0.d.%!.Fu..s..U@Uq..q...Q...6:P/....q.z...[.f.8[.. ..l.'.la..UJ.m."..!1n..<.-^...A8L.^...0)...I.}.J..>...L...a...N..6...UQ.|.....>I.x.....A.{.._fk.....jX].J...^..;N..X.p1.......f.w@...

          C:\Users\user\AppData\Local\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.30314717337807523
          Encrypted:false
          SSDEEP:
          MD5:B6EE61C3C349F30C1A12805477E10840
          SHA1:23C0D238CDC75F828668D696EAB3EAC85D701D0E
          SHA-256:5E445581FA56BD054A669DBF7610A3BFE6BBBC7FE192D6640F92B4B007C1D917
          SHA-512:62D18B6126A1DFF9FB5EACBE309FD96254DA4A84B0A419426E96E40FBD76EBA6A78B9CDABAF663E662C56649591F62F82C52D4B7454AE58A66FAB23BE614ABE0
          Malicious:false
          Reputation:unknown
          Preview:......UD;.G.I...<....u6.Y..3.._I....u.&.il.,..._..ZC....X...=...b~..U..".OPS. 0...u...xd.....%.#v.....Gbg.......V....F.... ..*.A.F@....bq.~m.44!j"z.....]........Zf..b.Dr.." ..l.)..{N..G&...M.l....-g......+f [....@.*.3........(.0..fMt.....325.i..0..sYhBJY.(..^...7.A...7.U...........\+.g.hom.).@....Q..k..).5.a.z.....w#........,V .....AB..;.......d>2,o.e....YA+....^I..?Gt..I5.>......!."...m..E.^f...F.\j..qvOH..!....(......r.....;_2...\.5.W..........V...k....jz....../LW..H....&;....Y....?w.......E~X.. |...L...o{...b.f.l.`m.r .)..k..:..z.F$...d..V..m"..v.a.v......w]m..../vy3.[I.&.7R^..p.,.1Kd...O.-...GR?..g.|..%.Bl,>..(. .N..y....jWA.....^.R........<.s..?..|.....T...T`i.h..|...."w7...y..g.....R_.....nI....m#wuL......mi..L......P...P.c....ky.....::Scvh...Z`.jn~.K8..V..{H..:..CMwE...()l:2.u.....+Q..5.6.._7......b....DC..#P.H..E2.. k.+-.J8hGj....y.R.m...?.r....F.S}...hN.K,N..5..Su....F8.....p%.V.z....[......^..VZb.pc...;..0.4.(....atX.F3P.-..

          C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651FD787-1288.pma

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4194638
          Entropy (8bit):0.6859103039890727
          Encrypted:false
          SSDEEP:
          MD5:07C79DC79E87A7BECFD67DBAB3E15E26
          SHA1:1AB48A7DF8C877BCF18A14253697A138062DCA09
          SHA-256:1148709BD257163E98E43E421EB148AFA0A680AA055EDAFBFEDAC564E0C101D2
          SHA-512:C1504436A6E30F4CBC5C4147FACC2C24ED6BA1ADB313BF367728F08D31A659E224BD8D1032FABCFED5993C55C70FBEFFC38B56F07022CCD996DD7F89D25817D3
          Malicious:false
          Reputation:unknown
          Preview:...@.c..4..ABp...Q...$.l....a.....Kf..(,Z...;..i..O..X]..Q?[.),.W.......r......]..p......@+V.,..H..%C....A.2..II.t.>.$....B......n...pEc......'W..!d.....G....O...Ml........n....R.1..tE.S(nfa....oY.l....Y.S<.C..`.xC..lf#..\....&...a.(..}....&..``.7D)........1..o..N5.8..is.W;.....N.1............1.i8. ......1.%jt.[.W^.R"_.Q.....If....U+.E..a..1.b. ,...!.....)....=%..hX8.}`........H.....[..z.<.Er..8Z..o......F.>.P$b...%.......Y..$.v..6.u.......O...<q...~y0..d....mo........c-8.U....M+.n.J.f..C...P....pm........N-:....I..$@..R.J...............F..<w.}..A...:8e>.V.......V.......`.....T[Y.FN....btqX...R.....g..e.F..}..M.j..... ...$.b....aP.Q..H....t.[w B..&..R..Y..l...L.fY.....S.........f.V...i..).-I..,...QF.......f.0o.R.b8.<.+....X.Z..u$.r.$.KNYh....-b.....Q3.P..s%...9a...T.$.......]jL?.J......]@.V.+..9..I..:]d...'.P..IZ.'ZxH.I......5.............m/0..r....=6.&W.!.%.SG.\j.....o..3..'!.20.......IJ~.<.Mcja.....J.$........<..8?^.G.u-.M.!../}..x...._.E(..w

          C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):374
          Entropy (8bit):7.279347059052946
          Encrypted:false
          SSDEEP:
          MD5:2C4A8E9610216F523155EE375816287A
          SHA1:159810244339FACC6CEF6DCA47384ACFB21276C2
          SHA-256:E9D0CC6551109BA487E6E45C1BC07C6A5EEB9AC1109F13FE2BD402460637DFE7
          SHA-512:5A2688BBEAFF08C30BC741FE36CDF4522FA84AE89838204894B5B5402716B3D00A0FD04CF79437890CD17A9E8343065E2AA10A666895198CE83D217BB9D11427
          Malicious:false
          Reputation:unknown
          Preview:sdPC.h.!..(.1cb.@!.4...Q.N..9G.0..%Z..TZ.5)`.|...V.#Q..0...(JQ^s.i.O....y9.N_...}....A8-. .L...d...&..!.I.......r]Kwv.~.G./i....;'.{...%...F...m.!.B....$.(Q7..9&$.".. ..."../#h.#.^W.m,?..[5>.. .Q..{....._.4...`.M......z.N$/..gM.f.@o.J {.C.L/...-....+.Q..zW.;...N..8.j..9. ...i}A...64}:.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):198128
          Entropy (8bit):7.998714412491403
          Encrypted:true
          SSDEEP:
          MD5:CA95D89BEA0EA6C9332500425933D3EA
          SHA1:4D0447F178CA7DF35F115C3D5699F80D80D98AA0
          SHA-256:58EDB6684DD8E37F722ABE2076A94C4DE03C0CFA12B84F38D78BD1477AC586D1
          SHA-512:95C091772A5A06AAD2EDE7431B2AFCF039B95331F4AC7DBF37A6D3F23033B4F2A499975F3C4B78CDA0A7C833B4560276A227051E12306E57867D4D3A16A010E4
          Malicious:true
          Reputation:unknown
          Preview:......}(.'..r5.b.YY..y..rc.9....y.6{$.x....[:S....9..N...../:g....n|.m.55.....@.q.OW.e.G..X.C.....&}...T...c)]/.oz.K.o........x.m.3.$..,|.Q:L..]...._......b.).....z.t...`.:..H.....jD......^.Y.C..9.+.r..).E.x..H......e~J...8.$.D.f..;...T.;e..xo~.x......#.o.....A..{u..?..Q...[\c..o*l.......r&b....*g@....n.....5 ..[...........'.u.....].ne.T".t........Z.}p.:3ym.W.]....o..+5x.0.>R..B.*`/....N.S.m...{....t...0.=..rlg.p...'h9.;..o.y>..6$...48c...<.t[....n..x.....0x.+T.vUuyV..h..}.N4PE.2]....Ur....h...G.s....?....4#...;.. ...F.F-;.....0....p.$...r5..V9.A.}~......./)..K...f._P.....*...A.....E....C...K...BM$.8..b..8.t.PS.s#j&....BJ;..^.......n..j\...mnO...4W....q{{......0...dnd%.t.{d..c3V..+~....9ub.._.&.93........]p.:.?.qI-.....[...F$......%rUr....d...Bw%..-....}..Z...$*.Llx.aD...Q\.....Il.|.fBg8`\..am....T.Q..s....e..[:&.-Q=.t.......R@|z..F...sDE.r.m8....+.........A.j.?u.C........4RQ.;....M....c.;-_.qr@...z.....0.`.J..b.2.......[.0.."R...y

          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):668
          Entropy (8bit):7.6403687251164145
          Encrypted:false
          SSDEEP:
          MD5:77C53FD5F55A403D8AC7C21654B85342
          SHA1:91D7629E3ADABD8ED7E89CDA52AE0537CB427ADD
          SHA-256:EB33A41697BE50AB08C0CFD01224FEBAF69B04A22EED3254EF0157F91286DBAE
          SHA-512:FB89D9C4990CD4CBDA6DD3EE90E104A8C8EC7E0E530E22936FF18C8F6B9A1F4F3831E49623CA61312F22394B9E9CFA690C510B99281972FA3CC776680B5E01AA
          Malicious:false
          Reputation:unknown
          Preview:2023/......B...u&J...w.h...DFn#.+...r.......$.N.D....:.t..K..p.;%N...d.r=.D2..F?X.....`.n.[.\....l...F...}..(........uM..M...[.~X.0.P..i...r.y..id._a{p/........X$N.;T.b.....I;.2,........#...W...pw.#.(]...e.{>.5...;..!C.R.4......e..i..!/u......)J..>.nt.3....n.j.j........Ip.....jd=)..Q.,L;P.#.A.....S..#j.op..Q.].N.5K.i5.....m...X..AP.I.Dt.......0.....y..._q.3..;.H".v(~.O.y.{....C...`e..q....0;.:.....=e.:.>.Ml.t..........o...Z.yw1J/...le@U.%. ....S.S.N@.iH.%>6.f...Ig(Ip...F..<yh...<q....>....?....j;.|r..D._7..;.S....K.AQ`Q.XB[. ...|....:.U0..$.........!. .m.u9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2760
          Entropy (8bit):7.926878387304356
          Encrypted:false
          SSDEEP:
          MD5:20F101EA537934E5F05285366E9D796C
          SHA1:A470A655126820BADE8E8047EE83AB4EB3B0FFAF
          SHA-256:ABC579BC17FB7C384FABA48418B00E0C344377B61094B848F671CB37D81DF4D6
          SHA-512:A6C91BBEB5C923BB6F68060843A65EFE4240E5091F3EE120E958CF9A237C373A0A461B564EDCBFAA3B316F8FA376263CC33B65D5ED9A063016D46BC9BFEE18AD
          Malicious:false
          Reputation:unknown
          Preview:...n'...;D..'.....c.......(!...0gO..m^..W.c.'A?....<|..%ku.&...A.!D.c....h...c.+.O;&MHO....3Z.0..L/.xt.X*.7..... .E...!..@........*.l.#..^&:...{......X..h.pj....k.|b8J'....8.V(-...:v..2{.L.n.,.....^\wW..n.].T..P...lN....<.{.{f...b.CE...).KKv...Y.mA..?..l.`A........."..3Q......=..G.rO[...<.5z..ig._.Z.%.-..|.Fp.<...X...k..D.c.}.3.+.Tv..v.F...s..T~ .. OB./'.<g.r\.....-..7Bl.%o#....:...._^*.-...U.=......Mt..G.!.t..ZA|....j.,^.4*N..P./..P.q.n.......-.wwA..!...n...^._...E...S.'8..h...?..).}."N..Yw..%.........o....?.?...y..8............4._^.D..`/....w..>4.8..Y...ze. I..(.tF...^......5..u?.6..X......D..s.h^Y}^....K...DzU..w......Q9.}..G.....K4D.r...>..#.....1.`..3.V..h.q..<7n..w.;..4..+..$.D..M....u.e.<\9.s..n\yM...(.$.....-.#.2. x.~>H.0No.+..@......bF4...D......../.V.Z..w.b.3..t\..qwm}X....YQ.St..j...U.Q....J..E..P:~..G..UYR.... .'..d..|y0.5...b_`9..7...xr......Ks...B..V..R..E?.caK&...p...,..\.dfT.<1C>.zE..!d...Y.pyx...|..Q...n....T.4A..B;.=c.1V..

          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):660
          Entropy (8bit):7.621074447722865
          Encrypted:false
          SSDEEP:
          MD5:5B83F1549ACF8E685004C05901AC228E
          SHA1:02610ABDE5C73250909D7D293C02AF979E4C4E98
          SHA-256:26E6039FA9DA3270888E6EB65562CFC6CB1A0F41CDE9AB6A57751BD7928B67BE
          SHA-512:E32363E2CD89334A46BD759E9BB5B91A35E56232FDFEC6E35AFCE68AC6144389A52D27EA73657AB387BCCE7D4CED4C11D6B3E48F59038B1374C8F2B78A6F1A78
          Malicious:false
          Reputation:unknown
          Preview:2023/.2.%.>F7..[.c..Z.1\.O.U>3/$.BQ..:..Gg.Y.%.,...m....n...:.dR2..}.. |.Y.tV...b.v......FN......qG.b..:O.....}f....4>..!......m..[.z..7.3........`.D.mx...6...M..#7....".u/...!...JvE.g._ACW.h.....0 ..'".)%........>...'{.-=.rW.$-..>..-G.Dw.[=NXtI....^.....1.6.d.@..A.I..y&...$8..........R...5U/:......7..Q;...g..m...?R..C..P.S...K.8Nl.'.>.....q.R.]............C..#.>....-..(I....0{"...%....$..x.U...QO#.@N......0....+i.a+9<........Q..D;A3.;....f.!/...z..e..(..vS..@.b..T8.9...}.. ..\..4..,0b..x.@9U..).9...o.....-T..E..s'.cT.B?^.....f.1./~.X&...+.-m.4&9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16718
          Entropy (8bit):7.989426130530991
          Encrypted:false
          SSDEEP:
          MD5:B6AC643B8EFF9BDA8027BB1D46C0CB77
          SHA1:D84C3B0EBC2346FD0C49539DDED713F20F7131F4
          SHA-256:1A697F5241FEEE8CAB519F002D91551739BC3667631FECC7C63D2103E7297F15
          SHA-512:A711AB26985CB0FB9491788323C89C083F24BD43A5E9394F87E28BC975C97BFC9EE69C4652EF41A82C0DE83E37724F2346575B3260D420E6DB6D08FE9857DDD8
          Malicious:false
          Reputation:unknown
          Preview:SQLit.#.......o....~Yw.....l...,g.....]M...O2..8..0....K.l...._..k&&..aO...._...F.|.*.W..O.3`d.._....3.e.b........E...Z.>.......m7E.T.{j./.I]....,2{L...8cyJ.E.A.`......xN`.e.;w'n......b/..+(\.......x.?.L.n.z...Uq......B.u_...6W.W.^a.(...B.1.gr.....1..._...?.9@....%.s..pY.l+.g.!..u...7..kj..!|m.U..G.H&01(...)_.8....U.{....JP...c..r....v.T.>}.hc.d...O..Y.yvl$..z+..P.}%.....<..-.__..N+m.}..2...C.#ASLq....J3G?.3.8.,.3......c".....{.za6(K%#..'.+....7...X..o.]0........w,`s.Tp" y/L..u+<...a?..K.Z.%iTJ......B.c2.]q.K..{^F m...)..).K....#..._.W..^I....v.&...v...a?.......w....m.......u:./..W...cd!........(...Y.4v.P....Z..e...4. ..c...2.o........Q..Ii-{6.7....c..e.C....G..n......N.....7Q~gbJ......X.|........xV...?(`..D..{s]=...~K...s..!m..=r..1a...Y.wOG(S.....gUU..;T....j.........]K....`.9V.,_.......F.B^.S.i.@.Ri(....n.o...........Z...^.4.".Pp..2...T/.g.....+..6;.Fs.`...Z[.Z.$L...XDC.5h.@6....,...j.x.=a.fi..1~.n..gR.....i..I......EeN..j...S.. B.Z%.......

          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):644
          Entropy (8bit):7.664579608730141
          Encrypted:false
          SSDEEP:
          MD5:1593439E6D58E3CD50A1BD36D6592546
          SHA1:DD0E74D8EC9974EB9220BE29FF8AB01D49CF0049
          SHA-256:002CEF2029F0EDA64718F86F585E82C317D01593796928A0350E7CE8DF14AE5F
          SHA-512:058C8DA110BD24475A565265A27AAC25EEE07A2A3E52EC399C5E98BEC706F4C48B63234C75AA6A36F86CBD77C5505FF804BD68109A03CB3DDBC61F402537AFC2
          Malicious:false
          Reputation:unknown
          Preview:.h.6.V............v.f..v......W......>.J.k...n.K........\.a{.....8.K.`...(.#.7.....Ht...D.N.e.l.}.[.B.l....6....x..Y.j?a...[=L............9.m..+... ....Z.^..I...$a.,.1.PMp.j[...T7.....U.....+<*.O._.Y.6.?L%..L.:8...I....er..@....s....%...f>g.l_..}....C.!.usY4.ve.O\).m5....%...bH..)..Y."gA.Cu..[q...6(s.$.........{.^8.'../....[?LL..q....e..0..d.........F..{..w.E..7..RGQ..I.....=..'.Aex.....t..t$...mp..J.-..X.C...k_..NPe._#n.Q...0"...U.f..>[L`...B."..YD.u..?`&...z...nFcdc..5v. ....&G.(4......M..1..F..&l....r}q.T.J.$...e.-R=...0]a9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):674
          Entropy (8bit):7.7088482276747134
          Encrypted:false
          SSDEEP:
          MD5:75F7058F5F521BEFBBF2D2395872EF68
          SHA1:A81D639EC8D2AB084727A11C12C67EE0A36F0BE8
          SHA-256:6200272AF351D501539880E5D27CAA412AF9DA3AE31ACFFEDE7CE507DE8D10B8
          SHA-512:18D15629A7307CB987DF66E0BBEEBE2BF7CE2D7658A37FFEE31783228528C66F70432DCA1649E553318933C4D8E3E3BD62F086A2D8D130FB1D7661D63878E3A6
          Malicious:false
          Reputation:unknown
          Preview:2023/].{..b.C.s..n..H>.....XU..+..WuP.&.Y9.>.g..C(,..~[...d.Pt.T.....'d`0...k'.;.Q..e%..q'...p..b...~.D3%D.f.E.RJ.Z.f.Ym.%......4Q... ..\...\.-.5....../..Hs._...>.......v..(...).-.0..h@.....e.9W}S-r..:]....H.o.V..J.U.....9.Kz.z.e...(...o#...\.24.O.6.C...O".{...!.i..(W`VpR..z.y........YSGU.....>.. ...;I.:.........F).a..)..l....hi.ss..V.J...\....w..&.+..Ub..9..9-..@q.2....U..|........[.!.K....2.....[8......iw.h|.2..D.0...\._......o..*#9W..^..3._.o..s......]...$6...]k.d./..^.x=...........KK....R...-K.&..%...Oy...0.j..;..E...c.E.....B..'./.....W...N..W..f.g9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):372
          Entropy (8bit):7.347489643543865
          Encrypted:false
          SSDEEP:
          MD5:F8FAD852181B03679DD2A842DC7D6346
          SHA1:B29C7EB7E310FCF9BE3B4999C24FBF28542DF499
          SHA-256:605863A8557ED40DC2356F8105CA633B9275E519F07E9F6DB34F054A2D7C03FA
          SHA-512:B867062911C1C29CD6051CEF858DA84A2B74ADC3872F6027B90F22D8E835F7D0F6AB6AF3784FD20D0FCA919AC387F43BE1BE733EB85F33DD33B27C5B6C64096A
          Malicious:false
          Reputation:unknown
          Preview:.....~..2_...V.gh....zq.....i..M..[....4.d..lo=...mt.....%.^...:....YG........._[9...e..H...;...x.i...9^.C[.*".........(....x....3SH...Y.e-...........`\6...[..si....m'~..45...~j.{..8]......*..B..{..b.Gr....]+..j.j..A....I...:!.....J...59wi.....n......Jm.r..-..L.x....3.!.7S..?`29pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):49486
          Entropy (8bit):7.996170755307844
          Encrypted:true
          SSDEEP:
          MD5:3EEE52D9EE9F9D21D02F10AC6FE481C0
          SHA1:ACAA737C72502324DAA569A4289F48D8457940F0
          SHA-256:DB97756369D0206922A4E2C206D79FBB28771EE5FA73CBB46A19BF4CE677836C
          SHA-512:77AC3F90B8FE8CD49438A49CDEFBC0A12550A49C899AEEFD2387F3A18CFFCEA2A87BB32D408F6679A0AAD1DE0BE1276D2470BB86359FA3BB961AF8E2AD26C7B2
          Malicious:true
          Reputation:unknown
          Preview:SQLit]*.#.J....NBQ.|../..|4i......y7.......r........u..JgA.e.YY..sz4...t%....=.D.l...r..@#h.u."..".P...;.+.<.t.r..v.9+.I9?..%....f<..9z......y.o......p.!.1..GQl..T;......Ci..1..t..$....^.k .......G..-tn.L......L....6Rk.X..9i.....Oy.....n...tk...t.P8....O..q0..x..qQC....gcFP...bPmS.......*..e.pP...5......5Q../....)bNu....x..W..."N..XW..?.vz.........]P..&.......]n.w......h.CW...\......./0.~.RA.3.....W+.E...0a..T...ru.3.v...DYj..J#)u.._.v.OU].<..-..>@..9Y.*%z.ax.:x3.v....v.}.. 5..BI.$..?...G...8..m|....r....".j..hv.i2..M.l....0...A..E1...j..~r..f..,.|p.W..<98.3r.z.2Bw/.....((.w..1.....n`.u2..wzbUZj'.O.v.F.u..(...:..AD.6=1.r%\lR...J..%...v.[GJ...l..8.X\A.~.3...j.m....p......*.D...I.@.<......D~.(....$....{}........L.......f.\0.veuI..._...f.Z.H..*.}..O.R>........Q..(....]..l.$h7.7?.......?S.s....Jl..Y..+.E~.o.s.C8.A.q.<.._.?K]%...LRcX.>CN....ja.+...F ...9.`..r..@...u....wB.\....|7:.d...K.b\.O...r...U9....14.?S\.l... ........

          C:\Users\user\AppData\Local\IconCache.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):11336
          Entropy (8bit):7.982129214941511
          Encrypted:false
          SSDEEP:
          MD5:80C9823A825D94472EE36C17075D6F0F
          SHA1:760D338BCC8BC6C4308DA07598AECC9895E25640
          SHA-256:CE438A784B2D697AD54A7A736FCC286F3B614983482625C058FA173E7B071DD0
          SHA-512:51F412E712ACD68369BCCD29D573529BB8B5A90AA4B0E370AC26DEFF814B51FC23FB9231E970197D71229076BC681645F19181F72638567A4BE03064CEF45C93
          Malicious:false
          Reputation:unknown
          Preview:H...W..`....!.^!........^c.3AU....D....V......+...k.Lw.x.)|.+s.9..Fioo....>8..R...o....(..0..Z...FD.|..Toh_..}.k/P.?})..\....D.(.%.z.......\8......}.....75..%....q.....zw..m9....q....<... .C........6}.....#.U.c..O...+Y...d...`...!..,..\......+....Q]...........J...L..p...aP..wqQ..y..4p6.fT..Y.\....q..i..E..P...!....1L.Q..=oV*T.....s'O.>..fm.Q.c.ew...7.....ZF..^5..c..lsCp...CgIq..r..0:..... .g>4g.0.*...X.javmm..&.qc.-`..o.--:.}....]....41J.["qn)........v.._Vbc....Sr..lH..L...,.....}.. .U.0.d.$.....B...@B.H.8.Kl;N.=..i..K.&.(..uI.<...!)}..n.......a|C...SD-.".?...y[_...Bn.i...`.v..dPb....:.q..0.H......tz<.z.<.6.'B.l...h....!..Z'........T..}./..%...[.?..R".i.y....wh.i.$...t..I.)P.......7dBO.$(.-dvGi..I.....@*....u_.. ..e...t....E..2^..SG...b...0(....&H........e)VJ=4.~G.x..2..e.....q.`../.,..)^/.....+..:Dw.....j=.....,u9.....y.;x\%.3.x.f....CN.......j_R/p.&g.s....).e|h...f`.2.y..E.M"$o...~.A-.p...@.W.6O.,.d%.%O..YV?j..C.@.......fP......{..a..=..

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651FDC40-16C0.pma

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4194638
          Entropy (8bit):0.5585808697128369
          Encrypted:false
          SSDEEP:
          MD5:AFBC2D0C96E9728118620A6A70809054
          SHA1:04FBFA4D152C93CCD47AECFBB1036746976F26B0
          SHA-256:E312A366CF8FCBDF7032538ADC74D035AF6664BE9FA2FD6BBD8A9A7B0BAAD1FA
          SHA-512:E000519BD8C5E8F1B935DD973A6B08E25F876FF32CEC85700856808634733429F54BAB0C9D7C78A05CA21AE97D242C009D517E2689BB6E889D195A3C42DD9452
          Malicious:false
          Reputation:unknown
          Preview:...@..e..b}FR9.b$.Uo.vZt..".<.i../..p...3.[j..I..6..c.Q..B.......D...2N....:%_....A@.{........2..U..P...LOE.G.:.h)O.M...]....zd.O..x.....!..Q.2...,....e..x$.B...Iw.p.sy...j,9....^(.S.c&.%.%...[.w.|!...h......D#U.l.....+..........7z...@m4.k$.X..Z......f...e.........N.A.Z;]m@A...SH.......V.{*......0r.S..W..........zA..N>.m}.iSy.....+&fp.@.ly.[......!...p.).L.=..ihk..r...DU/.......r8.5.!.}...Os..z..5.l.+.}..(=.A../r4?N0(.U.<..E=.tg0l..R_.A...).*....>A...bd...@..u.u.L.....7.......n..TNg..#.#.....'.[.....O........MH+.m\{T.P....%.I2.0(H.(.........?.:!]r.)I.....M.3x.........O.Ev#......&.G..o.VT.`j]...$..8=.WV?fI/'s..p..t....1..Z.U....1..~..{d....$....b>_.......}.C...B..6+.&.N&i..c...i.Z`u..50%...s...C.6.*.Vj.a.>h.n...H.>....P....d* gu....#......7.`'.Y...J.`....J@.e{.aj........CkI5.X...X.t.F.U+.+;..2'y`...........A_(.n..Y_%......@....q..|h.;..i.=r..4..ED=..{,jB.1....?.M.w..7.N..r.-.:..0..v.w.....Q....I..j.gi....f....U..L.y.[b.@..<~...]'...

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651FDC77-1B20.pma

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4194638
          Entropy (8bit):0.5183867943844824
          Encrypted:false
          SSDEEP:
          MD5:9672313A0E8E9C3E456E4F5E3D8ED3B9
          SHA1:5355D935C373A7E3719BEDD5C93CA1422DE406AF
          SHA-256:32380FE30114EB754FBFDEAFE87BE7EBF3FF38053FCB2E1720C7C8A8414E21BF
          SHA-512:5C03EE822A01BFB6A039253B1BA45D3547C00363700057D168B58C79267ADE58630EEE076BD8AE0AE5F6FAE0DB0798C4535A72B2E0DEE03CFB535F9AB376B7B1
          Malicious:false
          Reputation:unknown
          Preview:...@...'....v.c..n..V...wz.9..R/..."CB....N(..y4....Z=.kO.....iV..N.r.p..j.rO`B.Wr+..01(...}.qN..V.K=[.^..y._.. ..k.!+..p........*n.y..w.J\kr..,PR................2x.....w....sM...R%..."..]E..e.....]8...>...f....L......y...'....=B..y..c...+Q.A(I..ZI........1f..]d9...I...A(..#L.../....+n.6..W.h<.._$4.nn:....\....J.?e...V..!.%..@..}.r.w.#a8..t6........;.8...Q...S.h,)..BY!....D.... 8.G...q.U&F...^:.Qb....O .[.nd..r/.S..AJ..)...I.......:\.}.......J.i......K0D.L.\..a...?.$w....<....!x..Ud..U.?..Ug.S...v.].2.|....FPl..8V.......e..VK....v..o...>].....>.T.6..x.........`.K.xKv....@...{N.8.Z..J.`i.....&...P?x}D.].$.......N".r.-.|...=......3..H]..8j,.G...9.s...m.*....<.......UMd.......4q/.n.._3/;i .=O`.J.K..x..f.....#.D..`.(...N.......=.l..'j..J!.P.b..&.gK2W.....(w/...Kt....`......L. ...D...=^....%2>s..nEGP3.3....,.....4....a}.......t[.Lo...>/`...<W..|...n....g.|P.[.......gb..hg..Z&..~..G....~&n.....tp(..=.v.g......*...X.C.Y*....s.?....*..{......C..@j...

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651FDCB8-17C8.pma

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4194638
          Entropy (8bit):0.5184802695372506
          Encrypted:false
          SSDEEP:
          MD5:264B15EACD85AAA959CAB4C62DB6D462
          SHA1:503B9F17C485E720D8F458640A3DC38542BB8FEA
          SHA-256:F96D7C3360654A8C26CB17D5540C5684AEEEEF1D254BE37157D23C1C06631C04
          SHA-512:F23AFB58BDB89ECD7E2F15C495B799CC7DDBA05221C44C7A269FEEBCB6439E140D73E179BFE61066B807AFF94A0ED30CC6D6FF4DC4496D54A319557DA45A174D
          Malicious:false
          Reputation:unknown
          Preview:.....S.....t.v..F..^S.w..Kr3...{8.D`?.,........{.J..=..tk.....G2m\ym..W=..2..K>KA3_..4..-..+.$.iN8.(.....a.d.:....]I....c...5|. K:.X..U........n..y!..`.9nej....*Aj........ ..\..........a..l5"%...{..'-............mM.;0.....I..\nnPs.z.G{.K. .;........g.6b.....!....V...J}YCk3..Df.......g..X....#z.j...X..7+DRA?D.....t...E'#...L....w=..O%....[j..D.+..w..K{.%Dx0T5Jk....o....k(ph.!.O...7.2._..,....."...m8?.n.i..K.|Mh{.' ...T~.|.w4.Y...?r...O......4...F...9|...H...no~.!.&'...9.T..]9.......M...j.$......XL.J..._a.V.d...q.j.9.BDX9J...0...K..7>.R-..8..C....y.._vc9)................>..(gF*.7...W....|.:.I.<......5.b..q.J;...8U..l.k.~5G..z..n.3..O..@T...g../..:..Z.\....r#H#wN..[JkA.kxf.4q..n."..R&...H.4....|y........\..N."AV....XL)..s.G.{!....).F..9..b"{}sj.<G1.c...M.1..C.......S......1+..~e.'.~U..9...`....F\..'.i..oZ.4..;^$.D2,.@..$.V.".....9>..<.9eX/..q.B......]..W..<q.Q.........C.\...<.s..i.;.........K....S....z..d.6.@..bu.$.g"...q..R+>..:...O.l.~y..gD...

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):81424
          Entropy (8bit):7.9979986587519685
          Encrypted:true
          SSDEEP:
          MD5:612136408502D1D1739F0496ADD70963
          SHA1:4EBF513DB8CE8938D352DD1B33C60A36468CBAEB
          SHA-256:671DD397C8F03C9C6AD49BAF14DC0BE931E4FF48BE401A0199BF32405799003B
          SHA-512:8873C663C2487BBC6F13448B16F3A5744727744B7FE274ECBFBC2ABA81A56B9E6A77406C726CA7D75E1F4BC4CB6C26379FC019F4E4297274D43374D2FCEDD0FE
          Malicious:true
          Reputation:unknown
          Preview:...m..h...e3.....I...\0.W...\....-.[.R..\....(#....'#U.O....q..#{..v.O......s.>..+.Xx.t...FGD..k..<...N[rN..j.nJ..y{..34g.g..gg..q.....4..+...".&..2._0.iz.b..p;......|."o..k.iX.....E.:.........D...)7]..+_.A28....^.z.q.5\...R...>..zo6..S...1x.6...G[i#..=9fOh-MN.....U....S:h..8.?...ds`N~H..q.....E..Bh...,Xo......Ml....@.....Q...o.<...P...+/>...G.\.i|?..h@k.....?.|^*.......U.kQJ...RO..-..yyR.nv;.SA`v.4n.....h..6w..9.p....@.aY..~.$,.).?..'x..z..Zj.....X.O....w..u?>..L....]r .9.;v.r.D.9.@2.20.s....).wRA.}Xe.k..P....'.<...Q..n......h]..@...s..7....she.|&. ......-G.`.\g....'.$.......9dU..,{=....K....L..+p..Yq.^...D.@.M.>Z..^2.1..R.e..Y..H....G`....%#....!.^%fh2.My.I......>..x...L......8..6.w....m....].Y/..+b(tZ.F."......^.f.......|.^....;..u.|.5.%..^]..:H...............y.R>U.....xD..e....T.......;....J_y.t=.q.{U..P.n .k...I,..T..u.tZ........*{.......4.*....?.;..R#..!..Y...7.0.z.."XV.*F.B..S..8:LJ:.O.WA).BTE..?..2.GDR...8}..5cI?...7......x...

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):670
          Entropy (8bit):7.66871673831045
          Encrypted:false
          SSDEEP:
          MD5:B47E4774BB2A6D082EC75431CE356D6B
          SHA1:DD1D41CFE12FB776B8453F3275FA33D902F1F6CF
          SHA-256:4DCE3B0F041A249769D680B80BADAC0CA96F31157E8BFA7746C586F525B60900
          SHA-512:35AB1A3D8BD621513330A5AFE268967BE2B357CB5785ACA2164F1493CC2DB173828FE66120858F09D3A37F34FD17E4F98E6AE7CDC11E6B1CE5C31CD6C3023D06
          Malicious:false
          Reputation:unknown
          Preview:2023/6......DC-Q..(..*......Z.>`..-'.6...R.2~...Q.....2..J.OAX.%...7)l..#}Vy....d..,9SB....h...E.+..u..k..&.Y....S.....U...U....(...>O.x...2...`P....$.Af...z....t..}...i.5....E.K2.F.\....B.....V*ed.^s....cb-v..tr......9....Q.......F.Z.b.L.9.=...S..!?n...R....V...\(.2...S....w.::....0..<....2J.xHg..".Ht.^!,t...}..A0.8...v....i..b.mx5. .).I.P.....g..vQ...,Su'.p......es{S..(.o.O..7SaX...[.:..|......0........H...r9.-;...k....~Z...;....(b.Q...A..<.z...L.y......../......0...P..Q..Flp..O.9.v...o.b...s..8..X..^_..).....?.Bq.......j.(>p(..5M.~i.$.E/&du...`.......P.)9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):367
          Entropy (8bit):7.346581460124186
          Encrypted:false
          SSDEEP:
          MD5:90D0FA876DD13DECD50378C33223F9F0
          SHA1:8798704F7F031D767E52AF03C0C851E5BF41FD36
          SHA-256:7FBC0F3D04A36CA05319CC008BD6B3CD98A53FEF22A6563A75227A6B08C39CF4
          SHA-512:66BDA6BAEC38EF9896BC1C3459CEBAED09CB5D49D80C9739F239FA6671E708AB880647A0479B6548747C79E4F1E4BC519003108C5C01A3B8C5B21E2A37FBF46F
          Malicious:false
          Reputation:unknown
          Preview:...m..j..mx.X.9.Zz...S<.!.F....B.]..qL..O.(w..@.;.....J.8....M.;...n>.h.k...@....w..A.jc..)...^./q.e..p...(\..'.}...@.w~r..B..Z.b.}..-....k.C6....F.....D...K...A!...Q.I...].||+xX....i.uj..O[.e..2...:._...B....ozcE...)i./.,a.Y..........`[.....O&'.]D.I.'.....`.(.!~....a.....Fh9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):679
          Entropy (8bit):7.668426842967771
          Encrypted:false
          SSDEEP:
          MD5:653C4C45F5DE4B1E1CD3B9D8EEC6C4AB
          SHA1:B0DE333E097035806529A6F73CEFDC7B822C83AF
          SHA-256:D6F91FF4B8D646052983F90907C84EEC09DFC18B448C1D055F700C82275B3554
          SHA-512:8BC51AA3789E29DE42192149EAB8AB476B71A9B148439A52753EC54DD74421387FD0396D3C0B0A9CDA6AEF0EBCCCD52807B4CE2541D875563E0C12A74AFE339D
          Malicious:false
          Reputation:unknown
          Preview:2023/.aH$`..U..X.@.f..C.(.E.5..s..E....+....Y..#.!."kg@...r.....(....7.n-6/...8..\#..0....HS5.u.....(..`.pr"..t&|..U.${.>..Lj..+..:/n......Nk-......._YF..g...C.i.._...Y.~.U.cT.q.....)..?w..N..{.t.....|_..y...;..._.".i..9....A.G...........sfd:.\..bFgg\.$ac.DW.......gk.....i.[m..&.D..[..,......1...,.=I....>.......R.|.1........]..5xrW....%;..Y...8E.r.:0Cp.nl..Lb.SH;.DaM.......OG(.......&S..7%..L..ku..........j.$....5...A.....E......X...()R\,s...q=^..~._k!...^.-~..(.t....rb.K-.....s.2g1K.Y.,.O..2.L+........F~.<..k.../"...V1.>W.Z...[..<......].".[...3(..C....A.q.N..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):670
          Entropy (8bit):7.640617965981121
          Encrypted:false
          SSDEEP:
          MD5:3789DE54AC084CE39085B01A25F6ADCA
          SHA1:616A4748C9C0D9E17DA3EDDC7F71CE7A98543A8B
          SHA-256:98FC745FF15D938D65BDDBF7D32FE2AACB03806B73C5DCCA98E986273DCE6352
          SHA-512:B235BBF3AB05B35EC0A56467D972194570E878FEC8151FBFD988489171F9E8250257D3D63C224FBA5C6294022FC1BDB9FAB725C901149AF69CDC5103393120B6
          Malicious:false
          Reputation:unknown
          Preview:2023/...9........'...z.3Ie.8....*.i..`..K.......y.e....x...G[.M[..X....Be^.c........(.m3....5..j.r.b|..Ue......q....RA!m..d..He.."..rWE...am.U...^*n.gaxzl....;".L..........K.....c.]C. ....5z... R2.........MO...'.eH.....<85?...Rq96.g..u.Z^."MG.>..)&.#.&{.A&.&>..Dpq.I....@.$.s1..Z.-.9.x...o..x~.O..`F$.Gy...t..56....hQ..S..9.\....F..v+.zAK.&1;.1.&.^.#l....C.....P{Z.....dE.s2..9.rk1..?.z..}{.v,..L.^...oo.....wF./!..)k.kT.3.;62v....r..9...MJ.^..{s.I..4_c..;...h..q`.?..Ty......A...]........G!o3.E..Y.z"?.y(}X...A........^7....~.8.#.=.*HnU.N..\{....=.8TXF.h..T.@.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000003.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):380
          Entropy (8bit):7.383671556000958
          Encrypted:false
          SSDEEP:
          MD5:58262868536F99CF6DD0FF7079ECAE8B
          SHA1:C2FA21AFC641139372C933C95453F146A63EE212
          SHA-256:CAD8BA22AD9531E28B54AB763FB6FE171BDA8CC4608671125B2D96CCAC8428F5
          SHA-512:4006ABAA4EB160307F77544516A88DA20EA9D242580EA8F73584C20A8F6AFF70F617D489B98F71ED4BEE3B47E8E0DA9F6B4BFDFCB4F76195532B770BA8F61FB5
          Malicious:false
          Reputation:unknown
          Preview:...n'._I...M....).-.:P......d.4.e..,#P.......X..Z._{./.N..`.u?...2l....^...wg..o.w..I.tYy.....8W..]O:2..z...4E.....^3.5....IC..^p1.n./.f..&O.<,......B*.....&j.`1O5Y.z.$?.....V`....S](..B.N$.).~N.#\.3O'....A...W...(..Lz..tBKm.Y.eV=Z....1.dH...p{...k......UJ'.C2.$L"3hSN....&..4)r.......R9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):656
          Entropy (8bit):7.64558409749738
          Encrypted:false
          SSDEEP:
          MD5:9185023E49E60EFCF33660031F6CD1A3
          SHA1:929A49C029640949A818DA1A874156279BD2EB7C
          SHA-256:3E3C582C830C687701988071A0DEF0E730A8BE0C034505CC7D66CBA705021D2F
          SHA-512:1130F7B8E0D24C6033714E682929902E7A870967C4CB112444C68DDA6B5FA8F4052FAE0558BE21833940A1E06DBDCC90390F74CA4F1D288F8BD010723DB028E5
          Malicious:false
          Reputation:unknown
          Preview:2023/.sjT6..]1...Z.A&..+..r,.4...{..P....BM2..3.F.aBwf~...{2....u.P...*w..E&..|......XJ&E.dQ.;..5....ew.A.1V/Zj..9....%..\C......B...y.....$...XU..'z.b...:!..0.U...+.%d9...# ....e...].'.~.3^.& ......wd.#..v.#..F)u.^f.G......J.v.Tj..U...Lx.|J.9F..c=W....y$ 41..P<..r.......Dx_.._..3....q..V.).....=....hB@.(.F......"ug......d...Xc<..d..IA.}.Q.[s...3.?..D/".C.i.......|.J4.!o>.#...F ...lX9.W._..`.. EWp?.G!...N.W.mf....9.u=xV.In@n...hA.t:..H..E#.Tm=.yo~E^.C-:..R.b.....{....a.o.....l._..\..Ez.j7.......]...7K...\;.h-2<$.A"..J.Q.!.2!..*Q....>..BYh*.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1121
          Entropy (8bit):7.825817030857204
          Encrypted:false
          SSDEEP:
          MD5:0D2DD8360D57D9C41EE816023A8D08CA
          SHA1:7956C01CF95FF162F463364F7600BB8FB7C0CDAE
          SHA-256:4EEDECFFB612306802F84C884EF0AC72CDF76E47D4EDB70AF98AC5C19152A3C4
          SHA-512:A1EE10CA8D80E30A04B0A0A4629EA8C311AD908C98F4AF548F48793DE9DE13D7E4994ECD0292F9B1889BDCA8CE358B839020F4B72574F56B818FF661EA829943
          Malicious:false
          Reputation:unknown
          Preview:.h.6...........&20...._.h..Bw*\;..qc..T.4....dCZ...8......>5..L.R..$.%h..v.y.l..J.I.t-..}..N..D ..O7.\c...*.|N8..J...&...w.0....{..Y..w..v...\...N.N...v7J..Q....s.E.cS....C..Er8b7.a..O...R.#..q....LUZ...8.1O.?.L.+.....Z....y.....{Q.7_....F..y.%.).;m.:.2.P.a...E..l.]^ .......GA.D...f_.....-......H.sB..G.FAV.....0...V...<.#?....b..ZLT..o.....H..Xq..%.RD..^/..>.Z..h......../....9a..U?...\m...I.....[.r..8.......30.h... .?`.~..,..f..i.....6.o.'!..>.}.$T...!\x.......hg.....'..... ..^>..."0.+8.Y.7.q...F..8.f.ZTsD.._..o..U9gocmrdG.}lIe.=.'..W.f.P.9(>2F'..U...i......s......k..GfC..[.....n1.3).U..T.?6z.:......M,.[....#.{...G.......V.......t<.uP..z.......%..f.aXH....+...5.tJ/.^.Jt*\Z.8.eu....."9.JY....L9#..'.{.<...<6..W8.$V..@.....-.&..tk.._U...*..K.uK....^.&.%.^QE...L..0....h....>b.Tr.m.Z...^..nV.1..@.W.....y..'.y:...]Fp.0.:.....s.D.o....z..~&Y....<..{....W....o...hf...e....w.,.d\F.T....(..b)h...f^T......d.jx_.u4.L.u...Zs.-..S..vu..}..=.

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):673
          Entropy (8bit):7.65410347588667
          Encrypted:false
          SSDEEP:
          MD5:58935FDB206FC868015D77DC8B8DC681
          SHA1:D27E2B2992932C0BE9531C5BECB3D05F6BDB8918
          SHA-256:65712BC3FDDEFAECA932A7849AF511D0747DA3FF42BA673C06D7C3D8EF0D67F8
          SHA-512:CC49CBC7AC78F3A7632B3C74C0D9AAD3DA97E608C6D3A81C25AAC0F1886CB0F3D3AF4431E1565BB0CD16962DB2DD71CF14B2745A75DD23DEAC482E0284681D30
          Malicious:false
          Reputation:unknown
          Preview:2023/Jc......$......Nu..{F.j...c....>._....v..Z3.$....T....GZ.G.a.*p.\e.A....^..yL...r.?....d....2&.@Xu...V...6...eU_...m...">.C.....E^./zF....`c.A.(..Xl..g4......b.1..rY..$....&.~..tf/....@.kL...0..JM...o.+....:<.f?$...".......\..%.8..L|.b/..i=...j..NI..E....HF...|z9D.?.L..m....L0L..".'.`.....u...\...G6....nH.19...._.M..$BaC...\.t......L..4..'.....=..Kj{}....aS.....!-.?o.Z.cA~.f...Z."....X......~..A.7l...e.\.+...U.1+....7L...wwyN........=w.}({....C..Ur.. &.sv|...@..bOS...}..).d0.z.Ac..."..`..^> x......[p.m.........(....9..l.A.DQd}.4...*cZf?6....0.....D&B.D9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Mini-Wallet\mini-wallet.html

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1892
          Entropy (8bit):7.889723536532629
          Encrypted:false
          SSDEEP:
          MD5:B406D4B1F164A7576EDA1E057C08CEBB
          SHA1:B1CF15C14BED08D8B4963E1FD1169B70BB87517B
          SHA-256:297160544ACAC9E41D0BCE941EDB39E23451D801DAB97AD444B464FE36E82B33
          SHA-512:B286022BA6DA0C7CBC23658747A8004DCCD20D860A09FAC18C21B36857914CF7094B0C429FE541575D45A712B5348111710CB2AFF50D999F35C5A9CC620D6D7E
          Malicious:false
          Reputation:unknown
          Preview:<!doc...1..]..].i..IqDX......v.!.....k.....=...F...E..n.&J.s...t.B.2{...z..vw.A.w8.m.Sv..~` .{|.Q.)I...Zg,..M. .`....G[\X..'.}6e.....F....qJ.KUgU.3!...$......*...Djp.p\.P......+..F.S`...:...#Wb....2.........H9v......+..Oh.W.@......u. ..X.....p.9..[..,..........F.....O".&.elAO'..cG.'..'......Jc".FH.. ....a.:..}....r....hU.Q^m.y..5b.`.6 .bNvT.....8..).<.K..!.]..nA...Yt.*n...W.$..t.....e=...I.4....?.........7[..w.... .f.u..n...!..g....X*.W{.P...b...s...sb..:VO...g.Q.Y......d;........`6..}1.."#.^....O..0.K..O5 M.._.e..P.....[..T/.E...1..!...?.T.Q.O6u..t...XlR33.F.CyE.5....B2t..Q.......}...e.....T{Wu6....q......[....GK...x..T.G.*[.:.....$.lg:+..t.P......X...d..Uh.%..u`..C].....).La.w7....Q%......e...Wp.[.2..N t.....7.P....W.i>_.V....^.cF:%..5S.'p.K..vO]....@.....v.%_9w...B.j......:..c.6s.$.P..............A.r.!T...x.<....Z....l...j/......G..s....I.0...B..F.D..vQ.<..J.=./..yE....k...{n@q...|......T.....8I..V...k.x.5.iiA.M......)......:w..W..0. ...`...8

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Mini-Wallet\miniwallet.bundle.js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):363249
          Entropy (8bit):7.124215525347352
          Encrypted:false
          SSDEEP:
          MD5:9EAA62B0068A316BDFF0777E2395FA5F
          SHA1:796806BF3541B34A1209D166DD16578BF1251327
          SHA-256:7BBF2CA52F8AF3FE666B9B3C5B5F01BC70FA67819EF670B59078DE71129059FB
          SHA-512:709B1DA8E9638A71E111542DE672F5147683682270A0F27C0C97FD76FA2CA90290EB0CC9B3EDB904FC1005BED2C7B168F6639392AA573B6062EF528B736D6963
          Malicious:false
          Reputation:unknown
          Preview:/*! F......X`c..5..7..x./G.........~.a'q.,..:...6{...D/.t...E.....c..ja.v./.l.b....Y:.z.l.T.....5...nn...-..k...9..z.;.!.e......Tq.I..i...H(...?4....k.33.9.c..Ym.O[..7.d....X..;i_..!.....'.....S.G%....5...."N.wj..MdiE...,.tG.beU|..0v:NA..~......c.93.......+....f.%..8......bT.....).w......z1e........^.."......u..i..d.......#...I.8|.....w.=.O:.X..=...2..}.....{.w.....0....1x]w.W.....u.|...x5......z....g\....P...a.Jc...]..K..pNq..UFz.....(._/.....8..Dh...=.L...f.."..t..~:..H.......7f..;........<9I.o.Y+./.....'=..N4....A.#.*.)J.D.....4....3...@..g.79X...$z.Ca.s("Bn....C.....W\.*}Xw!I...4|_.....&g..:hI....,.n .E..d..0...9.....+..1.<.nM...tXo%.,..\#juD......y......w7...{2.V#......3N.JZ..4p..=t.A8...n.q.W.I..nvy..T..f.i.R....%.!k....5.u..D.7.Xx.]F,..@].;WzZ....%...4..OH..H..z{..E.....*.y.~.1..k...#.U.......y+.0w...0.....v...&...^...7.ob%.9..EG..b..5J.tb..P........XU...A........5....1_K.)...+rsVS...wu..@7p..~...'.m...!.^.....T...\x..=}r

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Mini-Wallet\miniwallet.bundle.js.LICENSE.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):629
          Entropy (8bit):7.639046406057434
          Encrypted:false
          SSDEEP:
          MD5:2188C432F570D1F9F1B4504F08B17687
          SHA1:4CCF07AA8AF87A6E4E784391BF8666AA01015D1D
          SHA-256:EAA022DB5FFEFC689B8DFFD2B5D5C295156E903F2998844A0E5A9CFD19FFF57A
          SHA-512:D882630FCDC5DE5C5013B8CAB18D4E415179A3B8CCBEB60673F63EBD38DA573968E97BDEFEC88F95A811355B2C4D370BA269D305ACF043CFAF2CD4F7D7BE2E25
          Malicious:false
          Reputation:unknown
          Preview:/*.ob._.Nk....>q..`J8..fT.<.`.N.s..b..^....=..6....DF{^.o..&....!..V.z.o..|F%.KE..@.%.....,0U...-.w.{.Qf..~...!LE...k.MX....\.#.. ........a..`... 8x..0.#Q......br>..%7.V.......)...^...L..:$.......u...x......gv..,...+....;u.9...T.....h..Ox..Y..8;...8.p~....&,../..X._.Y~..Ej..........H.r.....,.p....A.x...-.L}F...O|....s......@.@.DP...i`...$..;Q...h.``?.K.....W...:...0..f.:..>.%....]........oG.#.tUlW.....Pl....HI...AE..<.&6.Q.D.S.c...V.QX.)...|...&d.K..E.._.....Fg,..0....... ..F.S..+A......i.t!.Y.y...}K|......z..M&z.P.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Mini-Wallet\shimmer.js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1375
          Entropy (8bit):7.852349255570192
          Encrypted:false
          SSDEEP:
          MD5:F4B0C3527EA82C746F0125F61AEA4510
          SHA1:DB1FE5E64B5555B8C69251DC715FC123440E2066
          SHA-256:9E297B30E2A860C3F92FF5C1F07ACAD9A7359145691391643A385E9D3C62642E
          SHA-512:3725E6FD23F78C53480315C5207B3AAEDEEF4EDBCAF72BABD99C7DA34C70E5834E07FF6102EA265A70D2262FD427A20498089B393F337A88F9A63485CCB89888
          Malicious:false
          Reputation:unknown
          Preview:(()=>..T...W...Ev....}1.. XMH.5B......h...4.9....Gw...1...~E{..^j...M$..O..i...C.=y.}R.n..@..D.^$ji..Q/.LQ.].....{...Cp..e.....eH..S.p-38K.......n7..u#......9.2Y..i.D......VGE..}...._|..4..R$$_:`..~x..{@...9...BF.y.].l`R9..g.(,H.r..`....)%.0.o@.....).z.=..s.O.....h-...t.=?.g.>."i.).{+96waAuw.:..7.|X.Z._G..4....(t.+W..!..).q..Zc....h.........j.l.@...>.%.;.8ALQ.`.#.........Y....?.]]in.....@..%I8\.he.L....j..k...j.PS.|.>w,..s.....B.E...$.e.z.k.....L.$...D........+&.."...E....h..`.u..4(.Ou.3I........$.W..!.\Z.2ni......6u.g...4.y.A...:Dv'..V2H<..,.u.....B.z.>F5.....D..S..B..T....Z...@...?`.,..o.M>..V..=...\...F..d...]?.x*..H.....X5.<.8.S.n.;..9...X..0..bc......"xv....4.G..?E.........HU:.~...q.....h.b....t.Q.V....rp.Zv;7Y.o=....(.c...9t.:.!{.v....O..V.%......\..h5..k..f..y...}.|.....A.;.%.N....n,..K..K..h........Z.<U.kyw..2U.{.....!{d.T!.G._.q..o....:A.|=$F.J.yqp.n..\.<.:...R.B..{..M'Wi.Le.p......k.j..qqW(Ge.>d.._..oY.Q>}..M>=.#..{....0'k..

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification.bundle.js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):493440
          Entropy (8bit):6.994663152688368
          Encrypted:false
          SSDEEP:
          MD5:82E344F33CD6542D601994CA0015EAA9
          SHA1:2854AB0BE9FD20E7B80577FEDF9AAD31F8617AAA
          SHA-256:B6064F472BE28189019096E220AEA5FBFC3820B4157473E0EC2CBE5A181D5DAA
          SHA-512:966C082FE947367BD86A712D7313BB205DBB179AF0E284540DD6E1D9C83FF10BB0036DFB9D92E5792B34DE9C71706541F6D836AC7755F473744179EDA6EEBEDB
          Malicious:false
          Reputation:unknown
          Preview:/*! F.G.irk.....wQ...7...-.0.......-....$#.{Dq.s..(V...d.l.J!Lz.6.I..P)}4..........p..[..z...;.6.l3........_..Yp..Z..9%..>........S4g...u......^...vE...}Gd.h..........}..Q..i.V..Z....?.o.f$A......w.^F.I.|jR..C..f.zwv.t.............D..#....i.#|L.~.9e?...o...X.x.z......X.f.8?8.dA../.._.~..O.F...".m.X.....N....v.^.#'.l....1.p. Y............L......F.e.7..-....4...^..+b.......Y.WJP.0.:m..8p..QR.,.8I...l^zwBe.@....~.h....|.\7..Y......\.f..x%Yj.v.vT4....U.u.,..P.f.@X....y$0o.9?a.r.e.=.9..".D.7.....O.0..GH....=...[..P.+...~...S.j..M.k..G`.n..>..6s#1=....Su.U..n...9...2....y.5.N..r.wd.W.....\D..Gm....>..Bo..Y......!>..7.Q4...4..f.#.AX.\.".......,K.h.d...I....V...e..M....{v,f....Q`....#.SM.)Y..........R.F..cO...|.c.._.jV.D.M...v.."..._.|..#.._.sm....9.\*.)<..Dh...=\....f...H.qg.D..36-..,J}1.p?.;(.cf.Q..O.0a...s..>.{ZS..DwH,F...B{F..VC.9.]$H.~.d..a..1C^/.7:..V......K..2......\.|.H}..@..9...#.#.....A.E........?b....*..d...X.<_..W.x& ..C....{1

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification.bundle.js.LICENSE.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1651
          Entropy (8bit):7.869671949660558
          Encrypted:false
          SSDEEP:
          MD5:F3B3650BD7A5E284E260BAD6969B5CE8
          SHA1:10455CF54318F2E5E2411FE16789C1CAD344B947
          SHA-256:BB485C14F7A35D11A912570A58B8630735998F908A3FD2F2CFD63C479D597DC1
          SHA-512:693D5D18D8CB5EABEB30830180927E22F09F473A092408343A69F8296F8AF7924BDC39F33313A562A33C822A5A2038449F0808CB53993937D49639BBCEB41EDC
          Malicious:false
          Reputation:unknown
          Preview:/*.obe+.\..O...G"..._....:ih..q....8.O.c.i...... ..M......[...U.......4....6.z..1B%.U..:...T..k.......q.-..`7...{De.E...:..7:.......#..[{..}.Q..W..P.d.e.............\...k......?..i}..w.R...a%.B.)9..>...C...cC.......`7/......W....7v;f}.\.7....@P#1..ve.^..)..&.{X........`.3....~6.]...W.Se.x.6..;..c6...B.Eza....v?(......qk...N.}..hI.w.j..H8ceY?i...%.s... .....$......./w.6...^.(..;.(..a....L.-<o".8.......bU....h.E....d.]=..TJ......./.tl...V../.>.T...6.x.......Z.....u..}....)........j...!K.<.q($*i....C.v"...@'0.T.C..yH.2P......6.........b.[NK..vP...?..<.p@........|.@.....0cBL+...[...5..Y,...:..e...:....& .,B..e`...By.....<...YS...y..J..U....C..8..x...YWIo.DU.]P.9..Mr....!j'.xI'b..._p.......-.TM.....!kTQR..o.H.G:../..5h.^._-H..X.O...+..h....nZ5ml.....z-/j&.M..^.4bXevO..k.2.S..c.*..W.1QD&.........I..z.Yv$.%.ii.jUZ...u..G..#$.......w.(_..H.$.......nB.....s..^/.`.I...8...^A}%KxO..p..H..1.O%...1...~..O.u...1.N.K^.q#....g6.A.?..m..h.}.....1R_JO...G..>..

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification.html

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):5239
          Entropy (8bit):7.965066095417869
          Encrypted:false
          SSDEEP:
          MD5:FC0D5B4FCB39BF8627C606359E8D9CA1
          SHA1:A67EF2A953A56CE1EE520F132B27543D41BD70F5
          SHA-256:02A1D0AE5B1EEC743C05BCCE6B357DA0B8C3CECFC790787E19297080C9E8AF66
          SHA-512:0001102A519781EA5BEDCB13DA9F9EFC77EAA85B73298DBE27990E0C034984462B1216D3E7B5C9675626A139C9FE6F74A984CFB3552C17004CFD6C6816A389F5
          Malicious:false
          Reputation:unknown
          Preview:<!doc~..5g@.zi..;.q......u/.....:.BNf...3.D.^....v(7.z.}.Ob...1....]...aINo9.0..:.. .,.>e..<e....... ..:..E....Py+....+Ya.....{&.....u.f|<.....{.....L...E.W........l....X..TzB...(.m.A..4P.....7......_.BJ8..9'.eq..g[Bv...I..a.@....>HvF#$..P..,.x.&.>n.5..r.t...E...^i.,..T....?s|......x.c./.'...}."4....%.o.sE...qG.Sh.2.8.M.&^...1.c.d4I..=..-.6....)G.9.?P(Jy...%.....L.|$%eN...TE..h....Z..Hu."c.).TVG.....?Q..........&...C.4}:.3,Q...3..h...3?0.8KX.JUn.............'........5....|...;][..R.7..UP......nA.@..q..<..@.P:.....(.V.,.... .Y...!..5.Dq.....1LL.....xx..\..G..A. x...0`..G........O....7g...9E..7<...].o.D.E."x...x..C..m..\.....{.....u..O...s..S.0j.+z.W8..\%.CA.d....$.<a.=.z.....%.`....7.T...uJ%....$.$.C*.L.qMj.V,V...\.T..?.\.H.}E.N.&NpA......Q+U.....q..X!.kf...{..m.m..e....\;.$@...R..`...L'.Y.<......&...8.?.T.3 -.......x...iA.P.j.6...*O.A...2...u%....~(a.D.~.|.d.B.WC.Z[3.FO.|.x..n=/..H.X..#.~.+.4U.........._...;..@.;....]...*..M....;...

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification_fast.bundle.js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):330024
          Entropy (8bit):7.3394353877449054
          Encrypted:false
          SSDEEP:
          MD5:009EFBB717088936BC84B14A2D0C0949
          SHA1:663122055998606967701326B9F9F153B3F6AF49
          SHA-256:FE68F3D8AD5129EDF1A790B2B1B9E940E74E1D192A60DCE1219F6745FBA095B5
          SHA-512:FC87A01E779D51BDE042F45B45A53A2A85F33993F0DF27E6CC5910F0646131345E5F3BA2D7E1175D699367F52EDD0858C18FBF55979A96C06EA9A6B98FC96E76
          Malicious:false
          Reputation:unknown
          Preview:/*! F....::.@.2.....FK...2..*.z.8........^".O..Z.#... @.I*..Mze...t...A3.e..#.^U&..........2k&'"..[.o...t2...... ./.:#q...8:.@.4..B.........<......|gJ.gf.I.0)W...p....{Q..".HQ....J~.q. ...y.|X..._}l.p...f,vm..n.O...^^...c.1r....H^...S(....:.g.Q\..ko..x..'#...T....-6.a..2....9)T*..o.w&}E.W]\.AC1..1i..?-......1.\...V.5.._.}..^(.wo.*8l...:~.1h.\HO...n..UT60e...$).........ncM...X'/......B........;F.M....{9.Z..`O.u..JWx..a.;.....A.1~.[.....?w..T..8X).2......V...w0"k..E!L(j.xw@.(.iQ...K..:....EJ._..#..%.^..)..K..T..}k0....]5..a.r.....w......x......./...X..$..5...x.J..$}s0q..b..B....>..K..xj.I).7..7u.!...^.m..,..D...~....- l..II...qs.W...b...m...tx..%...t]..w... .[t.B+..4.|b(.z.3.....m[.Gn..UBK....Wg..1.KJ.2....DB.e....._....c(+.G.}G._E.8W.]..$?..T.....M.H.T.."...y...`....wNvut9........a...X...U.nd.6..0..=tCAW....D`~.._..>*.z..s*.......Qh.E..m..#-.*{L.T.s2q.......1.`.I:....?s...\.....?.........'.^......<*....../F......%....f.n?.....[).Rh...]......

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification_fast.bundle.js.LICENSE.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):629
          Entropy (8bit):7.642761039044542
          Encrypted:false
          SSDEEP:
          MD5:02282F4D5983552CAA57940BF3A43AF9
          SHA1:349AACD522B36E1A02AFCAC48AE0E040052ED1B1
          SHA-256:F74151146CBBCDB91C7A68A4DD9AAB90498F5740065DEC65CA0E89A02AA5DC2F
          SHA-512:329CCC15863FCE83C6EAC514D4BD89CD406237CCD24F7F1342AF24FE0563D375F4A0E70421891DF607190DD4DFC77D51FDA4B06A90B594BF117718370845C87B
          Malicious:false
          Reputation:unknown
          Preview:/*.obX'.,.bI...9......&..U.'{..T.........7.I...NS..._........ap......Ilb.z.e&.......z...y.\!f....,..a..)...ilx.01..y..2{........JE....j.. ....G...,..WL...KN..O..b...=.x.$...~]...A.O...b.J.........P....Q..0;T..R._ ..8.'C:F..|......\..59...y!....%....=...>...s].......kj3.2B...w....h...^.6.c:..c..`..b\.Q.....r...2O...H.S.O...,......Nf.F...i...E.......&..vt...K&.#Y.0q=....N..$.{..o...?.B.....A....H}&..s;...@p...M.}.6.......uuzl.r.3..I3.3T..O...ec.Q......rD.X..:.........z.&..P.8...0^/..MX%(.c.7..@#..q..DI)..8.98.X.>.....nw.w.}..j.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification\notification_fast.html

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1890
          Entropy (8bit):7.894799829708632
          Encrypted:false
          SSDEEP:
          MD5:77F523988C478D54952AF1BA150A208D
          SHA1:6817CB7FB795EB3A3D2416BCEC5C0BC59C73320C
          SHA-256:FE5B01C45421F32FD52F798D1232F4850831F538DF9BFD941754D6B82DFE1049
          SHA-512:49EDDAC2CF25598A98891F4F803F9A0016D6074D867FF0DA0656BEE30CAED58AD67067914CACF138673674F6D69B9E18B9E5B00DB74C89EBB2A964A62507A956
          Malicious:false
          Reputation:unknown
          Preview:<!docj......{......]._9.1.....s.RL....o..~...._.j.j.JN....L.-..q.E...(.c..u.B........:..~...M.rZ5?....9Sd@X.Zk..T?Gz.d.e.0C..g.I.<.2.$1'RC{.E.:........*0.]7z..c..-n~..._hV...S..`.{......<-f...I...._.G..].g .o.t....\s....p....w.[.O...Yp......Nt.....$.1..b..h...}.Q...s..OE&YR./....u...WU.....z=.......5.....Q]..t.V...aS.g..x.(y.?.7.|.......x.....C.. I..x.p>....!]vu...8_......E.......0 .8..S....\.q..k....Yan.P.!..b3..lCq..[i.....0p.....(....ld.n..5...'...t........p...8v!...f.....Q.H......P.....[VG..{..l|........^.J7d.....n...."..6F.....E...od.}.\...,.e..q.~.....^.X.\..81Z.g.....F....b....%&q.......V.w[X[..5hM..|<^.^. .P..<?.c..@*.Z%.%*.9s..\._u.rT..{..$..jrK...@...:.)..r....=./..2.....s....}*..5.t.D\.!f....m...!.m.....].`..\....l4.....q...j.t.......>.cVF..l.j.K...4Q/.&.tbjHy.F....g..S..~...C>..5.....o.d.P..*..?a......:...^..z....NK5.3^.F.C....E}..4...H.6...3+d M....yl..R,..Z1k.r.....&2Pr..<.d........<...iY......h{.|0..Y.....W...m

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Tokenized-Card\tokenized-card.bundle.js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):552583
          Entropy (8bit):6.782768652019446
          Encrypted:false
          SSDEEP:
          MD5:01023D644C06411B711DAC1532FA9974
          SHA1:F7B9356E34ABABC5AE39F453600D5B8219B08DAB
          SHA-256:E7A9650343FABCEFAAF778DE332DF11AD00C3EB4B2170264CBDEE5A8E6269EF8
          SHA-512:5BC1859335FF02BCF1A62E143FD8606BF103F178F31A7E9D7A683B25126D3F5E3F6ACDBDB7710548EC7D5E3EC7894E118EACD31B1C2478B1E5AC42B9C1938BA6
          Malicious:false
          Reputation:unknown
          Preview:/*! F.f......-+...i...k../..u..d.U....*.....=..........d..Bq.$.[z..9...4.J....^....7,....w...........[..pf.$8d...y...............-,j......c...z..us..I..;...\J>..!j....O..y.T.#BK.!..E..e6...qe9..q.k.. p....O...<iOG.:.w..`!...@..I..Xq...'...>....cN4...h.W].....O.vO.....2D...E....V..q.k~Y.Zs`j..L.gd......y..k.+...+.....{(.,..3.....:....>{.PD...."J...S...R.Cv.8.h.......%...8V/M.2.&..<.....p#....S\........7Z...p...pw...m...s.!f\...#....2q.g|...JO...l...2..[...l.V...h?}L..WJ.,..E.....sw...!.x..;.!}_.........]nO.z@...jb...Z.'f~`...*.BT....'.....#..Sr.S........u........s.Q....G.K.`....._.......~..Z.u.`..q..??*....o...G.R....Y....!...P..<.&.:.<e./..B4.......<.?>.5(9.=....8..^>...;8@....-..q%Vm3F.c_mim....ZUw......i.-.-~........n..w.:.[|<..b:..P.<.M.>Js....C.w..2-...q...I*........C&..K....-4.I+.J..(.05.....q..D..J*....|.I!@...U3..0...-...>}...S.........J<...:h..U.p..*.D.5.\K".F"..a;....B.....!b.l.M.......[.S...4x...a.xjiy....r>.....X.YI[.!N...

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1651
          Entropy (8bit):7.8855394074525975
          Encrypted:false
          SSDEEP:
          MD5:11C9022543ED2E7A2376825AC4E79321
          SHA1:7A1A2F1D92FAAFA8E0EE2915F0BAF196F625940E
          SHA-256:F3E85E02ABB05943021E8DFBF88BC38C5887F2FC7DFEB453AB597120F9A6ABB3
          SHA-512:44242A499705F0D396D26E41AF8BA307CF4AF0B3D69181DCFB469775BD39107100026A76F04ABEE758F0EFEC94FFEA5E89050C261CC46B7C1B5930195851FAD9
          Malicious:false
          Reputation:unknown
          Preview:/*.ob%P...0..'m......{.D....[.~.j..T.(...Z...-....1...u...=..G......z..[...^e...M...gI...u...".Q.6Z..VZ1.U............X..`.`.(-.l.6...N...w.Y0Wk..M.....AXcI.gN....(".........#l.`.w.5/]C.J...5.$7%/.._.e..I..D..../.e.|...c/w.*.{cF.2........t.(+tS3..x....O.)..AO.23."&..0e.<EP...X.@ y.YS.@....o...M]!i......./%~...6=A.K.......#$..E.x#..6.....T.....9nX=.c.uw..9.....O...Bdd..%...uE...K.\/I.a. ..jE/...^.6..W.."jk.J.0.b....#..Jx...3"..rm..n$.p.v...`...3k......2.]SM@h.RL.P..!Oa.!e#.....[}NYI.5.^.T..@^.b%..6t..<9.Q..EA..do.9.S...^u.?.3,..............d...%Q..../.....H...Y..P.2...5.6.v.j.uv$.>mr.x...E..l..q...y...f.K.t..dsF.).p...P..i..h.C...O...p.B.K.V...@.1..7@.u2...n.J..v^.N|1......p.X....f.u.<.%8<..q.0J...e^.".....{..l_%U.....qu!yo/........c..v.W.O.as.T..".S..2.....j..(. ..!.....8.(..:.....,N&w..\...=...~i]O.d...I.....-.D[....!.y...iq]..T.....e.'u.4..U'v.v........yu#.I..\o.(R.....m.~A.P.....n..w.c>2i.$..x...'.gT..f\A.....?....C...

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Tokenized-Card\tokenized-card.html

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1747
          Entropy (8bit):7.875162662112572
          Encrypted:false
          SSDEEP:
          MD5:86A65CC52E508A788A89E41E1098E57E
          SHA1:2AE66C29817F2BF3123CE891C4AF57958BA44CA7
          SHA-256:EA09EC06807FFD7CDF0F6A456DF088E4E24787E789BCDA0EC344E998218D844A
          SHA-512:23C2F39335947FD4F7B6F29AD8C309BA5829057CBE51F238B7A8C2E900E23BC4E9E459F3821D276AEED5E03E9FD15DED66C2961F1BFB9FBE52393E20F8F295F7
          Malicious:false
          Reputation:unknown
          Preview:<!doc...D.{N%9...-.....#..gwc:!.h.a.+w/..G.h..[n......P,.MFXiO.<...Y=...K..<..=R.0...,.....>iQl(...A...rD.....*.c.0.H,...q\%...M....Z.(AVV.oy.T.X}<.}.......<g&..X......M...=J+.H..U..T.P.. ..z..&....f..%.|...S......if.......3.p.k.B......4..x./_....8.?.-D.]N.....ew......a7.=W...5..>[+...E.9D......7.J..[.6z0..g.eW.8(.3.f.......q.b.\=T`M..qg.z......`.."...1V..U..(..e..Hw.._......gvp.. tH..^|+H.. m..($|8..|.<n.+....]....t..fXR......-.......4..."C....+.M....)... Im.9<.#/@.SC,...{../n.+K.K;.sa.3.x.)...w..>L.H<o.]I..U,i.u..-.E;.....kr{.F...y.'`.....g...q.%..E..........#S._`E....Y.Q..;.Gup}.;...N..~.F..NC#..U.W.8.,/.....W\!.}g..Mz..'vzX.E........zPQ.5@.#.1....6(.......wq...?g..oV......)..O...r.b...|L...V.,&G%H.[w$.L....W6..M.a...B....+.....=..G..S ,C..U.,7....YK......lq}.C.;.'t.,..B&e..<..z.d.~h..Y..o../..JS...-I?sq....l)v}..'..I9$........tr.......~b.I6.8U..R.*...2....._....<.]z..E7..V{.A..E....n...#.....my..T.G.v&>........U.Y|..-!...e}k|.NoG~.G

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout\app-setup.js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):371
          Entropy (8bit):7.261722758449436
          Encrypted:false
          SSDEEP:
          MD5:98B557F8609DE91F1E35B8C135890444
          SHA1:CEAF5CEA56CB5776873DF42F1CF2EBC6A726F0D2
          SHA-256:96C0B8E389804B7729070A874FE36B4D39D5E31C5B753334F5072FD1D67CA296
          SHA-512:76B75BE2FE6B49191A22718FCADC4ED4075D4ADF181B3E7C457673D3BA0E95FC6A4DFD0C3456DDD690DC9DFE554B1C31C185B63AD76B859BA9F27E47533D497F
          Malicious:false
          Reputation:unknown
          Preview:windo..>.G......!..\.N.e.G..l,Sx..ZB!.....Y.d,...4H.P...S..&.!J..|.!..L"n...o@/..IO.;I.:..x.).'..-....2..|..e.29.a.{Q{d...B..>.`Oe..*....7G..8.[.F../.f}..W...)>ZB=H...s.Q.id.(..a.o.T.....En.....;T.+...fmE.xE.._..yW..~..............B..b.J.?...-..I...a....x.V3p.Q,#.q....$....c-..=NC9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout\load-ec-i18n.bundle.js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16498
          Entropy (8bit):7.988053086102043
          Encrypted:false
          SSDEEP:
          MD5:12069B22EED6593258120D300886A96F
          SHA1:5DFB0E6F4E0988CE29AE685C07CE1336C516FB8A
          SHA-256:C590372CA59E413B9843E520D8B48D059861827A3844F48E6CFC15BA963BDCB8
          SHA-512:C0AB1BA3BD9E482307D0FF4FE76389735AC3F8BEF8A6458AD5BDF11D87515DB0E97002901BCE2736FCDD11A7A743FD7E345F36215B1130679C1C8BE3F737C683
          Malicious:false
          Reputation:unknown
          Preview:(()=>....1......i.#.3....\.wyV..'..O...a2?.3'G4.`..T........<..K.....y..".d6......P.So...f6..P.1....u..HN .~j,.....5.XBq-..#.#r.$..GM....[.dk.%G.1.z..R...js..x......Q..R.e.....7..Oi.A.B...(&c.....7..L.....~}4A.o.9..Cg..Y....g......>..._oW.cH..u.......HbK...I.....T.\c.+..q....4!?.l.......T..=..5(2."...J..j...........U.j.@..V..W<}.c@..k....O.cR.*X.}.....S4.......5.\.]?.L....9.E/s.....Z}./b.....6...Q...M8_.....f.?@....[..V@A...G.`......H$....1..i...g..5N..._D..ky.!Jx.xf...q.@...i..J.XO....#..0...I.."4..s.^r.....ho...qr...y<.#yqeGO..l.'.$..%...[.........'...b%.........70....+...7.Z.7%.T...^7y.j..g.&...4:....P.x....9.4.|&z..n5....\..Z.nB.!.W.R.l!..(r8P..F.t....v.k.Jn...I..B(..Y.....D...,D..&.f........`f.H....u.G....J.......p.c......>]W.~...ow.N.eA.aa...+'\..HV...r..do^.....Ah.U...c...?..p.YPf.X..U..D....J.=....e..]...K...a.Tw.Rn.K...a.ny:U~){.].E.I.md..z.8..C...E...9M.v...8...J.f."..2#...[.#.^S;.{..C..Kg...^.U.....j/71.x.D..hC.I.........l..T..E.

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout\wallet-drawer.bundle.js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1394997
          Entropy (8bit):6.144953061247587
          Encrypted:false
          SSDEEP:
          MD5:9888C39791340196D3A0605AE87FFC69
          SHA1:F25DD42B73BFE8B348F0511F4114213C91B29246
          SHA-256:C1B7012655348AC5E33813E59278E8537AC8D8DF222035A84932368A0DA13EB6
          SHA-512:CB046B9757189EE66DA499DB186D37B4BF5BBC0AF53C3D154D9B773D2FA6943F9D613ED4448A4AE37E1A32B03A062D96ED08305384BEDD5BD1518C4943A67DC9
          Malicious:false
          Reputation:unknown
          Preview:/*! F..(.E....*0zg{.o.9Cq.r.~b.ex.....O..3{#..p....kLN,..zf^Y....Ps.Y...1'I....)....im.z.4z.k.<..j....Q......"....M...x...s..R |.mU..3......6...p).s..."....6..D.y{6...9...~`..R{..9....]9I.......M..)..GO.....>.B..B.m..O..aj..l!S"........g.Y...M.>.P.b.X.D@._....G2.v.v.O.Y.x)..`VX.E.........~..a..d...k.r.i.._....w...K2%...d.'x_......{.hI....~PuK.d....XJ..e. ..,.[....R..h.%..mN.R.Z..z.J....L.Ab...=..v..R.=..f.k.........H..5..yqY.V.... ..=wM..b.f....K.-(..Q....f{.8.a.rQ*L..a...%........r..m...W..2x...0q{Y.9.l%Y..)...+.>.jk ...`.<..~.d.Hk.Z..FEo.\..8F2J._....|.te.....S.6..v{#.......2L...I.F.6K.n...,......>.|.tg...Z4 ..Wh2. "..(nne...{...]..]j!..{4R.E...A<........(...:Jq<!...j...}.j_...f.l...X.q"...f&..h\b.F.<..h.mV^._....[.9...C,h..?cWf..._C..r.R. .B4#......dLn.|n...z./-......(.(v.%.t8.4.H.#.7L..G.CR...y..4.q.t..>Z.".yn.Z.b.A....<.[aK...#GU.k..E.n..j.~.&A..,Tn..18.!.D..d..bZI..h....\NE.../q..Rh;......]..,.....(.......>..azz..6zB[.rNl^u...X

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout\wallet-drawer.bundle.js.LICENSE.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2128
          Entropy (8bit):7.923262082803912
          Encrypted:false
          SSDEEP:
          MD5:35D6A34006D7899C81316C29656BA74E
          SHA1:5F9C222A8610360CEF14CBCE6150EC42E295E65F
          SHA-256:7B1B866D0463D5FCFAB43D291378390DBBBDCF4F02E72C39EE91CC0B1CF919E4
          SHA-512:C11428B9E0AC3F1161AB9073B09445A24F201A33F616B8C6F68785FD7C97EAFD885D752ABF981DE8AD0B35DB14610C230129ADAC4E83957374CCA6D554CF9CE8
          Malicious:false
          Reputation:unknown
          Preview:/*.ob.....g.......l.|.X.e........+.....9nL5.E..U7...J...Sp6V`..{..i.....>6I..."+Y....#.`...I."..O\........C]1.)<...#........u/p..E|1.\.:.fXY..;..s4A.5.Z.4.P..f.w.Y....1.j..6.x.....q..N..E.X...PF...Do..r...t.W.'.}.........P4.EI.......m^...!`..j.|d]....{.;m6...C.Q..W-m.s..j.rr...].)..."Y.%F....FD ....S.`.K..f.oY..Gv..AoX..Y ?....P..._.c.-kGR..5......MV.]z.q....(.... ..="......d-.{:36..W.:...p........+2......H=O~m.E..A......)......!q.&....(0.'.A....}.P.Y9.....m.'Y.r$).$s.8iFo..(..%...<cGT1.Pehu.K$,...~?'.}|I.Hsu...S|.........l.5..!eI.i8.?....n...h...M..R2..mvm..SC...,..../-O..O..D.....U.@..;z.3v.<K$.S3.8...U.o...>..g.....V...K#.Upd....k..$.~......f"......v*..\...<e.........)B.*.y.d..<.!.`..8..~[-v.".B......<..M...|...........?....F.....e.F..Baac.TR....L.3...:....,......s......u..Jk........RD.....9R.b{..xqi..8$.x;N.].X.J...M.$...t...p.........Q..M.GM....G..9.J.N/..N......Vn..|..i..d.>..,.Og..@.*DIK.s.....4.q......EBId....?.npV/.....a......A

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout\wallet-drawer.html

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2212
          Entropy (8bit):7.9118149011965215
          Encrypted:false
          SSDEEP:
          MD5:04CF0AF27CDBE68604F9307AD481F6DA
          SHA1:F78CDD739A2AF3E157AF7186FD2D8E0863BE738A
          SHA-256:DADA4060B3E022C204FB71E2500D21EA5F66C178EEC2C3B5D98EC725BBB8AC36
          SHA-512:DA24B4BE3484E871141FF6A88FD257F8BE1C662556C89723C6A2534729D61B2406089176C52B967E9E5F12425CE1BC3EB743DE446DF579F3CE7B796982E273B6
          Malicious:false
          Reputation:unknown
          Preview:<!docU]....[..{a.O{h.29..t8..Z.....h..\.X...S..................#.'.h..).I..:...df......_.Z....,!.....`,...$j..k..Ib)..p...=..\.........Py.s....fzF..f.<.S....E../xM.....iU.NBpi$.....&..Ei....R..QB8..l.a..C.-X...CC.....0.zm..M.i*`:..N.....9v..."7.Vte.^u.I..SA.6v..a..A.....)./R..P.{..>u..Z.f2.A.W.f?.z.w..qO...../...o......C]T.L....S......U......0..6..p.I.7...,...8s.%.....;......O.m.79P$..X.l..N:.p...dk.'......*.....T7..4Q`..[.a5......&=bf.?..@[..`b?7m..ka...6.ba...{Nr...L_..4..:...;...=....e5.,..%.BL.,...|...f.6.m!......:..Yw.8...`l..IM.0@.Q..0.f..s......P....+.P.;.].~n..I6._.c..=..3....-.# t..MzbM..3. ....K....S_...+.FB..s..9.YF..Q+.1.VJ..q~.N0.3.....].+.{.v....%.=..S..... .z>.. .Z....?.z...C0V.....Hj.oN\....^W...T.j./.;.>....@..0-...1k.....m.}....l.7..R......^Z......Y-,...a...2.jd...Y..}oXt-h.....0]...jY....M.(.XyN.b...@.|..Z..-.......F.]..Z..#..M.|.R.&.v........fX..!..#....y..4.3.[..T.R....u0.7.q....}.G....O4.U}...........Dy.....2.

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\bnpl\bnpl.bundle.js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):843227
          Entropy (8bit):6.392777436085412
          Encrypted:false
          SSDEEP:
          MD5:CA9C31CBF92CA645BA4A2DA2C101B452
          SHA1:783C2550FDEEC50FCDB8D542330C57EA7FADBDCF
          SHA-256:9099E41A00280CE0ADA55636425CC4729ED6B57480C43A1CF911CEA9BBA52172
          SHA-512:A5984D4ED6C7FB4D23E5719EA98A1F87DC94160C9BA777B1C6734EEF933D0AE519FDD59CC31ABBC9C90FD7BD2C3340CDB29A036ACE32DE4A6F3F2970709C1649
          Malicious:false
          Reputation:unknown
          Preview:/*! F...1..^.Y.F..V.TW.$.j...D.....................8.0....q+&&....K..=X.S.[...f.6......8.B...../..g.r..W.).a...g.bElm..K....t... ..0....g.0..qq. ..y}.h.}..+...c.R.p...u~....R.=.......Y...H.MV..).....O#=.....t........Y....?.J(6.u.'KS..W......>.#...{......Z.bG.j0Q..7D..u4;x..-.$-gx[X.z.(........f.+....gw.~...G.?.x...^..%.......j.4..Y".r.}~....W.O.E.[=#.V..f.u.k.4...d*.Sj........9_.k>.........9p..N...?.A....RF!..]5d..."....o.(...,.V.....J..vk.n._...8D.m..=.............@..u...ak!.oeH.. <.).-,....S!C.I?...j.W....7......=...v.....).....L.,$......t"... w.9.F7..#.RMP......b+!DG...v.A..Q....K.=..&.../.A.9.F.D.."5..eNg<.DM...fM. .bu...P;......9m0...6.]cSL0..u);.=.......L....],.B_o|.f..6t...9..V...%.P. ..S2.......q.w.;.-.~..#.v,.V...#..0.....=.H....&...@g3......?...".1...C.>......O....z..L.+E.._G..../.J<U.. z.J ..K;....=.7.tp....7G.......9.......*.g.C$J.../v.q....8....-6p.....j.t.!r.h..*.......%.NH....... .J.:....=..+.@.j..A.=. ..Nr.HM..

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\bnpl\bnpl.bundle.js.LICENSE.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2088
          Entropy (8bit):7.899721127203274
          Encrypted:false
          SSDEEP:
          MD5:7DAAA1A92085EAC9F96A653E0AA71934
          SHA1:AAA3314B7E77D1F56E81C2A50BC61DA27FBB9194
          SHA-256:8E6D8DC9D330B251CF795981AAF3DE5F456CD672C482B273A07206FC78224475
          SHA-512:60F6840A1AF506BD1CF0E4B6B41E8E2809FBFC16E32DD2A11C4B7CF3C9B5A4244F7B647FDE051FD529733682F3CA750A9A382011D6CF77E58626B65740DE43B1
          Malicious:false
          Reputation:unknown
          Preview:/*.ob.9h...-..m.[.].U.1.#G.jZ.....~..&.....Lo.ch.U..7.P.y.>~{.;.4..N>H,....._X.g*.l..E.7..L..4...)...b.q9...o:...;.#G[..;~2..OR..Vj...7^...`...3..y..:..Wk..J.).N..|.u]...t..>_..R...RX.n..K.7..G...*..#..W....\.E..v.=kjF(.*.ZbL0\......*.;.+.D/...S..[z..t:...,.n..f..d.M..n...O..#.%..]..i..a.9Z...@..k.6..y.J.D.@..w...B...O.x..-<....Z..80.@...n.X....$P.TV...n.....]..d..:T....]..B.Ac7:9W..;........N..z....o......Jo.z.....H..Ij!..#s.s.@.a...@o...Y..W....--.....-.*....u...~..^....'.}!......T.". ..M...+.._.......4u..5..r..E.I..W..S?..@j.x.c..,.I.+....)...+V.>q..IF........@.A../.X4(O..;.G.A.E..7..n.z..X..a.k..*.#.`.....t......c.....l.\5$.A.`.."...>..0.8B.\J.jV,........&._.4gq..I./....FD)C.<......|P.>....9..|6......T*.U.Gv.II..CDL..8...q].4....iZDn..E.:L..B....?.......z....f....AR.9P......[k.{HB.P..X8.d..>.....w;.#...u\...|.8.~3.Xj.Z....Q.-6.*r6.(....)..Z.5....Z.."q......T .....pT...S.......i".C.+...ld.,n.W.....@..K...o...j.z.s.......g>..2..F..X.

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\bnpl\bnpl.html

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1730
          Entropy (8bit):7.911634618662884
          Encrypted:false
          SSDEEP:
          MD5:FE6381329E0F9005661300A3C7CBE5E2
          SHA1:AF6B5B4CA539612510E9CF44511210F1D30D0239
          SHA-256:7EA10C82C925055B2EA44ECAF542CB26E07F12C055FEC00A7411B20F99D0EF9A
          SHA-512:B000CA050C6BE7C5E4A5064FA8900AF7783AE6BDB255A06DAE0A0F4F1472E59711D5A8A6593598A450BF919EB6A372E62E438AD34A5D22A35798FB2AA9B2FBF3
          Malicious:false
          Reputation:unknown
          Preview:<!doc..Q.....O..v...4+....re.P.r..g.q..j.g..R......u.|W...y0J...Ik.T_.....|qJ..%.B.^u....`..O ...O.\.PH[..dU.~tFg|..I.L.....W......9.5m:'A..:.1ME.k\.0..G..MD/...^...e...e.T..;% .i..`...kU1i..~t.....4..3c..\(......gE.N.!.u.k ..j...x`W....9N.Rh ..\..........X)..16"U.0.....%....D.7^;...+... ...X.3^t'..etph&$........,.f..k.[.~.....i..O.lS....]m.W....q..>..%... ..;.ElOHL.....(z<^....Db...F%]-....T.^.NI....+........A.....jS.....J.....Fk.~......w.=...xrN.a...*....#.{I.k...B...d...~'......t~...'t.W...0a 6.s....|.Y..t.=.~..2....u.?_./.a..B.2.....:..n........jJb8G......f6..,$k...9...")8GE......1........?..|...w...a...)....r..!.:c..Z:.=.....3..w.i>3.....)%dqM^..U2ub.W.. ...t.....1.#"|...u.1....l...[O..w....r..@!5.K`.).......I...6"..*... .!....4L..H.U...H..?.y..7.p.6n.(.0/R....tX[l.=..[_..d...s...q...g.x]3.....(..+D.r..e5*H.A.....KJ.wL.,.5Tlp.o....~.......i.R.. .F;.r"\...L.....]..L..4..S.N.....S.v.V-q.e..v..<+.V?...'.c...$.x..>./'...

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2023.9.25.0\_metadata\verified_contents.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2198
          Entropy (8bit):7.913589868043277
          Encrypted:false
          SSDEEP:
          MD5:81CA06DAE592C43C57F5821088D2F8AB
          SHA1:F6D1213857F0866A1D4AB69A0405D787F2526A8F
          SHA-256:E7FC00F4382CD62AEEC19617B1A6ABBAA68C957EF35E2B81CD3F448DEB2BBE91
          SHA-512:5FC7662381E60979C5D204B7AFEDD40F02DC0F4B9C2B69175F5D29E982BD27534F37F5B2342C691FA2C31FE3B848CB99FE2C221BE4D2534F96DC081F5867AAE1
          Malicious:false
          Reputation:unknown
          Preview:[{"de.6j.....N.>._l.q....a_...eE..b........~...1..}.0..CI..Y......T..*+...-A$,>..~.@..:oM..[A.U.s:J..Wj..n_Q..*/.s;=q..n."~.....>.*nJ...Rl}u.jx....M.C....cU0d..k...IAZ....Q.?..}g.3rr...6.[.^w...s9.....-.=..1;>w'm....1.s...`[).. ..1I^'.a.60..=Q.c..%..{..0{..m..j$d.4..U.>.r...k.n1.........S,<...7."b...V\.6.....o'.>...'....,hDt.L.-.....#.!..?2Y......Ig^..../..vY.&=......R".........f..P.XIe.i......U7.D.C ..%.U.:l;`..9O..zs.e.E....>.<n...7.Zq..D....@.'5$4.8.h..(.5..ZDC.T..1...[..6.O ..-.c.y5.....t7_...0...)..m.'K.].....d.i...:7..!...+......9W.\...Nc.V......L..U;..H.5....{.Z3.}2h<.=m.P..?..[.`...+...e.>.L..+.f...%...z.Y...).'.........Vp..$[.:.(..A.V3..BG.5.i..qL..P,..J.,I.........-A.........,.f.h....pbL..?.i-g..'!.k....o..e..vZ....e~< c..7..}....*....*....6Tq...v.;...?o..f..!...L..JE.SzrDy$...)z]Z;U.`.?".}....!}.k..;HP..55.......q.......`.X&.3%.U.j...V.4...oK....?.,}VvI9"k!rW`o.<..-j`.C[X6O...b.....%.L..0"h....<..@..S<..(y;:.i=..Y..N.t...L7.

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SafetyTips\2983\_metadata\verified_contents.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2092
          Entropy (8bit):7.9121783562267165
          Encrypted:false
          SSDEEP:
          MD5:ADCEB54C9E05AFCDFECB6279A5D0E652
          SHA1:DEB52ECBD16362096F7F5C2F7A263880145F1007
          SHA-256:F8413A22D96196CFDD8EF9D1B878C13A09451F7F71296795E64849961DAFCE42
          SHA-512:2A1C7339CDC268E4779667A4A893E3ECAE1DB68858643C0C4087A4A8BAB7406B6EAA9789A148F4995DAE7FEAF9ADFA749E73F807DB4B11D64D7BF2399E946457
          Malicious:false
          Reputation:unknown
          Preview:[{"de.#"G........<~Kq..u.Z.<.X`,.`X.Y.rA.....!..IP.D@Z.4...h......d.#...(O;......U..c.J....J6.".......0....V..=..g..F....r..n.+............>H...`....P.....4.....5.^.[(.dQ.......nl...:.uA2.xf.<.>....h.....*`..[..g..J.i.`A#..d........v;.9...8..y..~tv..F.1......M..r.....=.L2$..7.z....A.BwD..f.....y.y....tXl..8.z..S.K."a3.....b..U.....K......Ya..]/...m..Hu.......g]..x^.,...........|....j.t...N...i.b............).F.EU..[...>t.....=(..V.&,......t..{.....{.g....T....\.\Lz.<.D...D....s.s..DA.O.."[-f..ff}..!0....d..i...{\..[..T.E....w.L$......A..?xD.:.....$...KP.....Tj.......H$.Gi...>.I.+*...C.6...;.[,jG|...........L.(....?..'..........y..~...~....E..!.........^a7.z....:.~..8@.z.....X.].....U...m.aH....ZJ....K~/.}I.h.J..4&.?e}.....&..l..).}]..........I.Z..p% .%....$7.....E.v.`....S...f..@;A..c...a..].(HN.....'.....Z1....+..9.F......C,....D.._d..T...O...u.W+h@0P...<....~.\..j.p..7..+..~.uK....O.2....'.7.@.AmV...=.7%..A.X.M.mG..o.b.J.o.=

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50\adblock_snippet.js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2649
          Entropy (8bit):7.926178303092078
          Encrypted:false
          SSDEEP:
          MD5:A385424275145C6951108AF11191070E
          SHA1:0407D4C153AE3D99EF7BEE8C9436A4F181ADE859
          SHA-256:A1377D5E66C4A3EE53F8189CB2628FCAF612D9AC0875889E04DB472222A219A7
          SHA-512:51672CFABFB89C153C3CA8B99B2DA50DBA335B36FC8F5EE285A832D67A86456E511188311B98715EA9DC8867C74CB0F3A8A8C9C1C6BBDEAA34985B01AE795766
          Malicious:false
          Reputation:unknown
          Preview:(()=>."..T..-.4Vj.4$Jf.ov.i.)X..d...)o..F.....qa...:Ad.`.b......!f.+..W+*..i..q...rrQ.&s...R..G...4..F.x.eI...T.$R.5...d+...-A..@*.r_.E.y.+{.oP..D.7t.B...S<ch4.;....;....1z.O..8..a.$.(.&.Z../.|..K..?P..iM%..../...a...=...A...N(s!..K~..C`..7..^v8..s].p..1......J<.{...?-.cj.9T..).k1....r....:B...w..C7..V...'.w.....Q!.....}%..fH(./.].f.....(..Ci.5..._.5..oB....^.F../t.9.B.X..'D.......4.0...7g.).....x..S.=....,..i?L.)T.......8SFe+.....@s.........f......./}y...z..$..7........{ Gx3...kri.)YK.e.VO.d.l.r-......4..Xju1...X.._k.V.<...'..C....i2.ro.a....R..(.\.....[....b...kf.h.Oc...Ql.#....j,........ .<.r'0.k.BF..<....c.. ..By...-..v,...wO,..k3R...!...m.W.U.e..RRy.^$,G>w......O....%g..c...e!!u........:0.......<......`..04..].@..S^....].1...........'.s4:....z.3....Z.(...9c..z.....N....w.v...`.CW.I.3.9.Y.D.".&..c,...{l..ER........X..@Hc..|..d=N.r.s.7Hg.;jR.b.....V...cE.....S{....j..$n..BC.....w.M.K.....7]...Dp.r..#%'...(f..F.72..........>j.u+.T.

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50\manifest.fingerprint

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):400
          Entropy (8bit):7.330466082819264
          Encrypted:false
          SSDEEP:
          MD5:0A5A36C1509AC2A293F3E410145BD2DA
          SHA1:6D10C21F7272E950D8BC4556116DF4C6CF3A05D7
          SHA-256:D06CBA1457D55591DF19EF24D67AE626E893F84188946CF454FBBE3651F55224
          SHA-512:7A06CD11A6CC3CF15B55AB43077DFA6BB23703F0C552A7FCF98A47023E501F072CE33B75E4389660703D6ABB0CD30B21E21038FDFA8C7DEE151B2300AF027C71
          Malicious:false
          Reputation:unknown
          Preview:1.2F9:.....>.sbRr.=r.....s|3....I..9.t..3..#L.o..;E....u0H_-JT.4..M..%J.....4.W.i...6....p..{.S..K...Wf..d.W.sO.&'.;W...mK..K)..`....It.o4^.Dm.<...........qS.s..{..oQ..........K.c'ftI....b..v.......".l...X.....i.6..:.J$.....\#tmbOO|.a..)..T..7..d..1$.u....t.9/.0u....)r....:.d..w`.?a.';3K/..:9...5 ..d...<k...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.50\manifest.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):450
          Entropy (8bit):7.438983020616656
          Encrypted:false
          SSDEEP:
          MD5:4EFE107F1A5A0155B3CE8293E0DFC153
          SHA1:6C313F93B332888BCDC4067B58251252907E78AF
          SHA-256:76D9FE2E38E2CD341DC9DED74F6EB4155A78FFEDF8FEA738AA24E4D0F28C3B55
          SHA-512:F1708B6AE7711FF7205B3FF6E622C3622B68105D06D2E702D7C10A9B1A8DB124242B75A888099150EAB7F16725673BA00472711EE5AC8EA119081CD4ADD140EB
          Malicious:false
          Reputation:unknown
          Preview:{. "y!=b7.....;...H...>.:*..i...X.'F.F:Im. Fm"S...3)...x..zh...&Z...{Y..25~`a.....ZA..{..L..b....>..X9.H...D.j...Q...{..Y=..4....N ..a......F|[..~T.y.&8........:..)....+.h.x../......g]ZG..rn..../C....E....3...Z.....5mi.3....u._ob?eW..:.(.f.k-.5g1.....Df..SF.....1.+..[.).h_..m..Y6......q..=..~.;'.k_~_..dx....{[w....(~.+.G..K..t....pS.G...&.F.7...q..H..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2023.9.4.1\_metadata\verified_contents.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2196
          Entropy (8bit):7.9175692214851825
          Encrypted:false
          SSDEEP:
          MD5:8ECEF0300889D33B9D1CFC894EA3BA15
          SHA1:89B6FACEA9B4ECC246E48B54B06D9CA01412EBA0
          SHA-256:6B966A49590B0412771B3D7A1BA5E254B9759B7A74606275382CD28C36C2D936
          SHA-512:04226CD314F00AE17D43EEBE7B2C5EA8E8257042FA90449169865A757E5F676872F53D2EC7B22D0405DD3C5E01AF0CEA45F2869203BE992C89ADE7EB1C03DB50
          Malicious:false
          Reputation:unknown
          Preview:[{"de.gR....9+.`^y..;.>$.X....$.T.Ts.@&......Z.+Uu.ld.3y.s8..(....(t`..H.1hDW[..%.<.Z.V..w7.D.l5q.nQ%...I.Ft..19....}2.6.2J.*M..:......Y..x.$J...6.N......=P...4m.[..w.{.....lD.....P.y#1...3..f>p...|.....m.Y-..,0..N......*.{.A.B.X/;..d...h.0Fx.K..Sz......>-.B..Q...puSg[m^P.(...pP.%Y....]|.).e.Q....SM....aD;/.O.Hh..d.iDE..f.PW..:M..o.4.x..#..:.Z.....d.;z....?..,U........._."2p..X0.B"0z.2z..(+....btt..0. z../.. W.`..j..!)g.t..#.^.\........|mZzY.Msi}......VE.B.IP..I..m%...X/.mE.W.[..\.....y...4Gq......0o.W..y........T.....jn0.3Ru......... ....OU..M.I#..Z.Xy.%..^.H$..O...f.>._L1..7V...#..F.6...I..e../z...,kq..;.zR......j.*d........,$u...........MYb..z2.B.-.'.z'..T..%.X.I..`.o..d..:,B....Dr..W.....v....g<]..5......BX....e..0.Z...M+}.R.O.i*.xRy......3....a......J<....y....56..(L.....DD......F.:!...ip`....<k&..r..G1.3.....3.|.2...V.o.36*U....p".ZV.C..m@W/.b........n...F..k....1..f..K(..1.x.........o.F.3F.&........E;......<...a.~/(<.S....t

          C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\_metadata\verified_contents.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):6034
          Entropy (8bit):7.972379849337327
          Encrypted:false
          SSDEEP:
          MD5:87344ABAA7A9DA688577069B6C35D5EF
          SHA1:CC0B8B76D61A3FB2093B090DEC1DDF950E9846D3
          SHA-256:71F23970796CEFD37A596FDD2FE93ABE6C1C7D56228933B5D1F7250FAAAE018C
          SHA-512:BFBF8493E004A1F0A2DB6F388CBFCB92F5D7183AA410BAB50FFAD3C32A3F1114290027993D21DD50167961D0D87B9D80C3BEE725AB17FA9842916783238D7087
          Malicious:false
          Reputation:unknown
          Preview:[{"de..!.o..G..j..@...R...c..s...<.;ib...I\J......B..n|.8..x..52.GJ..P[.JS..g..Xv....qq@]....M..Ru5...N.z.f......ft0L.L2.E..)_....N..>EwW.d}_....0..+.*^=....v...v..6..co...O.....O+.....C.>.I.. ..."u?V(Q..e+..j..@IU...e.D+q.^+5.....z..<..Hb).a....e..H.F:.....o...O.."....;..S..s.....%.......jX....u..o.X!..>....N.. ..<....) .t\-M`....m...2..Ig.......\.v.|.....2.s.....!:.reZ..6..-.%9|.NA.F.-..&..........h..}.7D.zK..r.P.rx8....;.B+>.g..E.....O.p..v...2.4.K.4..HZK....`+q.3.h.4.XM..y.... ...O.}.Kip....!.1..p;?N.`R\....3H~c..!..i.:.U9s%.']?.....Z...0....kv.w..u....9^ .(r.L.....~V..H...y.T..'...;/.F.#|....h.[.6..x.P..J....|..Z.k...N&~...V..+.........?.9.sA..T..{..'......&~)...Ek.`.%p4..-.U......bh~Z).dT...l.a;.;....k.!;b&...L..{P:.a...d.....[....U... .-B..F.GV.Z..7.T....KVG..2F.-............2U.Z~...H$.3...4Y........7.^c7.t..Y.H,.wC..F.I.5....%....RQ...2......._7.7..=...$.....W.`..la.....4..%hy+......@..t?2I......J|..2d.............U..!.e.i...Jb..\

          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):246314
          Entropy (8bit):6.960903984078804
          Encrypted:false
          SSDEEP:
          MD5:B428D7A92495BF776CF01445D66B59C9
          SHA1:7AD8B720E3C61326076FBDC7F69FCE57C4FA8DDB
          SHA-256:4213827C3CAD5D49360E8214AD6CDBAF7C4CE91103FCA41AF135D39DD6A63156
          SHA-512:E73055EDD0D1A7A8C8EC8D447E62028152FE5FA6DBF905C2C92A81E1E9B6764CFE011616B67B89E8D726282B0824FDC117236B007B0BB6D644D13BA4397ABE88
          Malicious:false
          Reputation:unknown
          Preview:TH02...7H......$.S!..L....g...K.......SC.[...]2,m!...0.V.......D..v..U........u.DHS4.....4.H.".l.bp..i..J$m..Z.Z"1...rr@..Z....h%..k;M)0`....uJ..|;f"3<....W......e\..c.MQ......l...b....W<1.2v.G..s........I..Ji...=T. '.....%^..?.D.w....*...xz-M.v..(I0.e.u..X.I.$....+*..4.L[f.(..K!AE....%z........N..J]....#....=.gU.@<A5.o..d...c/Z...18.Q....O.$...Y.me."....{.71.T...9...P.........>+....".f....?.<..F....,..d.T!.c.O2..cG.f.Nju.Qv.A...!.....&.".a.i....f...'=..Z~..2..0......(.2.gB.! .........Y.iM7.m%...x...~..N.Ag.?KX.|?.- ....`...g.......Wn.6k.....|El.~..).....s.;...<Z...-q*0..p..$.%/\.:....c...i......Y.\:..R.3..gAK]...y.@....7+c..h...m:^kI....L)..Q...Q`r.wr.Q$...4%):..-y'...?.87......`.}c.m.....cD.r.."..5...5=...TG...d...%i.8\J...._....|..\....])...!..kS.!...7..\..Y.1..h..?\(.....9.....k....2{..WJ8....>&.?x...Px....b...I...u.r....b..c.|...U+j.(...[B....6.."...Z.f.t..@...^..+W..-.xhp..H..q.._.....vo|4..IA.JI.G.o#..M$f..y[5..=@F..2.Z.."..-

          C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2203
          Entropy (8bit):7.910791625196383
          Encrypted:false
          SSDEEP:
          MD5:844E1ACB8F49002C92B2A4BED7A762E8
          SHA1:32A1B9EF04920A455C9C4FAF84E3CB44568BD96D
          SHA-256:AF89FA049977FE8B5E80FEBEF24E0B47C2D0AABEA1DE92B0E468560D0A2AC190
          SHA-512:F39AF647DC92474A47033969F6955315DC2F91AED826263B82C1D178BD0A615C5454DE530D05067466F23FE5DBDD52E642B3112339BC71D5F91F8A4EF3EC07AD
          Malicious:false
          Reputation:unknown
          Preview:<?xml....4.......P..8.(......eq..xR....f.a.s.]..d...Di...+6......mC..w.9..d.......`.l...t.....a....1..#.h..V./9..6.......U[....n.....`...N6.[WT.|9-%...!/.o.,.......k.......\oQ.7..)..Hi2{..tS.eQ......U.l..._.ywsE.......O...{+.tyP....x7/J....HE....].q..2bQ...WM0..6..F.Ct.{_..Y..a.{.0.3.4.>.#?......z;$.y...hZN.n.x^x...g..`..x!...D.....n..4.n5$G.!.9<sC..k....|..$.......2...P...g.<s.c.Y...r.iB&..y..XR..\4.XJ.jR.nk.&....._'\..{b({...F.HTr.9@.......H%Y.(/.x.*...].M.V.Y.. r...c..#V..).....-.De9...$I.h..W7.l..{......P.i..<L..?.../..N>.@..e..s..J9..@...dlz...8X.....n.....Qp{j.!..6..M..........{.T.8.......3M.v...!..h\E..CAH.....-z...Zg.]W..8....a.\d.Y..>.c.p.H.;.....dt.(.H.../i.+...#...N.6...1`..)..pQ...7.....==w.0..(#ZbTQO...Y......?.n...f........K*..6...P.0..tdW.O2....1.#.V.<.D........=.zS.j"E....A.....;."+...x...V.,.....6.:F.]..>.N.",....7.tR.>.1/...E..6.R...a^....../.....[E.u-...../j........b.]........}!..Z...a.:`..+.B...d\.!7kR...y...

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.chk

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.9781527168464335
          Encrypted:false
          SSDEEP:
          MD5:BE839D8DBE5FF20715DF06D8587B1A88
          SHA1:933B314B1E6624E6ED9BEAA02E4865322DC0DE36
          SHA-256:6C89EB3030201BA40991B90AD94B1CA3376C794380188A5E14A4FAF9B0A012BA
          SHA-512:C452605CAFA804B286124C84BA2227CE1B02C4294E92E4DB799C780477872C3DD82D2289DDEC7053AB6E8AB27B197B279F1A60C25565FEC0F8F867C210B2447B
          Malicious:false
          Reputation:unknown
          Preview:.#*....,.~I.d_..A.#.A...O.<..g..#a......i#:.n.I+..@.ty.S.1.....`Z..W..p.t3.Hc>2..a....v.O.B...y..l."CU..z..-.u..d....m_.&.V.PHb.O.q.p%E..f..o.....]U&..f...@.^_......r7.x...+>{.D..... ........KU..d.Ei6)1"..-..b.....6....Ax.6..<...{...~.n.-....._....c-..\.......B.....*.....K.........7...!....u`.-.#.jG$.....`W..D.8s..G.*>.X=.he....1.i.}...17..[.Vs.}2B..w:.Z....rV-.v.....\.VA...cO..|.....<..(.MQK........HACd....O?.&y."tH..;0.}S..........esRz.O7.@5c...3.p.%x..3.M.p\}U.<e...U.....!.?.(.x..e..h...o...H....!+Y.G.E...G..wm..u.....>Eg..i,.........] Z=..U..+I.`..u..f...[..K...S.I.~r..*T..&9u...j%.^4.........z..8w.~..7.[..,...g....Jd.cL...Y"q.....T...,..p.....P.zm.T.Pu9.a..2....W...*4...!i.k.H ...x|.._.W....N..v.U,..{~LsR.A;w..#X.N...6.}.3.D...W.....R.....#s.4.Z.r...p.E..k0..i..v.A.k..P.+...~fvG.0..e..X..1J....W......3.\.+..#..s..2...E._+O!.v.j{.H.....G...2~c.....z.....:QR..l@tO....=..K...s^..~....z.bARX."..i....j|p..u.....cJ....M.v6..m.e.7...}.4.3.t......

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edb.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):524622
          Entropy (8bit):4.045214667625196
          Encrypted:false
          SSDEEP:
          MD5:1E6F052032AF0F85AD144F60EF8DFDAB
          SHA1:68EA17C161201E5AF112B9E55787A649CF21D5FB
          SHA-256:0BF771DFEF0D69E6754110633DE28D13C7AF5B4632B491A8176DD5B71F929EA1
          SHA-512:5A929E37E3F0FFB057B92AD77EFD9C91B922C3165F3DC54258DE1CFD124B7DEAFF97A9751F69E40A17154C0F6394F6173A777B4CCA2EA25E10C23BECC71B46CC
          Malicious:false
          Reputation:unknown
          Preview:].....H..P..........\;...q'+..xC$.P;..j.[..$..}.PrF.. h....;b...B......2uT..$h...7..4..Q.In.......o..)Fa......}i...).....{..D...!.S..r.)6X..!y.f"..n.....y.?.O.@%.I...)E...5f%.e..7F....w.&....N..Z..LE..~..........>a....s\..9X&.F..=r..M...w.|K...o.ou..1...<.M.....!....g../.u.#....;......ys.............C".....KO..%..`..5..`....ML..!|".le?.a.p.R..6o....?.&D&......K.Z....ZX?c.s.L..m3~.:".R......+$.%:r..$!cl.....zmU........._.a..[.o7..~..y..C.!q;.ICs....bh.......}..P.oj.}!t...Q.".f...p7.b0.0..Ro.>^$*.#....vN.Y.Z...k.}{2.5g...s.0.C....r.......Q-8(..y.S"..a...}..<....q....4...o.*7....H.H4....p...7..wqt".....e+..&..ze2...Jj*.uZ.y.....&{.t..#...Tp".@..j1...U.....[..b......?&q!....Eg.=.N....5.|3+...},I_H...>...:..M.....V...,]...C......C......hH ....=T.X=.H.~J.g..y...8..`...+...uv.d.... U..........b-..!bw.!..O......:..].*......_......P....98T...>./#+Q.{.=+H.\....C*e..*H..{...F..l..z....f....o..84ES...n.wWI}..g0.!..'E ...%..^'....*1..}:4w..7. ...}

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbres00001.jrs

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):524622
          Entropy (8bit):3.2075272336042846
          Encrypted:false
          SSDEEP:
          MD5:FB147642182EDDD109E0F9DBB65E8065
          SHA1:D64F636BDCDCDFD2F43284CEC0E4D572549EFBB2
          SHA-256:229C1B96C34045005E6F13242D6267B59A9215728C2CA10B4B5F6CF0FFF0B2B4
          SHA-512:8BA7C0AC0412FE6FB0A3A6261F900D61915201D8A45950A5DD57E37BC02FA503745D837F4948D844DD84DC06B209D1686E8A8832BA1FF0E16749E3F728A67F12
          Malicious:false
          Reputation:unknown
          Preview:........1.KL:_.h>8..\.g%..<.V.wd../.8....=./..Y.T....G..Z.]..'.X.n..,\@s..!....{.........^...d..<...".+...!.0Z...?..FO..<.B......GRyt.D.+b.....}...l.H'.\.g0.k.......L.~.....~zv.|.....a.~.f.4c.k...z..'......N ..;9..............@"....w.......F....|c...+...-m..).uN...D....... L..qd...8.}.J!.W.D.K4Cx.z....o.@G...-...`1.Lpb*CP.(...a....Sv......|...|8.g(.....Q..!e-]....{.H:..;.s......T.j.......1).)...3Y.....4...C.w_...Q~ ....R.d3fX..'.@..v..m.S...[.E.3.+.....s......$..1%.`....c.Ja.......yjy.e.!..1...w..2c.R.NW.$.*..^J........9....+.o..v..]....U-.LW.].l.\|?...l&s.{.*9N.{.....!..3;...~.u..g.Dv.O....!.T.>..._H...N...l.t.....}.k%..5..loS......|,...O..+^.K7%.~6P..."..H.`..K.;.B.z.:...-.r%g..................a.q...U|.0...t..d..$....+.SP.#...m....H...D&1....=..U_"S...y.../..K=8....4...TR..j..g...V.5..y.R"..Y.f..N..3FGq6.Zuv.q../u%L.r.E.k..li)W.Er..'..;.)p.......H.j...4.2>.%E.._.f....h.......hi..)NK.VB.:.u8...M.X..M. ~.......n.......l..fn.z.

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbres00002.jrs

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):524622
          Entropy (8bit):3.20784662835255
          Encrypted:false
          SSDEEP:
          MD5:927F057005C081DFAE482E50628548EC
          SHA1:CC72FA905EC291650773C7506F8E5EFF465BD2E6
          SHA-256:F34A25DD1E3C579E19E10A165456A88003FCE7E42B0EADE336E8073412E8AF9D
          SHA-512:0E977E52FCF44EF0019FB134D8AFD1AA35B656AEDA6B40F5C336AB4024E20024CC77AA7481E7C6E35754344DC945D2F749030DE7711BF89C4C9C5EC18875439C
          Malicious:false
          Reputation:unknown
          Preview:.....c.>...]....Ff..R*.7Z......-..m...e.#afB....^d............T<....5o.sA...5. ..(3Gv.......S.....6.r+V....H...~....W...S!.k.&.%<.............I......\..w(.Q@.-.....>.c.X..l.\m...!.F!.........9.R....<0..Q6........y.v-@.e..t..H.|./r.I~M.!}Q...r.....h.-...l.M.Yl..g..(y.....i...=/.DL6..e4Ho..w.O.ND.c..S.V0 ..>Y...../..Xm..5+.;.m.w...Z.!4.......U.w.(...q..[.K....^...0...........X.EY..rM...}.../Q=...6R.....N.G..B.,...{g..eo.og...e.,0.d.0...o...R.3.9......g.nc.t.<.U(.y.3p.&..s...N)}.p.3.c.rX...._.^5..F.7:3YO.,~.V..O..VY...$x.....Y...I.v....N.*..........A..W...IM..E.....(...a.......X .B".&`W..TQD.)r)>s.5..i^u...(.!.....3..O.#.,...se.H*.D...>l...MDo.&FU.....0..j..2..-m..9.%.lo8......3W...WHQ..:%..A.7y%...5.!.O.K.=...b).A.F.h..U.....o..9. >`......G..Z.1..[LDf.R..m.&.w...T~"..:6o.U=..Q.E...(.7..hm$...WP...,....@.....0,P..A..v..6...."5.l.E:D.O.......w.Q.jw..c....."X4.1./K..6..R........I..L?..mIj.qX.0$...7.<;..h...D..L}.$.......7..:,..EX...U

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\CacheStorage\edbtmp.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):524622
          Entropy (8bit):3.207189775961159
          Encrypted:false
          SSDEEP:
          MD5:B9479AE03EAE058D3B5C3C630BE6B007
          SHA1:6F38F02ED01D88386BD2ABF4BA9A7F5EF4919CEA
          SHA-256:E8A460F197BBE872BFAD4A78A43F7C9A31317F7FD7F7BE88532C5E134E6E1818
          SHA-512:98B8373758D4143EE543304FD594EE8F02F892E0E48DD5E6C6477FAA50629BA003533AE408D9DEE8F60235F74D5DD2D3CC47E39C67189427EFDB599A530D2384
          Malicious:false
          Reputation:unknown
          Preview:......F.t.l.....M._....9..R..o.....M.l.q.^.....q.........-..n.r.f.V.1...6.j..H...%.K....^9dI/.5a..S...|..V...b3..z@...p.h..l..TF..T......l .j.;;..9g.(..t .......{.I..0.zl/....*S.....(D..H.....q[.....vR:...&./.. n.NV....+..I..<....g.e2. .m...'..UQ@.4~7.d%~~a..b.0.~.u.E.%...*k...N.Zc8...-$.4.;.....@.b..~.....k...xot.>......\.f~XF...5.^.|k~...Y..w..p.).~......Biz.]..}.j..a......W.05.......-E.I....v...m....4...._...,...H..!.bt%...~.8.....%.f..&D.-.,.v.G...."...30......jo..t....x.[.U+~...`%#....q5..,a...K.hYm8_.....?...R...e..........,....[..W.@..Ln..n..O..(}:...........>...d.Ob..#.....]e.....*.%....radl..6m..#..]AG.bd.q...c.%(..XR....y[R......tuO..d..S......!!.e.6.g.._...p....1......~....0..N.C...*....yd.Kg..)..s/....2....T=..,..A...z.?5...]._n.h...Y.5..B..v...?...7B..$^j.w......j.....JwWk.YF.T'..)^.#m./M.C)%o.$."\1.9.".....~.....:L.E.HC.~.dV..}.I....t..O......K..'^I.;.[........>...*/.<...N..c....M.E..|....~..x.^.*.$F.*.n.E..z.//|}

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3384
          Entropy (8bit):7.944416381456202
          Encrypted:false
          SSDEEP:
          MD5:BD25166EB261C5A5BAF742FB48FBEF28
          SHA1:4049B550DD42D47CA755DDD177CF472866082E1C
          SHA-256:E9DB87759A853A7C2DB0B84212602EBCE6A443829B583C5E6ACA5D5DA00BAE1E
          SHA-512:898EAA14B6C10132ED66496498EB78C2A360788EAAA00DA86ACA436B6BE7E124B046F352A828AC8413D305D10D4A2DFED0232669C57182E84D6CDB6456F2D291
          Malicious:false
          Reputation:unknown
          Preview:<?xml.d.tM.OA.?...... &.....Qv3a..%.8o...hF.j..=..s..t._t.9..r.(?.Y...F.h1......L@...!X.\q@..G(....&.n....szG..U..k`p6.q..P.5t.X3.y.Q...I...W..'~..Z....\e.r.2..j.>...F.....?.'.....>LJ.. ..^S...9.>H5../dn.+..T2.......[..m...XSH.R).|..........c(T.........s.LiK..@0.<c..fe.d+.>.r.|.............i;" !E.1....M*.\...._Ed.V.}.*0..6E.....&.!...(mg3zB....e...H."@....$.|.-a.S!.!@%d..&.Q3-^. ..%R"..H.c.6.X.W..<l.M\H.^SSR"..c.z..S...g...Tr9..J= ..K..Msj....9......`.a7Lq.f|.;L...N.}....?].a`.....C..Y.x.zN..`....^u.B.^.0......=.RE....dd.r.)Z..+.N.4..aLy ...A,.r&%....i.a.<h..%.1.../...U"qI-E1....6.........mJ.....%33L.E.....Vw7/.R...L9'.vTm....c.....`.%n.C%....\.4.:{...Q7....+....f......&^.J....4r....B......}Mq...........:.....:...`...*.S}U...O.....i.Ild.>8.(k...B....+.7.a~...A.whxo.e.....g.=.A..~...?.I.W.#.Tl..8I.~+@...Q..m.*.............A~.M(.......F.....i2'L..../^...T...2.`..G.i.....{..Cx..J~.D.8hOB.L.XO...|[R..d....i0;.E........Q..XmI8`..8.Fy3.y.R.....

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):49454
          Entropy (8bit):7.995751394572392
          Encrypted:true
          SSDEEP:
          MD5:68ABD17897A58C1B68A313BFC14EDED3
          SHA1:8EFB40E3288563CBA95D7C307DC84AF2BB9A9076
          SHA-256:0B24B542D731C63886C59291090A3D2658C93D3358834E392EB447D3D0D087D9
          SHA-512:872EBE7CA84B40B85B48B023CB07860B648C4FF60C206A06AFC0709D8FB49C635B9F5EA52BEBBCCEFBB245C81751A1D56BA3CCF2554426F20F6C9DC700918417
          Malicious:true
          Reputation:unknown
          Preview:.......@...g.a.g!.f......3-7$..j;..G.@..L..{J.ms...|_....X....V).:...d.2h.hd.!{ S..g..Sz......Z....o.Uy..q....].7mh..dt2-5PQ.#6.|.......G..Ch.6.........\.n..$bH.#.G...J,..N....-:.G..f.u..K+=.).1.7....Wj4.....*F....%b(%..Fd..T'_..sN&!.......r.....C.88x...wci.Edp..1p.:....?..^".-....k?.R/2..1.P...kb.~...B...H'.V...Qt.4.0+p.=E.-T......o.f.g..3*1....T`.1.b..K.T..d...}.2B.GEZ........2p....\....).C'.E.....p.I.n......\...s.SS.....c)j..Z...^.K:.2B..i.[t..*.Mi....m...y3eK.T.#(FK.......w...f...0l .Jh......Z..O1..=u.l..".D.=..o..RSwq.!D..BV.....YE......_L.Q.:.M.......Q.f../f...=*.M..p.:.?5..f..g..F.`..\;.......~.^.=...N....?......|Ba/..G...V...r...wc*L..........YC..<...`F6..p/........F#iRL..:*qd..V..zu...d./1Sw.u..w.T."...$M....].."./......kH..H...A!..............k.....C....5..Ba......8oKM..;.b...Y4...I.-mx.......J.o.1.hm..vY3...~......gA\..j.............o..p...H9<..e1..J.*.....p..W..pi...$q._.2..!.....*....C.......o.w3.."..d....e.z........v..,.0}!...c.o...

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\brndlog.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):6907
          Entropy (8bit):7.9759389139379
          Encrypted:false
          SSDEEP:
          MD5:FBE3AB06E3BB477037A66209DB7787AE
          SHA1:6B173A80878D397E27A4C75F6AF6B009955C453D
          SHA-256:52D2E296227352DD3D432F8DC58C0E376653C43C2768C38D97C3C5DC050BD917
          SHA-512:39367162B19C799B0E5E7CE4D52FDEE2F461072E564F5B0D9A8EBDF32D0F7EF85F2BCC0432B0D58ECBD3311158021B5C18A05FE34CF65B2385D698CD36EE8EE8
          Malicious:false
          Reputation:unknown
          Preview:10/06...#7..j.#}.x..q..s...0x.%....8...dF.{`B.hL..o...g...z.h....1........D..Il...[!l...6....Km..0.k..|=....../4....].O.(>.9.<l..%.%....Tn.Z.3....L.{`2h..6..f...0..B.r..<.....q._$....`...R.c...).HK...!..V.E.4..K..<....v.1%c..|.I.#...O.c..........Fe...F ........zf|.Y...R....q...HB"3:.........|...}@U..hD.....:.7......o.*...cm.7n..:~l...L...{..QH.Xw5.4.<.3.._a.7e...^F..jbn.+. ..&O..!:;....V"W..#>LSXj.0WvO..c.f.....N.....][......1K.FU.-..{..F.;MY..G4|.iG...9.=/R....G.K_......F....L>}(....N.M..j#=.RU.(WL^.[.9.f...`k:..J..............5q..a.......#..G(.}...4.......C........E.R..ho...0... iI8...wR)..Ip9.D.4..g....1..wH....o%..R.....w.i{ZY.+..}....F{_....l,.....7.k.P....H...{.L`W....bt..G.....A.o..Jni[.y8O...._..I..L.fA..olz..C..U..4sW............@8?.I....>l..k}..7Nx.uH'Ey.@.1.G&g.v....}.....#...B.7..........%.....+..`..%yEF..._..9'o...3......c..~^n.a.Rq.u+...x&..]M.O...".U.......n...E.X.k.. G.....qf....})*...Qu..'..+.fG.:9..>.1.C.r0j..`..W

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Unicode text, UTF-16, little-endian text, with very long lines (461), with no line terminators
          Category:dropped
          Size (bytes):924
          Entropy (8bit):7.769680877936721
          Encrypted:false
          SSDEEP:
          MD5:2DA7B512B4EA42E36083D9774AE0DB8C
          SHA1:C105A305EB64D4EEBDBAFAE6BD7BC355BB64AE79
          SHA-256:8B538A8D3C5030AED2DE2D82CF234E5E911334A42EB901F38C7FA1E9D66D5DE9
          SHA-512:1DC47250CE11CCBE465AD1886730EF346AF976002E8639358A645D9ED72D0C76D2A477DEE9ABB79B08C93F832F9EF8CE0F195483004D1704DB265EC817C90908
          Malicious:false
          Reputation:unknown
          Preview:..1.0'.(;%..>p.m..c.U..-g...4p..n,Qr.em...H.~...E...p#...D.:I..`!t.......].).T.u...[.n>.s....mY..B"..+...7._.O.A.X.q.... `...]*.....b.......A...[.K..>"<....v...u...&..\$.?KQ.c...L2s.\..T.z...........qxK....:/!o..P.._....B.A........../..PZH.Y.t53%..s..a|eR.VC.JSn>0j."..-c..eOg..F.A"z..~i...e...gL..m=.4...)..r......SN.c....i..J..S..7.l....R..i....4Op......&[...Y@q^.../.o.h.........]..bD.$..L.+..e.=sp..I$..4..}.C..0.DS.b^....$6.t.z.C....[.h'.d_.}.x.AhI..uL.~.I....U)....8......M.Bs.r.0.....G...g...6JG..@R.}.{B...o.8H..^..!...7H...q....J.-G2.L.V.....S6..C{...0.GD..K+.....q..4.0%..QgD.|.Jh.u>..d.0n....E.\Z>...5.W..4=.wLPY/|..J.*.t.i.>E.a....].C.".. +...8+kU.x...t....t.xL..:.&.X=...(.B..?4.3..c)..goiY.b.fq1.D..5~_0..b......H.....X.@.dE.v..1H..-....,.t.j......[.'.XH..L..0s...e>)J...)V.w^Z0..A/c._@.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Internet Explorer\ie4uinit-UserConfig.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Unicode text, UTF-16, little-endian text, with very long lines (870), with no line terminators
          Category:dropped
          Size (bytes):1742
          Entropy (8bit):7.887077781439469
          Encrypted:false
          SSDEEP:
          MD5:90F719DDC72D9F4A212E9DE199F98B5C
          SHA1:4C6888D1F84BDE466EA6D290FB0BA5C9A4682EB3
          SHA-256:9540410D6E122B95EBE680B699BE4966FA10DE630779290A23EF89FCC5A577BC
          SHA-512:1019A38F1CB3FE3F34DB00BA16AA2B2561F3D76D6023B6EC2E528D5B2B0DFE3661F240D624FDBE2B9FEBB60533E0411B6F1E838B425118F6CFC1735DEE13DE50
          Malicious:false
          Reputation:unknown
          Preview:..1.0.(...'.h].I3...<.. .:......4.$..~<..&M%. ..p...8.o...q..%~Z....%....RJ...6..M....U....N.bX.$...........4-.A vB.%...7.A.e.:cNe.......V.....g.......tv...ip/.... ..N...5.t6.?.... .../A^.c......>.X.......7..p.. ....*I..e..i....l...dh....F...G.4...w..l+.<..g.<....f....>0..~.`;J......yA....../..,.....j<Hk....3..w......[..:}G...$. .q.....U..7..{H....!..r..i...;.7...%..@..f,b".$..n=23`KAg..a.K..V...9f?.(.U..G.z....,42....n/x..........j..(mq.....tt......1.T.7..9?...6.MC_.\.6Q^B......G.....T'..P.X.+....M..CO..>..w. .N.Z>.u.J..1...A..y{..@...'...B...P.w....p.sr......4...$6|l/..EKZ.......+..*.I#.8.Oa.C#.....0...0b........9.v..8.Jz4..D&....-jU..em*.`Lq.u...w%g?....\..`I..`..U.b<..l}.W......)Nn.vF.....cp...>..G.....Q.%.X.8.KW...n...;.m..[l.x.1>..P~......WZh..:...$.......,0P...aHT....%..K..N...Z.h.owv.?..E......R.......nd\.'...*:g..N..$......^>@{........Y.9..B....C..:.7.ujK.....).....e..6..k.q.Z.*<u!j.]...l.o4Y....g.. oG..S..hV....Q.$....3..._.&.J/

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1062891
          Entropy (8bit):5.529221940562699
          Encrypted:false
          SSDEEP:
          MD5:9445353F6B91D188D0DD086227D4B18C
          SHA1:E34FC3C613D7E6FF463B0E51EF38F54B51AFC5C3
          SHA-256:07DCEE3328B26BB9A3F3D681A2704414402811D947F841B320FBB3A039B6DF3F
          SHA-512:C7AF556E86B4EEF83BFCB52018EA1E6E1307E8277160AECFD61AE7EEC8A1319EB9FCC206C0C26BF768AB5D9EED4A20F13DD87994FC69D410517AD8AF59534238
          Malicious:false
          Reputation:unknown
          Preview:<Rule##.C.(w.=....I....?i..Pm8.#..r...#v&........p#V.......|R..=(}@........I....Q.#..o.g=0.6]..Z......|fsbEi@........i..S.;..#..w.-..G[..o....[..\o.W"q...(..c`'4.EZ....I2......)..L.#."7....%.F..~..?........eM<.C.4._.N....m.E..2o..(...d..d@..xB.7..xr.....cQ.o...... ...).5..a....b7...).;..G.I. ..........N.U[|.k.h+'Q..-...p....f%7ZU...} [.V.r.$_...Sn..W.^......!...[..Pw..[.9.o. ..(.g....4....l.gzb..0-..Lhp.rFE-...s..=A..W.....t.Xz~w.:......._9..<...wh..D.~..n.....H.d.3.5=....&.bHh*.8:.{f..G.'...[p..Z...W6:..S?DW.9......Ol(..M%*..I.L..-...0.MK.Q1.<.~..].@3....e..vKJ#D...H.. .W....Y.,.....e5.....]..u..Q2...w..X.. P.....p@,.x.&....uM.r._../.I.,.566.Y...&@n....n.4.m|q..-9..M.D..XT..zl..g2...t.3....b..o.#.cw~h..6!e....o.]7...hy.;.\1....=.s;.i...h3W..I.*[.....n..g.[de8...W....g....2."@oDq.V......!7Aij.b...=.DXS6,....$.Vc.,........e`..0.H.._........zt....:.$A.2..Q+N....F......j..B.l......L..$.*.P`.A:...,.s....0..-.............T<.[..9.u.u..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120100v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1333
          Entropy (8bit):7.83153337525118
          Encrypted:false
          SSDEEP:
          MD5:D87C1057C84A2CDA92DA79A515E7F5CB
          SHA1:1B93CA1F0A2F0BB2CE9C5C6844D003C37E57A5AD
          SHA-256:D30B6EB7197DF7ADF19EE0648CBFA1C9E0968BEFA7A7F7021B8CB80512D269E1
          SHA-512:3CF5138B4213F018094CD75225845CF8A3116884EB6479605E63008DC02F27A7148B2BEA00DE27BFC3851B5EA349F341B6D314C0D894C3F9E49199CBA23878F2
          Malicious:false
          Reputation:unknown
          Preview:<?xmlo..q ...N..q.}.s.P*......,7N.Y..B<c.V6...-x.@N...f.Mr...3bN]...i..y.8V#...M....=.EM.=.Fn..?k.T.6.4...^..|.W.%.M..e..F#.(..P=2.....U..n.X...e^.=~........FO.8..^.-....@.Q._-....&^.|1x....y..@..p{q{*.pI..i}F......&.(...w......1F....)...O%."/e.......i..m.L....lQ........?..".S88.............W.s.}1..=....y.F..Y..q...$"U`..Qc...E.3........6.......W?..j&.........*.E...J..'...-2.....&"....._T.[....Ph..c........*k....o....? !%4_`.....gki.. %...p..+..7._2....%-.G.9..=.@G_.uB.......WZ.'.R.B4.x`lX?.4.zl..F..m...D.sFS..5..K.L.p...e.....{.U.4HMvv...'\.A"T..M..J.L.'..(,..U....."...B.....#.&.(L`....+.....7k.e.rv(.....e,..%.......m..5zY+2.E..f._p.]-.w..1Y...YBI...b(\<.G2..z6.-,....].;......D.=..y1..H.R.........\.-"pG.KNk.u|.q....l..VB.Q{L..`.....b........BQ.....R](........H,..q#`...'.X.AY.U4.4p..X......n.W;&...lcF.X....C3.6....H^ ...]t"....$..r........6... .}mG.C.....K.5...YJ.4G.z...b.FDI..m....fU.y.>.u...8.y0.^....X..o....A...S.....)<[...V..N.Q

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120107v6.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2514
          Entropy (8bit):7.922762527463112
          Encrypted:false
          SSDEEP:
          MD5:0857E6E931013638698E120A32609E2B
          SHA1:CEF84DBCE3A5A5E64FAD7A3D03383088EAA813C0
          SHA-256:52192422BC4FEB1C18546153F1FF2D4C020154B97F1B752C49AAB3604C574605
          SHA-512:AD33BA08A9A7A74ED7D404133EEC9CDD44F34BD4B99626C9292DA29A8F5995829942181FEAD9A2713190ECA8D6B09D42D87C13CF4437FCCAAD62EA3F0E9593A2
          Malicious:false
          Reputation:unknown
          Preview:<?xml.ANy..s.$.Q....+-.`gVw.*.D5k..l...^..3..`.e.AO_,P..a.10.+..x..=.."..x.,x...gJ#.). 5....!o.V..%Z.....7..>..n.LAj.F,D..H....3.....;..!.".c...S..).....<.x...v..g.....|....<.H.<....!..{....j...Ki4.Te..+2^ZOsUm.v.....q....j>....y.i.........f3.a.|..A...iy..H....A.^...[.)6?.v............w...Y.E.dm...Jc.T....`...F.\..R.W?r..4.....f.lf"..N..8...Df....s........>.......v..'.......%..A..A...2.%r^\....1.".F=.6sz.v....k....y.b.....U.%;..2.y......j....B.;J.....hE.R...}6.e&`}..Kc..jN.~..*...r\o...R..D.i.L...Iq :).z.7........Z9.(..7\1.T.sO@q..Z|.v...0.].Wk.y.v. H..o..~.~....0..Z........Q.3..W.l..z+V..VN.l....q6...."].(..X$xn.....OF9.;.>.... @....j..6(.I.....M^.<...).J....P.:..b=.c,]}{s......0.p......:..lv.h+.5.`..\.C.{u.....f....d.c.J.!..QBu........@.'......R....u}..t.."\ix.L...m.....k.r\... .!Bp.....L.O0..0h......`rG..o.._.a.. ...(`y.ENl%[...'......G.U.nO.<.)'..oWF.....M...T[.9.`[.L;.....v......{9L2m..uU".U....@.....g.l......,....D%.|~.d.p.h.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120110v4.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1346
          Entropy (8bit):7.8516401027528175
          Encrypted:false
          SSDEEP:
          MD5:E5425CC8D91A0DE49AFED0A05910201D
          SHA1:C90FE2B58FB357B011E3DA032AFB4E3712CEB443
          SHA-256:63255D4B39B7314CBA99EEBBC60A4645CB8F79A596494F8CB057E45B2F1420CA
          SHA-512:1542E6B82D2A550F984542C4B7A9C189AF5B2419781991D53305B9440ABA2ECCD516997A812A2932FBF126D20728FBA439B2504A89F83F9410D80D2FA04215FA
          Malicious:false
          Reputation:unknown
          Preview:<?xmlmg.Wq....Oa...&..:.....4.....f.D...,.M..G.g.PuA.A.Y..].^P.I -.......}..5S..E{.E..n...>.V.....L.v..B^1A...G.$....]....P0a......2.f.d..N..#.Qkx........R:....1O&..T.9......a.m.V1.....$%..u.;v..K..@.H....Z...k.'.|....r~V.5=aQH.S.`..+.a&.[Bd'.1.....t.Ju.fp........"......$...........HZ[...p..8..~./...k&.....j...*..:..-..Q,.Sa...m..l...1.U..~.....c....'........O....88.p.d....ciY@.qN>{....&...K.F...rt.y5<..(...Tb."y..8....W...g....w....f3..5q.m'....;GTJR*/u.:.a/..P.[....G..8yA.8..a.,)T.L_pM../...0#.....0.....HBxz.X.#Y@.T...'P(.A...{.m.QR0.a^.U. ...z?.b..j.8S...d.3t..0.!.....<.2...h.2....*k=.......8......;?#.R.v.....%..pA....6.i..LYc...[...\.D.)....I-...0....t........n0T.k.V1.=,w.....>....,....a. .`v...Tjd.L..%T...0..!...48.)...;t.. .......N..a...]Z....W..X..o.x~..zn.......p9=...&..."%.2}^D....I>(...h..9.%`.K.....%...#.....$6...Y..\;.....HQ....CM....h..P.0_...q.._..'.!...BrJ......9....lD}..OL!iq\..X.......,......z)....8rO?\.s".W.i&

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120112v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1041
          Entropy (8bit):7.787003325940379
          Encrypted:false
          SSDEEP:
          MD5:05D367EFABA9A17E1C4C8ABA51BCDDB5
          SHA1:0E29E5DAFD7909A6126698CF490C0D019AB4E65B
          SHA-256:122DB1EAABD49C6B38115153D21C4EC4ECD45AF2A264110C1EAE19D33049880A
          SHA-512:63924EC9817E3FDF76CF4728FF2B7366ED4D1D0C8EF3EE16E61FBF04781C9FA670064D5FEFD535421F8DF144C3D2378E4406D42F8BFF69B7FB04E8C1E8E53C2D
          Malicious:false
          Reputation:unknown
          Preview:<?xml)...7.].-.`.w.~..#.$.!aG.Y..c`....l...R.U..yK...J.5...t.,Q..u.oh..s.<......D<..i.|......v#p..6.pOK.....Q.ck.A..3..8N\8.p..L.......$..S.?HR...?H..V..rq.'...S}.......>;......m...P.i...k.....W.0~NF=.";.K.yo.,a.......O.._R$..h.S..4.....Q.?.m......b.A.....}.4e....U.;.7......Q....3....M.d.y....c55Zz@.u..a...Ub".B.U..x^....S....@...7....`..8i.+..!.{[3ZW.........s6K.VJ6^Dp<.5+.......~.....|.l..T.K..M.S..`W......D.Oj..Z4......N._,.H..~tV6..KC....#.>...T..$.2.{j.t..l.#)F./..0F.T.sDR...mM...-.......e..U.....f.._..NoK.W&.........:.......6.>#SQ.?..4..f....R...r:.M.2...s.*(.%.~I......3_...h..M......`.D.U..?L..IJ..,.......G&2..9{'.Y..Wm\q..q".yq....X.....K.G5......|..}e.m.B..uA.k"......3....... ).H.<..H..x..|B.<..Tj\.s..G..s.....)n. .g....q[.$...oo.......x$..y.9..j/..G&....K.m.^....J..X........P4J...g..O..,6....=..<.?Y.........A.....D..^dl...^@..O...hj`..d....G.....2.y..78%...^4`.mr.]..<...Zs....L.U?.)..#4..>.N.{.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvd

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120119v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1664
          Entropy (8bit):7.874776317950963
          Encrypted:false
          SSDEEP:
          MD5:66DA29F664C515AD5477A96CAFF149B5
          SHA1:5FFC49B146430A97A87C45ED22F6580E99FE3046
          SHA-256:F2CC2F5B6DC35657D46526FC263CD294140BFAA783C15AFBA3D94816E5A30E5C
          SHA-512:83A5D69C787AA802715E359CFF129853BAB32A591EE08C529C14520E536DA72D76F8F37C82873487F1AE88D86B3029CE6A1F4AB3A85E7D0E2EC2ACB1F8E12FB2
          Malicious:false
          Reputation:unknown
          Preview:<?xml.qY.....).xM.L..H.f^.HU.7..;.r..y.}d..A..F.uR.d...OF`.l.....0....-B.{...,.1..G.6.s...b|...f._...N..E=^..,...x....:...8T...d....=$.....dX..O....X.....}...Q4d..=...:..*........r.n. u.7....z.X.+..F^zT{..s.V@^..lm.............%$.&p.6..".|...k...2..)u.tj.....#...Vx..|.....Dk...ep..%N.~.M.d....Z.o.{...~...a.g..nxk.)za!..H_..e....._....^O.}8.=-..N....v#.F.......?....u..`.Ouh..GD.+/A+B)..3..D..X.r..io..O.V."Z3.x..S<...R.a3.`..C..n..'..u.J..U..S5.L.......0,{.;S.....~0..l2.K...4....g.C6.N.}...!Ft.O....]......~...7..0E.>....T.......s.../..N....F...n.A...Q..02j /.K....Ory.......tr!.....\B9R...6......L.....H.]f...Or...X....9..;.......>*..q......W..cRPk...Ew1.p.I..l.l(G....i...-..=o.iZ[......,.=ix...}.....K....?.P..fd...TK<.........yO}'@>.M?KS......_^..dV.q..MJ....T#~.g..=`..>...e.....b.w..>b2..np.:...@j.`>..fG@.!...P|7.C.hv.Y..............;..=..v.F.am~...!Z.2.p.....9LY|...K....0.I.G...2/sa.....3@..i..]..a.Q.\.Eq.....6M......vfC....zK.tk.\v'G[!..p...a|C,.K..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120120v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1195
          Entropy (8bit):7.824989422457787
          Encrypted:false
          SSDEEP:
          MD5:3873ED92B88356CE02F1A96BF823AA4F
          SHA1:466D82047F98AB8FA1C97CD0EBCFE95ABF93E0C9
          SHA-256:3A0454273F83B4643F98871F076CCAAADF2CADE31039262163C0207EC3AA2A9A
          SHA-512:AAA61A471189D6432D7CFC23AE8C0D21F287151D140633DCD96A6872B51B25A0B8C38C9A6440B38771316C9C195986AC5EB5D96192F28349BAEF5175666CC2FE
          Malicious:false
          Reputation:unknown
          Preview:<?xml....S.E.PD.IQ=.'x...]..f...g)....sxYv.<..\..c...a...|.p..X.D2...+G.U.z..u...j[f..h.e.#C...I..qk|).N...n.t...w... .<E..+.%g.{w..#.....I.kH{P.:V=..N..I..(3...^....<.........6.M.v.".5.v.7w...|.....Q......C#.....3.E.M.G2ST...)B13..`S....-...9..w+..0'....I...\....j!......r.8)6.'.......R..../r..K,v...Q..c....*.~.k. ..%O...W.Mte.$...[Q...._J8.%O@.R.+I]........P....b......z...KY..{....,....7U(3T...-e._./.GPA2*...@..z.......M"..*..|..E.e.U".ti.......>..Tf........=bmRD......G,p.Ti0CD...(.W.....iA.."y .-...A.M+}k......Z.*..H.....C.+.|.]...........-..r..?c5..G1...a...N..{.7...F.....8 ._.I.|.0c._O...z.$.P.-............4.......R..LEz!......;.d...U..>..=RR]Q.+.......]..#.xP@..,i. ..+..v.r."o.d.d.o...+.F....+^k.......S..|...Pr=...KIIP.k&=..$..............1.)d..1uv.#.OG..T...SF.?2.oD%b.q..~.....D"QB>_.."r.v&....2.."....n..t..U+/S.d....../.............:...`.1e=.. ..M&.YY&.*K/.0....;...!...q..b......&....j.A.,L..3..:`..y.B.a.O.<&zf..{.,i..z.@.{v

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120125v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1269
          Entropy (8bit):7.821225173840117
          Encrypted:false
          SSDEEP:
          MD5:0E8298AF86906EFE27F6A388D1CE2ECC
          SHA1:8090BDEF60B49C169BA6D5AC8D1975990043203B
          SHA-256:998906BCAA45E6A1697D8555AC247BE3CA51F6F2F1C6AA20704F207C8AF43C03
          SHA-512:1AC8176CFE5717B59479A76B58AC71815B55649392153626BDFDC0261FEADCCA9FDBACC0A32C7D82F083D8C525B60D675910A4931EA0381E989ECD354E3E6587
          Malicious:false
          Reputation:unknown
          Preview:<?xml.(jD.U.z/..C......{....so%.)~.8.i........U.K...'r...O.T..1.......v[..!A....dJ.w.....G|7.Z.t.Q..1.i.r=..ZP. .;..#....l...K..j;..%.:.$.%..G,.....F.:f.${.F.R...;...&..d.z....:....C9..u.-..U..?nc.!..t..[....0.J..o.+...f.<!..>.......D.X..m..=.....kD....h.......<S.R.?..*Q....`.......i....-.uG....,.i...~.X.~..b.P..=.....u..P..-...-.._L*y......J.w...:.J.......1..a_I7....yv.Q[..m..u?.3..f.F......1......~.GV.!M..JNk....G..]F.L.@n...|..d.w......s/.%....v..J`.....Fu...7...{%J..xo....W...D.6j....Y...R.p...?tY.Y%.w.,M .I....W..FN..1..c...{....u.....% .'..2._.iG..<.A.,.{..F.(..0X........T.FC..:n..........~%.2..........!...!qN:..b..R.L.d....v.xi.Q..,.B...i.Rmz%.aW7.>.L..HKA.>.2. y..H.F.......8.O...i%...;....7.G">...}I... (.S.>.m.|fy.....BK...{.....oK.k..G[../jBG[..w.b.....GeH-...8.8.=.Y..s.%..q....CA.R..7.....w.\.n....U:.g0.Z.U.!...X.+..<..Y..[U.F<;.....0.....c.=....G.h.a2..A.<...?.Q....>IA$OPx.M.......tm.bd.Ey..F.f.w....w.Z.xZt`O6...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120126v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1994
          Entropy (8bit):7.905175298174711
          Encrypted:false
          SSDEEP:
          MD5:5540EA5DEE3453808A8772BFF322A273
          SHA1:0A6D73CF11315A74E2C168BED363FBF1832185E1
          SHA-256:5415A35DC5D26416483685C12527FD607652D390A5A84BA00FF87E852B972019
          SHA-512:279C56B8284A0B58B5FBCD35EFDCC2B61183C5ACA42B9866939012E810A9B3346A96BABC775E3A757C77FFBC91044FBC794AFC7F0DBB5559D8179012E992E873
          Malicious:false
          Reputation:unknown
          Preview:<?xml..1'.k.^.AQs>......X.1.j...P..~.$t...tl..[I.W.......~.pn../.7.L......xc.5,.{....c..\......Y...a"..?=.y.. Q.......}.`.. X....P..bA.V~........O.8m..s.u....'*..EN....W3.+/..2..W.FS.)=..H....#.....<LR..<.;.U..Y4.a.NH..3R4[.S...T....qo...l..8>...8x~I_(.B.........E.a....7HgX.W.L?.%Kb.j...w..+W...'rB.J.j.t...........\k.fO..;..>....=K%..+...]|$..w=..u]...&.@.K.........`.Oq........ON..m......^... ..._...Z37.~,...&....../qQ....9b.N.&...g.Zt5E....+.(o.>. .~.....9v.H...e.&......P..9]...xzno...d.x}.....5.<.{.0..'X.^..).Kc....6w...Y....Q-..6.X...s..H.f..r.%.....{|x...[.s....)].48....F.".............~........g.%.1W#v+`~.!P..i)..2.m...G..,K.._C.k.dI]'.*%D..?...j.F\.ti0..2..-V......"&.;e....Y.:.Ln..z.0...|.1Jh..FX.[.@*g..w%{.!R...E..Z..E*....n....6Li.\....TW)...N...N.HZ..nk."../^.3.d[PGjn.?....s..}......7(........K.>....d.k...r....kD.l.T.....N..F.tNg..!...P.p.I..mfA!r..O[.....+...w..h.s..5.h.".:...[{...[....._F.......y....H.{.nI(....rC..w.8Q...}p+BK.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120126v8.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1506
          Entropy (8bit):7.875419415803388
          Encrypted:false
          SSDEEP:
          MD5:B49F741D4745AA627AC3A318445B1296
          SHA1:1F4D290432CDEDF58DD0F7F0813BCAFE544C648E
          SHA-256:EFB334A21224E0888502437507E2464DAC07640A5FBE417F932C2D18AFE78FF9
          SHA-512:0D746309577125251511B98285EED526B92E86D5F8083CAAAE9FD78D70ED4DE8218870F796FA3F1BBB7D2582D4996863D25633D652A18B5BFCDEDB50ACB8175B
          Malicious:false
          Reputation:unknown
          Preview:<?xml..c..P);..x.8.}....B...a...:..bfk.. ..X.np....{...V...v.l.A........i.|..4.SY......L..5tS...x.^(?.ES.,...+!.g.p...@.......ua.QEY.u.z...rH)...N....4.. ......!*j....G8....tb.*1..*.q......%..#......2*.....z......=.<.V.@.....)O...i.t^e.1....:..}.i.[.....U.Z'.F5.@..yqm....wN.c..G.XjZD'...q.R....w..?....*...4..-.a...%...Xo9.j..w>.F..7......F..;..Y.r.y.#[Zk,y.2..~.L.(...S...'...S...F.....j(..//.!.D.V.+d........Bb..............3...N........X..3.O\X...uK(.j.._=..t....-.G$.e...<.[.t.(.x.w..f.9....V......R@.M.muI....;...Q q..2..B.r=..m.zx...<.Y...K.OZ.].^.....6C.....N.1..3.....E.UX..F....8..i....E.[7s..5C..*p.Z#..F..!'.:.F..Vi..11.%....J...%...OU%..;...H.....].hA%....).!z..D........9..S{.0;6..m>3.#.n..'."...s.......F..bU.R......h(.V.;.q/..lM}L.C.IZ.$........1..N<...{...}.n..C.........F...6.D......|..AK\^.?.j.4>....{}..I.Q&..T..h.. O.?D&k......2.@../...J!...b.....f.w...8.7.......B...............L,.d.M.)o...$..Y2.J9=...e.L...#..ap1W.T.p..fi.....0...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120127v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1511
          Entropy (8bit):7.887418426727647
          Encrypted:false
          SSDEEP:
          MD5:15E509C2F6D4C781FEE5903C34AF9AFA
          SHA1:F0D48BD1A3F24AA435306DE27260DB78076E9680
          SHA-256:30AF8BF93150B7A3775B3F648806EED3B61C22F2E906C52B9878D53E9C2B5010
          SHA-512:04DAE26A12175692D149418F0F99BFC0222BF6E3E3A99886180F1CDB1A9921EC63764ED1A243C7DE99D19A14054C3BF7DC4C87F1E76987267EE6AEC1B426C80E
          Malicious:false
          Reputation:unknown
          Preview:<?xmlc..Y.......|.V.......7S.r.{.....H<...G".Fs,...........vgh....beF.P23....&.G.7L8.V..w..&..>..so.+.n.P..8.A%.....G.In...zE.L....C.Jv.5....3....>......zO.?........r_...Hq.,9.>.1..7.....U.q.Y.P..2...W...<.A.!...%.h@...|...nw.W..8..Z.?.P%..k!..lS.S...D...'m....G..ML7..{A4B..6..N.M5. m....$..Y..(...........:.......W....`.-.....j....D....G.V;.l.r6.D..Dt2K..h.$3.1..p..2F.M.....*.......R.....-..{L.]9`..WC...8..{.[.....~.J@..zO._......v..."@.rc#..O..DI......F....}....a>'..zr.V.....4.k...c0Qc]5....*.Y..4I.TQ...*...9x.~.77..-.:.....%..]................~.m.UZGw..P......../.(|.h.om...p.. ..7......!..t.Ab.......M.^[.-. Kg.Wy[...X..o......b.....-Wb...G.ln...;.$3..Q..qh......".......V...b.%7.X..w.......6.u.+i.i..5.J.:.....v..mh.FY.E.Cg)._t.l.....@../sPvr.G'R...s........a^...)q.........!......k.)yKr..e.O..<..6.....'.M?.1.`........OMt.h...LO.W..k.....9....!N..#..(?.6.n...C._e...("U0.5..Ud..y_....N;...T.$PTX.0<Ym.xs..*...eF.....x.....^.S...b<...@.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120128v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):991
          Entropy (8bit):7.771208738517109
          Encrypted:false
          SSDEEP:
          MD5:FDF5E54FC6AB33E47C836A3FA1EDC28D
          SHA1:038070DC40C3E7D4B9D6CB2700723A5117AA82E5
          SHA-256:2BB2844228F8107E6AA3DFF982A4B514A18AE954D4EBB5575030E58622FE7BE9
          SHA-512:F8DCF32CBA939D816E12BD7AE8052E3EEDBFE3C61EE92F08E60AE764FFB93838CDB89175D1E8CF60DA4571DA0373C58925154B2C3E16CCB7F77E6B8FC3058E0A
          Malicious:false
          Reputation:unknown
          Preview:<?xml.jj..`H3b..8.c...2.4X.O.2.Ul....F%?...'..Z..<..N'K.M..h.<6..m...%.".A.9.b..'.,..-6!FC#....E.....-...95..?l...!...#b...`..N......E....l.g7.A.L.{F..<.4.@_..W....|=irgC.Z..v..[l....C)/.>g*LU..j.p....`S..>...BGx&Q....Q...E'.I4.R..[|lZ..#...=.L....T2d%U..z.<e..:a..U.... .e.}\...Xy...?..X.`....Nx......o.....v";..X.m..u..i.=...e.(b^\.z....J..j.._B3.r...5..s....n......\.......X....b.J.3w%E`.~./T....D..An.W..v.Ul.I.......&A.ew....I..e.`Df......v......x.....(6...=.......j..&o5Nl.i@.wr..bu......5.Z.<.......".n.GI.8.[..%.d..g.J.b....Difh^.9..f.KQ.f'I.....j..p.o<...F-.......7..X...{........m.e.........`...S...9E.,. )c.....B...;..=./cR..q....\.......H.4...F>./+By\...Z.N. .1.}k.!......ws..[e|o..&X'C.....4-=oD3......R.....Y..h..^0.......pgW.hy...,......).?k...0.3.EYZ.....k.....G(#5:._.q.%..]C..w..~y.*fh..zE...... ......d..c.r...>.........}!..R)C...|../j...<7..-.f.t.,...|9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule12019v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4150
          Entropy (8bit):7.956402296772913
          Encrypted:false
          SSDEEP:
          MD5:6EBF629DACE9628C8D00AFD3A1448AAC
          SHA1:D1E68BEEC32774FA5C1059426E66BCA6981EAF3F
          SHA-256:AFAD2DF88E5321F51C34B07FEAB0D9D012DCA335E01852F9BC37CCE001D17778
          SHA-512:CE86901CFA441C9C36E78DE84E387825D65BAFDD1844BBC0A7C45297AC335A3E8BFEA18A10EC3535E9253CE8CDC28E65CFB27B6C21ECB74FFA536B8554A871C1
          Malicious:false
          Reputation:unknown
          Preview:<?xml.8#..'.]l..R...L...6e..ij.t.......Z.I..)...{...J...?...G......S&$........G....V...j...z.w.!....W*.....Jg...f;GYT....$.H...O...Z.....)...!.W.....$ll...l...:....B..A.>.R.OTC..0..\.1I.!...npYZ..k..M?.!C...Ev...s/P..B|.5|R.\.h....~\.3...%..e.....d....V...Gl.DNz..l..xf...`7J..(.<. .e....:I.^.;.7._&....|....n....vz...1."A..)..*..^..V5>...~..*dR.6....%...9D<._..`..1..I.....}<..0.._.I!..........Sz.AG~..@.1...H..p.;cm.i.9@.a+..-.e....h...L...i4#y.....*.....T.?..s....L@D...t....{.....^.;.X..G......t.|.....G....s...=..>%?.B.5",J......0h;-T.-.<Fc..>....dH.u...n....-....B"..n,."....!...yA...wf.Wt..-..H......6.......T..[.4..ra...'r..W.FS+P.2y.9.#.!...pB.v..8].B_g...]...[..8.....O=...Y.a.~@..d.g.lD.W,x..2$.[...Q.,....Q.g.O.......m..2YN..E........L%T.r.|.+.O..7.......mi).D.8...!..n.W...C...I...D.r.S....K..;.3....{G'a.:.F..R...\....'..O@qZE...S,x.,~.s...\e...A.R1..Z.2D.v.AS^<..+,.Z+..cb....7. ...d...c.f....:.s.6%.t...#.r.B...d#...8O.e'.I..hR...(...:A.d....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120201v14.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2974
          Entropy (8bit):7.943914555012394
          Encrypted:false
          SSDEEP:
          MD5:DC9EA426CAF1C40FD49D4F6F5DB0EC52
          SHA1:55D075C74187BBBC6C190B138D82A570266818C4
          SHA-256:30F031A0483C1C5D17C65CF683B71CEA003FD02F8128E24A10197F7AAFF27E30
          SHA-512:8C606C6266D0200E379042BF8C3E638AF99B1B967DF1CE2D58FB344F9F465D739839876974E44FA92F4803EE5EFCC729C7D8C5C5FB9F39D0964BE574D7280F0C
          Malicious:false
          Reputation:unknown
          Preview:<?xmlnv.."..i.1:W..H./.,..V ..*d..)..x:....N..a"..r..h.._...O...d...C..;.M......w..kx#]...m;.T....?..$..e_.2..&rh..R..L"...Z.Z..*,...yn,.I!.ads.B...]...[S...z...F.!..P...=.0.%......CI...i*....4..$.W........y#..(.2n.N.(-.x$^..Y...f.{\...|.*N..R.~.....y~.E.j.. ....}.L.].....\.8{.S.#yV.1.AF..X=.0........ky...4s.b..#.&".q"..L..2I..\2.{gy..r.Y...`.JL...1......./L..2..Z&......0..c...... .....>....\.-.{...ix..T..f.g....iw.4....>..n.......g..){*;).G.*4.@....[kR..3s.0l....F.Q..`PS.Z ......._..". ..p:+}.Z...!H. *].e0....n.V..k..5R..<..}.gX`.o.....b.A&..u..h.U.....6%..P}E-0.J.I/y.=.U.8.x..2..a.8.W.....3.D..Vr{4~...,z.7.3..A..C\#Y...<q.[.?..3..^..b.d9....."5.R.>..IhV..'e.....]e...NQ..g.+Q...X..rp........p.\.5.h._..P;.=i....MT..o..z.e$.....&.....R.Kns...[P.#.....~P4...>.I.C.K....k.M.?...................(.G...l..[....Y.,...x.j.p......)......t.......li}....*8..A.G...UwW..d..k.u.......(...Z...s+............).{%.L......{5..=.....^e<.".....}..6.f.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120205v11.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3363
          Entropy (8bit):7.94560081413187
          Encrypted:false
          SSDEEP:
          MD5:541DE30C3ACF552525D03CE4D75D5B97
          SHA1:A69156E76F4A06ECB8C42BA81FC9838C9DBE0910
          SHA-256:91C6C5B88EA990ED46A832C0D542573D1C13F6DBC1B15AE5BDF826799D4570FE
          SHA-512:0450EFC66A143A86DC0F5071F14397694735EE3AEB63516C5E20C7A5F2D0FB5B56F5363CA8BD097E0540DBE1AE3ABDAD142D2F52F2D64E298202522B5E9BB375
          Malicious:false
          Reputation:unknown
          Preview:<?xmlIG..p.=......)......S............#....r_.Z.t.>P......@.2..XC'?ib_{-...,J.WEj....".e...~..*.|..C........4.{H'.L....F.m0-u:...f(.#...+I..}'.Tm+.P..G...n.........iuJq.....8..Vp......f..)....=`...U...{T;.W..\..O.m.C......&3D..l.>.....:.....=...=.......h].l..E...?....../....].X~2.....EMnG%...%x.;V..']........yn.l..NZ.f4!...".(...==....6~..SSW....|....T..o_.&..@:..I.>Z5.36.R...U5rqx..o.w.x1..j.&.r.B{.....e.vx.x..t..{Au....>..Y.8"...u...s..m\K.`.s.R9.0.v........)._..E.wr.(}....d..>.u..:^U.Y.f...v.$..Kx4..A$j.....J}..7...\.]`.....S..?.:.J.v...:.3.J.f3.....0..@...U.bJ&.. ..z..^...0...D..a.bl...P.o&..q...u....1H.n....Z..0........x....7..j,(..\.ya.....h..`YX|.b..2.h..0E.......4..uP.....bs.1b....<.s........c....ne.{)..5.k...0sU......Fz..1...2...a..r....J3....A....UMk[.|N".hS.i....#..\D....f".\......[.V..[.C.8i........d....EK.b(."l_A.X.|i.F..s.KC.w.J....;...['o.ti...g)%.w.B|.dsW.......\../U)".a|t.....j....%.=..+...K..w].0.g.z$.,.....M.26kUr2...y.5.H

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120300v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1295
          Entropy (8bit):7.804927113620141
          Encrypted:false
          SSDEEP:
          MD5:4D137076BA5CB38A7EE42F6CDA0909BB
          SHA1:74635F47338EE19AA0B9AD78CF168D6618F5BBBE
          SHA-256:9CACACCA8D78776B7051D009750C48FCF40692FDA98B7A49EAB46C558AF820AF
          SHA-512:3AB604EC56F851EF8AEF571558639E295C8BEF4B1A7212AEA8D1A18FB344A4B995F0AF84C6B366B0F2504F9207607287D025099FE12331348B97BB7B272B4192
          Malicious:false
          Reputation:unknown
          Preview:<?xml/.@..~c>.N.. ...d..W}Q..M..o..@w$.V...(=.1..@..Q....(@l.Ga.+U...3. ../.;..D..{...^..e.<...2...[...\.gc..e....Ca..O....F...0...f.$M>......0...5x.T<m.~...A.v....|.Z.Y!..8.)..J.../;.C..J.>.X....8.F..nL....Z.o{Kh<[.T#.V....\V.*....$.d.F.......MF....B..DZ/S.A.B...I.^.HNg.....QV8G.?...4k...8..3v6.W(Wu...(_.zT. +.q.......q..R....h.o..... I..m...T.s....H m..9~..M..;Q....E.........9Y3.rNIf.?...a..gv.H..c..R...6L..~q..f..Dr8...EWdlaq/.5......L]..eI..WDv....?.B}.....k.n.+~,.Po.UGs...<......,.qD=.e....l.8u.}I..jm....}:Z......e.M.u..45.Yk....:Mh..7..R.....)R.s.n.....|^|M...... .A<.....&)".....o1!dm..0v.x[f.].V........t;...4.Ec..R.......yV.u.Ol[..m*.....e.{...*..!.Z.]Te.<......L..&U+..v....J.4...F..n..r.9..n.sz......*.|.(.n..P.n..UB...Q....U...M.g.?...p.R..y....6H.e..xO8..)...6f.t0...o....B..bU)....o...,)...C..t...(.'........c....B....p|..Z._.}......k.+..E^...F......y0....Kh....z...a.)..)d..^.....ca......r.......J.i......4...J.*.z.``.g.FKL.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120304v5.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2582
          Entropy (8bit):7.931829198034061
          Encrypted:false
          SSDEEP:
          MD5:FC10FCC21C9036BA90723B622211E9C4
          SHA1:C33947D20831A2A4B42710698492F5F28268650B
          SHA-256:64D70DD65DCDB7BC81BEC1F3F6A998E5DCE39A9458B4E3A868497C2437568178
          SHA-512:AE04D15439B47EE16EB372ADDE6B5CBE8C0950526971C40B59917EAA38F2120E752FB9B505467ECDF68F0C1D09A4948B488BCF267E60A9ED262990273B8E4F31
          Malicious:false
          Reputation:unknown
          Preview:<?xml.lG.......1...I%.].J.P.HZ...{o.@l.......G.... d....B.K..*._d....PAT..m4>2....8..`_.j4Q.l.1.........t.m .1..`.Y[....."...d`...Y.<.R},....p..\.T...8.oW...j.....~8Z....p~....`............V!o .A.v..j.)...F.gR.w2(..........gw.!.n...q..........d&...Zd. .R.y..ap.t.N..x...&Z..:...F..K.3}.#.......XC..hDE.....`.P............I......>.\]t....K.>.y......`.g..(.&...?.AC.yJY.@..j..;...%.n..c./.D...{...7.x.sQF.xM.*D...,.IK...I.CY/eb.^.g.}c..hn.5.x..U......=...qG.(NX....2[..#....~.......@;....6...h....E?......o.OZ....s.....G;.g...v......m.8.U.....@..ehU..b..}...m..Q._us.X/{..cJ..!..........yk..v.G.S.._.e9WA.....*..M..?.1#...l.U..:+....H....../..1.a*!..h..,8)0..`....P0.........&o.[.UU$f...$D/.q.%.(..e...:g...Bv.....6...XpT7M.1.k]...6..\F......W..x..u.0..^h...t,.%&.?.\o....T+4...8.a~.Zb..[..q..z.w..Y.R#..}k4......r6..H..Jq..M.E..b(.j....e.c.C..R...{.Ql.....3wm...'.[.@W.9.Q...._Eu...=..[..@.i.@W.. ..{..%R..(R..;r..q....{y.-B.1".....K5.qf....t..o[..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120305v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1787
          Entropy (8bit):7.896565940189487
          Encrypted:false
          SSDEEP:
          MD5:413503B5D0C0DA99A3DC9227A8F41093
          SHA1:7E606B2B01BBFD075C190A83B39C6425C350B6DB
          SHA-256:6AC58B57CD29D2B144364B5BF515C26D9F7DD3B6A22484BC5119FE95EEDDC210
          SHA-512:F1AE6386F17B5312E65A15EB7234FE86965A01A4445875BE78B548C2A2D316995B3F1B77EA5057CC92198E2A132026FF579A87242F4330FB57E35C447525C3AD
          Malicious:false
          Reputation:unknown
          Preview:<?xml.e..<.!/......h...VD....T..e..6S..e .HW...@......:.5...J..Py..v.H..&..+..........hq....[........`.<.^Aa.B....U.X...C.j.'....V'C........L....~~Fk.....ron..Q.%..ru.Wr.0YYZ.A..sN..O.-..|$.6U.;......T..g..`........%|..L..7...21....`.....h...1H$S.'G!..9_1D..Q_....5 |........|...h0.aKW.fM.Q....].R..)...(..l.]......e.H.W....k[d..4.G.y.7.=...0b.qG.......:....@.}4.;9B....)...I.|r..E...!!.?.C..M...Z..q.]*.D.^...:.J.q.O.;...@}IK.G...<...z7\z..K.=......a[.G..q6(..I..?.1Y.i...%..\..r.$.q...<U.....$...$...%.2.1.fp.I.j&.7...LS....5.F.).>FDb...^.K.h..AH=k.........A.9.%wG._Y...F..Kr..9{...$G.F3.?".....rHga...G..k....?.......A......P.SZUZ.X.$?.z......|...*Z.n...=.\..^pJ+....5......#.4..{Jl..n.k....3gLM.&...1..!....a.J......e.......C....K..'S......7....nT.......i.v,.O#.<f..<...................Z.V./..$F.4...F.6...R].%.-.-%!,{..l.0.y.g.Y..y.....-9/g..O........5.Nk$.Ld9......'..@j.{.1.X[...T..0.N`..s5.J+.....f l....f...]~h<..kv.8..a#.....I

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120307v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1583
          Entropy (8bit):7.852602667332312
          Encrypted:false
          SSDEEP:
          MD5:321DDBECADD6D68A05DCE1F484C20F21
          SHA1:271C07C1D731AA2EC67F19723B5945061F8DD900
          SHA-256:F565B5C7E6654FD71A69208AF7CE1D0D11DB6AF230043E634F7CDAA7E4609361
          SHA-512:82D0F354A4C3C0C5A60D5D29C5C21781A5AA203C3FE89E74D317476BDD1481825CE8CDA3122C9950744C3CB05DF81D5E239474EA43D1866FCABD5DE6F058A8D9
          Malicious:false
          Reputation:unknown
          Preview:<?xml..iC...k.I...Jp7....<]s1.....v..n...~.6.`%h.Ij.*3.V..5.i'A...m.s....ds..v.o.....>...()P.sIV(....{......Rt..#"..iW.rV.g.."..6...Q.....q..l4`E...a.*.$.H.).GQ..y t...s.#..!`~...W.8!@W'| rzLbC..}.E...VN}. .Y.......U.>.l..C..M.)j.)I....[..FIS.y..jz.7..|J..F.......ao.X...D.=.YV... .P.u.gs.|f..p.l.W..Q...... G.~......-.<.....a...'....M.K..L.....nRv.....*..T....e.!X}..$.<.;....>p.;Y......o\....I.%m.K.&.U./.!......>,ca'.r..]....g.../.Ar...O.4.......@9...U...p...#9.e.*m.#P"....Q....|..V..X_..6..NX..*Uel.....Ub.}$Y..a..gC..O;..=.V...<G.(.qEX..C.Ie.[o..P..*;...(cS-..6|...p.........W..T.....J..%..BF4.F[m....8.&....Qll.kLR}.`K...v....}6.....yAF.Xw.!....y...7A.V.O^...N....s`..-w..qC....TEX..n.`3.9.=....qy&..Bk.c.+g.wt..Lr.bH.%.Ea..b7.......#.m..Y..).!.....\...~MH.(H.S......t.....]..M...o.R.....Y$....~.v.j...s...'.k'.x.&.(..."......|8U..I>s{l.~S...S.&iA..............3..5N..{..5.P..[a..'x..<...y#W.O>.R.P....`.Oz...:....e....$.)...f..4~.C.q..".Y

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule12035v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2801
          Entropy (8bit):7.925502436882981
          Encrypted:false
          SSDEEP:
          MD5:205702C3576DE406001DA45B2107A696
          SHA1:118792ACB30405131DD20204ED20BABB4AA917BE
          SHA-256:51944FB6BE283E139F02667BD2BFE6D77DFA07523E7A5CB54D6D681A488AC5B5
          SHA-512:1D92D2304B526122CC91F48AF5EAA7999A01A276D8A6BE0190352E37640F995CB276BC54893146720B7CD86414440F203D5991F354559DCF9D26AAEEF2A98B13
          Malicious:false
          Reputation:unknown
          Preview:<?xml.......m5...]../D.l.....g.(^X3...!v.rj..zcF....#.P....,&.m..Y........?.H.O...w?s...J..c......|....C....6u-..J....6.I.[..[j.0..s7...S.z.5...!4;....D.. ..d.H.....A..m..m..<.R.N...Y.ZSI(.}4L.r.PO.p.V{z...bm.?..r..?.5L'_NN)9<......*0.H.Q?v..e...u....Dh..!..P.s....$..PbO..k.1A6...3...{....r3...UJ..% iO}.ZU.Mk..1..=..o.V....")....-.UR..c ..A5...F.8.i.B.)..j.@..@.U..h...S..V~.w.....0sH.)..?CJ.`Kr_..../u.i..1(..T.....Z.Fc*.%...}..q.....s....3zK.*...0j.....z)./...H.....,.....Ph.....`.....6...mF../.=#,&..%...Xy.+[Y..^'".....]d..3.X.......z.M....G...p.^.,...z..IO).k.eKZ/..!....g..+c.4i.j..gX.l..6....W|.z$...D)......&..Sc..<[..q....r..VVV.u...zA.......c...Z............I.f..rK22.|.U[.....k.:.|.7.|.v.C.X!....S..]..6.."Tf*.>C.[..<...tr4..].......WV..L....'......2..J/....&.15#.b>.omc_v.i7.$.ZZA%...3G....iG$...2[...}.J..,...4.a!....Yt-...a.r.O../Sn\."4..a&.q..G.S..<|L.......\...J.4.{..)....4vIQi...8h....1'...1.#[..'m......i...B(#...c....-G.......K

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120402v21.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4121
          Entropy (8bit):7.94905674086555
          Encrypted:false
          SSDEEP:
          MD5:558CB35340CFB48F3E0C76BD6E20168C
          SHA1:EF1ED4412F13240C1DC26A8506DA2F24426E1E76
          SHA-256:F321044A51232290E8AF291DE1B519A38CA9E61D479CD0ED19495B9A0E459869
          SHA-512:CA7599F5A7DA62B56A7604FBF506E2558451E20A5DE36D2CF20D0C86FF087EC07962EB700840968C4736AD68DA65D7444287007AFCA863661FA361A14611CA24
          Malicious:false
          Reputation:unknown
          Preview:<?xml.Y3..%.d@W.S..O....;....H..QB.G1z......P.k..@...L.E..n...y.BL.2.?Y]..<......J.l}k..{.Na....B.`b.<..6."..jUf5)L...X.I....I.....T.zF.@.IJo..da[..E?..2v.a(2w.q...+#J>..5c.+....H].L..d2t.....k.Kj..~f.."3......z{.V..Q.P&`..........1S........D.Z..R..>j....b.....}K.^....eXP.....,$aT..4f..%E..>.z..;....m.Ld..yk......:V.f.......>.8..+9=..?..:.CR..mr..k.W.1nS..g.D.l........Y.....gh...,..K....>(..r{.A#n.x5.J.|...X...3.-...(.*.!.\5.^.~...t*.D.N..S4......+........h.r...8Ep.p5+!_.a....!....l.9!Q..iO......l..X....{...8..4...P.k.J.k....L.j8...?._.c...l.G{]......j.&-.C.......&...,2".iC.. ..f)..Gx......F.3.tXzWCk..%f.y.H...S.......:...,E..[y..Q.h.?{.../.]..zO...J^.....a..|9....Ca:P...2.....:.}....`k...%....d...z;j....e...\Q.&....." .Y..u.(YI......UAf.y5....s..\....3;4#..)...rUy....yB...........)w..O.4..A.5.R..u.v.3.:.....F..8^.(ecl.Gn2..Z...Z...M.s.C....p.d...:.....S..9(.".....m..|qe.G.....].]].a"...>.....#J<.W.../...J=.Y.k8.[...f.Vn} ....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120501v17.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):8140
          Entropy (8bit):7.978334499550877
          Encrypted:false
          SSDEEP:
          MD5:B35EF87E0C575B6E71A10A4CA2321125
          SHA1:CD287CBD2CA9519287A9D6FE5716EB19C03033C7
          SHA-256:CB57BD2AC65FD6B212B7C42188E89F117B931F62041130E46866E7CCCA825505
          SHA-512:43096CC91DE8D5E345AC9B3BC218371944E5D9A3B1335C7AB28A8F6A1C4469DB8812C1FD8D485AA70F4B565CF82010BCA7FA3D982E22EC20BF54AA25A7B5BE86
          Malicious:false
          Reputation:unknown
          Preview:<?xmlW&......."$...(...SB`...%... ....%..r=hU..Qx....fx.!{.j.T.W.P9n.o..F.F..#....u.....ad.......i..o....^ff...!.2.C..t.b4H&m..S.}.."..+X..42".T..P......[....:.."7.......I...G.PVA.......v.c...~.Q.M..."..M..?m/..a.[.Em.$....g..o=s..Q".w.d........qh.+.T.[.0.h...g./.....)..f.mX..._.4O..u_..4$....:.]7g$..39j......gyIX{..:b....^.........,..."... ......-Z.)..__..v.w4..\o#.o........FM.aJ.aQ@<#....5.M..%...GKJ...1......||.....X.PG.{|.!...w:..Rw......cb>.7.v......q....2lQ.b.._^..W...U....:..2I(.l...9...K.VIRf..Xs..1......t...w....b.G4O..S"..K...h.O..XADcz:./...a........+.-..@.=L=....,c.}..4.P......}.h.Rf.....Na@sG.C....o`..K..7.9P.#...j.;57...W...#...K.79"c..3......z"..{..{H....RX...d.!...9..I..n3.."...2?|:7..t\.x..~..v".......x*......M,@.........jc.....+.I..t....6......6/...o.d......~.9...u...;aP.....6..H...S7..|.L{@.kK%+..0.C...o$E....NK..r..A.V....z.v..f. .G^1#.....'z^.o...../.%q.S.T..0."..S...~.Q.....x..\.#E!.>......4-.k"j.'q.....b...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120600v4.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3313
          Entropy (8bit):7.9375449516903664
          Encrypted:false
          SSDEEP:
          MD5:376DB892FAB819CAFBFFED2540A85FCB
          SHA1:9ABED9FE136C5DABD34FA7275A1AD68455D228E6
          SHA-256:955B2CFC0E052EBC7F51F29930E4A4EB3A1AE2A90295EB1ED151BFE2E53BB2BD
          SHA-512:6A3508B52AFC05102AE469BCCFB79F895554CF85F3AF33AAF0B476A823C6B31B04EFA72D3D4339C4FBFA820FE337D0ACB44C5470426494048B77E74A2FAB1D3C
          Malicious:false
          Reputation:unknown
          Preview:<?xml.^G#........b.*......>?..8..;...Oo...@..4h.[...........f..$6sd]{rk.K...81j.Yk.l'..y......z?N....L..&G....Q...ca.b...@.&...2..R....`.:....#.....!2._b....... .L..vk....85c.4...|.F.F....f.4..:.V?5.2.=.~n6.(.ls.. ..,..G....L[w.QD...#B.6.k.....wSh.y3..m7..@.yU....=......Jx.-JX..gL"...A1... ....e....>..fO...?~.6m.4@....]l.....&.P.,..4t.-..B..<\#.G.........pP.a.*.N...(}a....fo(.;0.%.S.@.e.D6..K..y...a......>K5.v....l......g..iwJ"....n=Z...C)...@]...h\1.+n..7....rF..F..._...Wp..5..S.\.3......\....L..6..3s....O....{*....r.q..q.#.o.A..6.x..I....iT....n.>.?|......h...O|._..S*/...CK..[.N.z&4OKC=g...{i..,...7..K.Y..;Z.y.{...bD..E[1.c.....U#.b..d.I7...5..iR..<...?.9.....A.Sj1.t.....\.o4..Yi..V).U..]H...&....9.a.Dp.....)..5.8..A..-I.<S.x......I,.<M.....!=.=.].Ik.=D...Au..W.y...p....|.8....Ih..q.fQ.D~#...<..h{`...=].m.. E@/.. .xF2kr...W.q4......2"...<")xHAr8.P/n\Mb.....L..<X.4.\.;.b.k.\...#..k..!.+F.GCS.=x:..[g.z.1........S............:.NL..G.#k.Y."A..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120601v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3675
          Entropy (8bit):7.9503223545434825
          Encrypted:false
          SSDEEP:
          MD5:4EF56E513803A381B24AD1D33DBC9CBA
          SHA1:2721F33B4E733F3AF3D670341BC7926ACBFCB86B
          SHA-256:3466B7AE8EB68E499F692848B47E0E2C6111AD0FF8ED71DC359B2D662D256BF8
          SHA-512:111A94666D8A7EC2233094CE9F4015140E9A79EE328BF6F24881D4BE01D9BCF5E5F2D9D8F6C8AA65E741A54F7DBB61E1B6316BAC22E2AFAED9AB6347B5DD08DD
          Malicious:false
          Reputation:unknown
          Preview:<?xmlWd.}..s.0..u..b.<v.#.k&..{p8Y..EjI._....>{........j....'T....g..S.d_..F..L~......"#&.0.^F..e..A.9l..f'.b.0....n.e.F'EK<...<.9..M/..).<..O.),..Zfw...4..h..C ...$=..EbVE..\..,2Vm...........y.L...P..*....}X..r#6.D..C>.r...&.\..........R.B.\.Tu..}D..;..}a..?.S..8^.g.........d.T.Rn.Ch=^..,..!.X.L.gI....a.s..*1N..1...65..35@.:Qf..zB.;.Q\Fa:.....v......k$,`O&....E...N.s.U...k.8`..nj..%..'..@..0.++W...Gh.F...].N#.|"..hRR......B.>...........K..n....H.)..{p.<vV0{0n.~......:a..D.F6..un.b..:...VvE...(&.dM-.....Nx.p>(.fPW......J..Y.r....3.7..5..@.oy...u.H.b...}....6.Hm\i..I.y}....G.!wD.`.Z.,.|...#..........U..Q.U#/.2.%&N..A*.w.J.*3.}R.9...<HQh[.O..S2s...,lV...../F.>.W5v@j@....iW;....1i$.K.2t......O......G.$g?.0..".W.. p.V.....t.........b.~..'. ;..d..F...>..!.Pf=?<.5.f<.\......1._....dZ.@#.).Gb./l.....~.....8.e...E..E..p..sH....%)..wxw..|.6.`I.'.".n...:.w9@.Z..<Uw.3'....E.=.Tv.B'....c~.o.m...i..6...&X.=..S..?i.&v...|.........!f....[Oe.].M.....V:

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120602v8.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2924
          Entropy (8bit):7.93222156478347
          Encrypted:false
          SSDEEP:
          MD5:8516E5C13F8DEA414BE63A71D5B2C534
          SHA1:36DA494A4EACA70DA5F706A03ABD2071D01455A7
          SHA-256:6F2B9DEA89CE904657DAF341DA67FCD484E9640EE89BA14368D8E4856855B6B0
          SHA-512:D6A24CAB8A8A5AA287DE02023C00E56EC750E52D7991BD6E133A8ECF1A8B318B25758D7B364B4EC5623E73A25E774E4C4F2CC46C73AA520AFBED1BF1A7346818
          Malicious:false
          Reputation:unknown
          Preview:<?xml).....?..~.=>.....Q...WI .H....b..x}l..).W1.B...>..Q....j....%t...[.. .*..1......g2O.N(^......E.......3_......D.'./IZ.t.......'. .2....]-\...q.'[.o.)Gn.;.}mL?..e.i..?D...^.$...V.mQ.H..ev....W:e.h.....'O.&...B.C......zL-...2.sK...G..5..[..ytN....RWU{:A..<.(...AV.Y.2.Oc....3.x..D.y~\...C..Z.CH.,.I..h...'7.|a.*+.....@.B!./...N1oK.x....U.*....n[..P.?ny...M\Y...h..........$........u.3...)}4=|.[...}@..m......V.n`hl\.gn..S...~-...s.^~.h. .u.;...}....B.=.}..*.]..JO4Jn.).....y....d.b...v....y.o.m.Clc.2#.P...~b..........)4.yK..sP.g..;...cZ3..2..,....+..&[..vL.xf*]:p.T..^.}.S....F.R..&...... ..-...("..wMo!......d..:..T.9....V....0.>5....im.o=.+(FZ/8...8.\...(.Fr8.8......3....R6y|.......%.]. .5.=..=.L..A^Oe......=.L.`pSS,}..P.}).s.em...3:."XK.........#..d.J9.()y.@.VK.#\L.[.6br.N..Z...R8c.>X....3...<:.....@#0.......*..Z. ..i....B..r2....FF\(/1<..!T....=.Q..Zp%.b..Z}b..*.........s.........$.....iW.Y.i4{...".....xT....d72..$.X..s..e.*....l.|

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120603v8.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2461
          Entropy (8bit):7.915775962664201
          Encrypted:false
          SSDEEP:
          MD5:C73076316C4022D6C7351215DE26F855
          SHA1:21EE1C2277F5E601FDA22DDD5E39C76DDBEA171E
          SHA-256:2B28F9F5EA9F789227CBA6AF217914902BAF4DC1422B60F3494C973A097F397A
          SHA-512:B34C51A768ABD84BA4832CB807FD62964129E7F83822F31580611E24C537B64A9392777C067730260A08E0059F4595032C641FE34A8547C524B0859523C39300
          Malicious:false
          Reputation:unknown
          Preview:<?xml..7...$......%.v.....x.y..S'.GA"...I].|.6;.?F.g...\....Cp.qO...b....l....734.q).b..p..i?Cm;.c..fN..&8.V.)2.~.#..]..9S.a.<.T2...S.B.]i$..K.Gh.$..7.i.8\.:)....v;.@.3.....5Z.J...f.......g..?w$.v...h:...q.2....'......(..mL.@i......J.... ..).Gh.........q...\.f...=q....\.......YJ.L(.....=.Ei.....a.W.%.If-f..."C...eE'...=.y.`.G...........u.]....UQcQ].z..w.R......sX..+E.K....._c}Kf.xU/.`EY........s.j..q;#j;d#..U..\.?/...n....XV....81.^.........]..a).../+R'.&.(.dTz.....I4..Mh.s.4...v~je...B.....^i>..|..0.....V.g.m.Sd..=..O...O.-..Z.I\...f?GK...{p>(.].d...#'....y.HQ.+.....GW...}..E.c..@....g.O.J...;sS9.,....A5E......C..?..b....y.....9..`%U..*..">g.`.g.......... ....3.)z:].z....)....e.W.......p.t......7.K....0..YG....4Q..+:d.{.. .GqD-.tN.~....{R<....^.^.B@.......E....G.8......X..}......."*...x..wW...N.J...@x..$q.....9.xj...A..x.,.t..F.U.N..:d5.,..\lcz......1.a-U7"..<.......{.Y..U..A..7.>{}5.l.]0/...,.y...l..=..E..~.`oD...fR..SJ<...,.....St._.!.......

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120604v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):758
          Entropy (8bit):7.7227322045937585
          Encrypted:false
          SSDEEP:
          MD5:CC2072085D0D731B89C0DE8D2988BD94
          SHA1:614831AA66935329E9664BCE812E7315FC76EEA5
          SHA-256:F9A1E06A5E41E8FD27A32D8D053EB9722FA164081E285D03DB211AF55A7CA3ED
          SHA-512:E72E5C3D20B190F04BEA9C599F48F5757876EF7EFD61DF9B3DE373FB484AACD60855FD006554358610158F231C23314F9A4D62698021B0FE02475B8AB1FB4318
          Malicious:false
          Reputation:unknown
          Preview:<?xml.T...??j N..@.....r.]*..Is...W..j..#..f2....j..(..u.....MG.}.:........$&...d.T..=.q.:g:...#0.$....Fg...O\..<..&...u5.{....d&.....o-[...l.....J....M....T..m~...V.\.....T....b...S.../.9.m.[y)..[s..a..!..A.q-..}Pm&../:...<.y~.>.../(..$..l.[]...=5.u}.E.g......?...P..n.2._yU...\..+.......N&.......6......g.H;..I.W.S.....idD4....BTry...D.{..XZ.x...+h.Ng..R..D....i..?v...Gc....%.........'<..v.).|....._z.w....jJ.N~T...5S...Z.b,!.......3.-p..7...P7p..d....u.....m.|..\a.Ll_.pG....-.S*m...Q.a%.?&....C<t.G.w.K..o...........k.\6..Us?...c.2...{.....*q2.y',.bq.... ^`.6)SO.x.... 7.H}.1....k..%...m]R...,...2..v_..q.Tx.M..|.mU.<.6$1......U*....(..v\..h...H..7h.n.bu..K.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120605v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1210
          Entropy (8bit):7.808971727107069
          Encrypted:false
          SSDEEP:
          MD5:4D10C4921B38DA760DEA51115FFCF11C
          SHA1:EAEF1F74942B9846F3A6C29112A512F2CDA63B86
          SHA-256:2DCFF8574D116788B1008A64BA3190063BA200B8844BFFE4596FB60757777CDF
          SHA-512:7DE09F7BBF90348BB6A18A5B44C717D2F31C8C5FB30386230E306E4D94CFBF4C2E19EFD67B10532C3D17F1C8B24D1ECE44E63C299D69172A15AE4D4C0B634455
          Malicious:false
          Reputation:unknown
          Preview:<?xml7..).8J>..').y...s..C.......n...F..t.sF....|......T......L<.2k.....S+a..B2.d..Q....Rw..S.t,..$."l.a...F..Q5Z.G*.....l,.sR..lHV.U.8.f'.@\..z.7N\n.s...1..w..)b....1e......K-<`..m..s..g...../E.R......V:..m...#.9....a...X.).S...q.`.f..Rc.;.....qUPh..,.b...X.#..8.....0.X.7..U..I:.;...7>..e.L...p......r.>........{.mE...e$.3l.....u..UM.hLi....7.p......N.H.V.J.s....O....G->.NU...f..s.Y....g..o.s.......!..t......+.;dT....1.f~/...K..E...&........g....V......Kp.....V/\&......0.uT..PSP..ka....y.@..&Y.RG....nP..`........f"..._3.n.[....v.)%....D....p.NS.....3l.Q..<|.u[.t..~....aU1....V.qp...&.X.H$.5.`.?u..Q|..5LJ....^..............8.T..\PE.w.i..]'i....X9.m....ya.....u.....Mt........1i..F>......3.1[. ...8..A..`..........+Q.*.L..\..!,.N.!z.q....)b.;...P.S.E...At....&[O.N..}|...H..R.4..g..'X.D..M.-+O...u.y..1K.o..Ou....f....7...S...l5.B7.T9.S.W....G..*G...hJJ...e}.....,MeK..J.2.0j..9r.5...%."T..P.....Ss.N....|Xc=.(....cR ...IO.;....L..u..Y.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120607v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):537
          Entropy (8bit):7.551732917302927
          Encrypted:false
          SSDEEP:
          MD5:3BDA13D721851107FEBC0F19F5DEF816
          SHA1:3AA6488F465F8961F0D9227EF2C4F019888C13BC
          SHA-256:1415ED3094C50C42E081845C353B6CDEA0D2BC05C63ACF4795064379C30227D1
          SHA-512:66CF0EDA8454B9D4CB60514C87EC1DF61DE5CCF6ECF59841996021BCC7576317333C39580AED86E239B0B260B5315386B2B032B0E6708BC0A4BC97F7CD3CB55D
          Malicious:false
          Reputation:unknown
          Preview:<?xml.>&7w....s...vB.._Q1.y..<........ %D...OL.K.;8.7......^......Rm:...y...vr............@.`z.k...pf...v....`=:..~....8........$.@a.4...,f.$..*..I....h..6. .@s...3..J.K.O........X.y...7....KpxG7...b<g..@.]..b..%...1;..bZz.....s.At..H....G..y;........F..fR.9B.B....R....%..Z.$.w#@.R...g.+=..I.=N...J.JW.V."-.*|.{.1.C}.9.w...T5....y..G....$.O+....)L...Rr.A.5..#...R.Eb...U..n[\I.x.*+....Z.....f.l{,.`..J.m.b)..p..f&E...-j....4..EO...:....9..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120608v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2493
          Entropy (8bit):7.921620184234777
          Encrypted:false
          SSDEEP:
          MD5:46DFDAE256A7CBE05BD034362CBD12B9
          SHA1:39207814EB89C8AD33D7E4D6618C8B4030E4CC9D
          SHA-256:93C9FE9928DC4B5E69855AD1F0F8A6281801927BF3A3AA84F439824AAECCD6E0
          SHA-512:2319D491ECDC2FA4566A2B37410D2F7D8F76108961A4D7DE3043A1F7419B53D633293DEEAF57F4BED1ECBFE57E740FCD01B81DCEDECBBBE556CB9E4D4E64441F
          Malicious:false
          Reputation:unknown
          Preview:<?xml.4.......V.X{co6.M#.B.)...".z....n..`.?c&!.S.....G.Q6:......./.s.....j.1Z....e0.%^i..W..;..`?.!....5..:+.u.Wt....f....>.k.]..F..`}V..U....F%.-.0;..p...N...H.`.#~S.-....e.F=.........r4H....M...gkT,.I.../...Kg.,.....+..@...E......x.H.3z^.."..3....gO`.....I.u1.b.......U....c...*T2((...?..eP.Y.T...G.j......t.......JL..I'.).........!aD..O...Ym.m......Y...Dq..u.F....;......8s[.+.".Kza.......W$\.......L.........o...v!q....r_-.:q..../.....0..`E......p.Zv5&7.9O.....S....2.*v....7.X5{..!,.Io:..Y.2.S.s.(...1..9#..:Q......!..*.j.U.?...Rc.4.m|.5..x ..i..Y....0.&...b.......2.....k..n+.....}..l.......s....D.4FOz+.!..._?....,....8.l....5Y.u........;.......@)Q...8.B...G.H..f>o. .......P8.k.5.r.....Aczm.O....b.*.k.......q....Q....c.2.Gl.........8..\zYE8......[.e_.9....p4..x.:,6.~....Z..J...`..H.fMo..........~.4B8,..........<.D,...U.;2.@..e.b. i.!.tH....XJ`._.b.~^J...a....%...F.>U..m.........T"..c..SL+.Q..X.o6bd.X._..Sf.. .zw...{vQv..>.g.|5..O< u.X.NS7.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120609v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):741
          Entropy (8bit):7.705735021452548
          Encrypted:false
          SSDEEP:
          MD5:6FD06A978022268DC372173AC28A0DAF
          SHA1:77692FA5AE2B5C7AFE97B41D79BBFA65C066A2A4
          SHA-256:00875A5D3AD7AA2E15CF635EE9D2AD1BD7B2CB87AAFC5FDAA7A1DAC8A326A063
          SHA-512:066D08DD3ABE8D0C04272777845D46A32530B2E0EA2BC794C90DB3EF68354D2B0AB0C9072860CEAD4831376AB89317C75496E6F599842C0ED09E27C72991A04D
          Malicious:false
          Reputation:unknown
          Preview:<?xml.L<sv...H...E%...,.f....x...2..o:nL..u...q.Dy.E!kK..r.....z.+;.*...y.#a.#..:..-...&...L..g..p.}x....V......zS-.Dt...e{|.&.'..Z.^.\~.Oa[.}.*_n{1........).N.Q{...|^N.._i'.)..}!.H..a:M.....@.c..Q.P.%|..P ..n..........8..Lo........;-.....6B...i....4.{}r#.,...f.i.z.......VNFo...A..).."...n.&b...!.$...$|3Q...>G..)."#c.*|}.t=..K..-...f.^F.P...jp..Mh[.$T..4. .....X)Y,.0.q....Y....5/....{.Q...<....ex6A.....K.1..Jl..ly..BD....:.U.....q..M..G/.."......C.......7*.sV0.\c...=..h9.........a.\g..%....R..! .Z....|.(....M...%.8.......E.g{.R".D.!A.M.k......Y.~.j-.!/.a.8...3p...a.~...R.@y.w.JY.9........`........sYa............9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120610v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):807
          Entropy (8bit):7.733242746868212
          Encrypted:false
          SSDEEP:
          MD5:8F01D9C079DE235846FBF91AA7453FCC
          SHA1:3284D2BBEFA5F0C7B1C97F7947A371973AE5DA21
          SHA-256:0A1A0F4BB7B050BF361BB692586D399568869B3B2AC7134279190369E226E065
          SHA-512:9513888C4C9AE1841144A5122724F0E7E92DBE8CD798BAA8EB9F451BD6F5D816AFDBCCC04E1A1BA15BABD8E2BE532A9DE94C6C538F4F535F862934F8F7A3349B
          Malicious:false
          Reputation:unknown
          Preview:<?xmlC"...... .nC..^...R.|.p"C"......]G.}m.......RR....L...iA..{8_.y.,.KI....\.'#.......L....x..R.1.^....&......SD9.c...v.._.Nt.......e.......uB. ..].de.+{.%..3..4z.cz..&0f.i.'..........[....~Jm.....Z.x...rKBR...)8:Q...O.w.Z.......2_...Q.fC.........0M......m.P.....R..;.%.b.......L.[.....6....df.b.....u....z.5L.........+...../.N...|..\.J.).mU.=mS.[.Y.N....>G"(r....Y.....;.......r.X.-...^.".......m....W..g d...qV.?.d|..g.gv.}R.T5...q....$.p.Y.N.I...}k..........4..0.`.9......b&..1q....t.L.Y..hyZ.tKs..P.b.L.m6'g.i...@.<V.......1.+tk.3J8..k6.....,.....?....}.X..`w]7S..k`.:.G....(w.j!.a......u.x..z.u\..4.(M..|C.O....b}:.........s.{P..k.c....(..L.S.....t .............v8.........!s9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120611v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):748
          Entropy (8bit):7.692186387947039
          Encrypted:false
          SSDEEP:
          MD5:DE6CAEEAE120119176CF86EEDAA0C23B
          SHA1:D21CE285AD8C081CE842109E667B3E4120E33D06
          SHA-256:9D6B57ED4A8CD06B458FE8A130CA85789C728E9CDBED57D1FB11DD686E07D0DB
          SHA-512:C7DC6CAFF172C22861B4FAC07F81BF0A628D8E569715ACF48542BDAAA526031270A0E075A8F6CAC563690CD9F3D15DAB50B42090E732AD48B5FE721551C8B127
          Malicious:false
          Reputation:unknown
          Preview:<?xml....PZt..u.N.?.'1..y}[R<.l...q.G.C.|..'..T6k..w...S**.....7.. .l...,...ZI.|..j.....\..yj.&O.5$+.}M.M........^Uto.vu....H..eaBM8.`( k.~1....VV.q...6(&P9.2.4.M.9[h$. .....z1,}~.`P.W...8...8w..%.L. .......y.e..\.q....Z.V5.....tx...)!lr..V...F*$..;J\cF..*.G..%.v..<^....._W9.E..]e.Q..E...........+...c@.P....c.S"....\...O$....'....T...V_D...,.y~b.R....,T.].....:....R!........Br.......+.X.....Le.cQ.j....!...|.p..u.<..D'.7I.F..m...\O..^6.K.2.w.4J...bKXLQ..^7...zr.a.M...q.}.nJ..v...6U.6......4#..uu;}.......n.-.&.9<6.`m .J...XND..sW!83....(.P....$........T|.......4OP../.P.Y..O....Y..x./}#X.A.a.L9...+..U.......b3eJ.M..7Y.^.F3G{......v9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120612v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):804
          Entropy (8bit):7.743457421715354
          Encrypted:false
          SSDEEP:
          MD5:8DFFCB39371E50ED728B2B50E19C09DE
          SHA1:AC4001BBD789F63DCA6322743D0D96CA9F846AD9
          SHA-256:59A544B3C1F2AEDBFA266EFC1BF43B6DBDDD4745F7BDA903CAE95BD74F06F7CB
          SHA-512:B345E9C37EC62276FD313892E7000172AEDC8619ED4707E65EC9EC3FC5F29141D0981AC714E888D262DDC226EB51A067D47F105B416240DC26EBEA3702EC8DA1
          Malicious:false
          Reputation:unknown
          Preview:<?xml.p....'!.7_...-=.G[.n*.,...c...W....\...a..-.=13..Z.2Fc4..?..........>kZ.S.\..#...../-....x..._r...,..um.).l..z.i...2_........M7..."..:m..|....t....;.c..%^.......\..:....":..).f.X.... .)..-......kT...+...l."-..gn......(..O...Q:fD.A..L.d..L.R..d..w5...w.....w..k(.75.G.d....\{1~.........H.`g.....y.#$.....#.~.C.@.[5.......2....;.,o....t..Hwk.y..H......pK..../^W..;.c..ih.r..~@.\.......[.7.sw....G./.'.M.....Kx....8.C=.g..<..R.9.{7....,..L..B^t..i......+L...j.z...q[...I.....H.....E"%z..4R...q.PH...o...GXZP.....vG.Z.......va...Wn.e_..V.,.3.^....h._Vw.=...<.....z.j."........'|.^..cr......6..t{.,K.H!.K..6^s.Ll..i.8..W..G.~\..n?'..p...j?G..^...G..f.bMS..t.r.........D[0...N%.~./..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120613v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):965
          Entropy (8bit):7.794820683453504
          Encrypted:false
          SSDEEP:
          MD5:A973BB10F0E20AEE2DCD6C59439CDF19
          SHA1:6DC048D9E5D4A0A88F88CC08D72480FA9B5AD7BE
          SHA-256:0617851CF48FAEF94B1B026F562FA7EC0FBA07DFC44CAB1E5CDF028F912089DC
          SHA-512:F5C3DAFFEFE7909AB57438254211E32A7701023519D426E4191A1ED3661A21C5BA800BB39428FEA2A3F6F991BBA5BBBCF23CB7E70F2DC07AAB8CFFDB1C309658
          Malicious:false
          Reputation:unknown
          Preview:<?xmlE...G.`jT.LS$t.b-1Jb.z.......s....nS..n.C.&...;..C.Tbjh.G..~*.......U....K..8.;...!p..9%9.......no.o.....hfN.^..q..|eq<i..w..G.[\.U..v=..F..[1Q.....B.H..<.4....v;8n....o.V.0@OV.^.~.h.tK...LmG...0&,.Z*.x... .i..............A...(.-.txi/....F.J.<.e...s....]...h(.....[...o...hW.C......u.....L...L.7..J .Gy....m.,Ek.3..|x1...!.....`. ^H}..b}rG.@.....a.._..Oo..%.i.N+....k3K...&'...U..l4u.P/.Z;cQ..>.......lp.@..K^.O..1gV}.,.....@.QvA.x ..9.g...o...1.f5..ouqs...E..5....r.F.kF....=,|.x...3.?^P...'......j.\.A..<s...s..O.1.\.......V...G...4h.L.p..."....#+.n3.......'w'.q....h..n.C0X7........4?...YI..DY......!.X6..V.d)...A]..-..-J..C@..t.^..z..T..C..2.`.K.`...Y1.....z....t..)...IVC:..k,.,.c..U.~.kRV....kNd.........g.=Sa...D^.)....b@.h....<Q.$...a.$.II..N.M.%..{..d.......k.X.....HdrU.M.......x.d.(L...k|..g:wW.;.....$7.n......c+.Z.A.(9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120614v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):800
          Entropy (8bit):7.713866039036367
          Encrypted:false
          SSDEEP:
          MD5:4A08878C0428C1B01BB34B525247AFA5
          SHA1:E5ACFCCDD2620D23A35616FB207DC385CAC6FD96
          SHA-256:8935AAC6B762664806889D34D9BA96C85AA4F7E2CBFAFD819F1C2238840690EE
          SHA-512:383D6BD0E5348D89827BB7479C1E40BAA598F575D86B211D6A51ED656554CAD14B25AB960472349430A43A02110B997DE171A72C7C5EF3667A6435054C948C23
          Malicious:false
          Reputation:unknown
          Preview:<?xml....1w..c`..!.~x..|.c....*,....1..?....bM.pI....r..'.S'...0.^..l.#.R.ma..z.TK.\.o.)w(r....^.}...-...q.*. ..|.;../...)J.<...N.....`..C.'6q.=....;.K....9...E'.......`.`Hn.Y.sq..}X.2j.N.Y..k1..mz.`.....2A...2.....{l....3.F.Z".....e....]..<..K.M.u&.........7X..v.C..'. ...~.x.....7.E*.W..I...}L......k....:.eC...##.e.%].v...S...V..n&...\W.i>f....4...L.)......Z.{.i.K..^......<y....z.(..A...(...u........do..uW57...C.)..~..`...L.f........p.3...c......D V.......F./.3nK(.....?.V.!.u.....k............./h...~..".@..}..]O...P4a..h}..............a.p..+?SN./.E.....CS;..CD......m.].jx..-..Y7..D.4..P..W.....vz9K.....>..._r.p.>..~*./.. .r!u.;....HE..n.a.v}.L..h.Z.9....#..{.d......9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120615v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):740
          Entropy (8bit):7.705075931834861
          Encrypted:false
          SSDEEP:
          MD5:38D9A574DD5B671BD23D4033DF9EC3FD
          SHA1:A420B2E2B576551B759A70F85D1E3F13FE0DC7BE
          SHA-256:B60FF87D81BEB99F8C49352C93B549BFB20224935C1A576CAED19866D6ADC5C4
          SHA-512:B786127507930B32404F5B20B32B31D5EB5E7B4159ED24233DCF832AE11713993D9F40B11E89AE1DEC17412DDAAEEBA3111856FD1A7FD5382FD39183C5E1AE35
          Malicious:false
          Reputation:unknown
          Preview:<?xml..1_..o...U......W.$.o.*.u.Z...1.....4(y.&.)...B.].Ex.......Z-..Wj.jC..g...+...!..=D...m....qh.0.l.0)..cd..<Z.O[...T..Oe.X^:.O..|.......;....4.yI:...I.\.JP.U.Y\ H.G.O*..j........|..s....p...?+..x).(..j...6.....V..h.~......\qiU....9j.g...!....X...<*!.M.q...n....$y.:C+gt7w.<O.G...J...{-.?..61.h!...=....B-i...;.........t<.._}P.91...........1.ySG....q..;...F..|..:.....*}.w...<..}..q... L..".;..9X.w.....].q...ZJ....y.TO.r....gv.}l. .r..........".e.x:{.(.z.54.R.....T..A....6.o..b.._.7y*5.~.?....w...m..7.e.D.o...q...._..3.'............x0c.L.....Z,N/.~4.V...,....;zu..u.(E....5ME.MK.y.....L....Xa.*.}\L.e.|..4p.{....Z9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120616v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):819
          Entropy (8bit):7.717784364301058
          Encrypted:false
          SSDEEP:
          MD5:4E059C4E7A2D9CC4A0E1CCDBB8134BAC
          SHA1:ACEFF554F2D289FFA6C26A6626700F13AE3F8E1A
          SHA-256:A32E20CC150061FD1A72F63414073EC3D754195B40C71DB27D0A5DB440679BCD
          SHA-512:279B8664DB1633779A5173D25C54569A451A6DF77151FD33C6B3E45374E2FA62EE56DD738D6F0DA576022986F8F59D9D4D06AD6B0BC52E92A09756B925479144
          Malicious:false
          Reputation:unknown
          Preview:<?xmlR.g.O.......s..v...u V'of.dI.AF.N.f..0..@%.;..t[./.R.i)&Qt!.....ch..xCG...j. ".....D...Q.E....@v...g...?TU..Wc.=}...X...x..Z..dk~F@.3.&.j&...3 .n0......y.......P.w'..o..e...m.Xf.%.....M....S.......}..`i...)) ..J.3....s.........~...DUz......M}.sL+...........)z?.1.gP.7..%T.@.. ...z.D+........q.s.3x..j...1..='/J.mg.+.^Mw7&..F........6...._5~.G6.K.QzJy....u..MO..`./1..:4....B..m....x.....A..;...}.!l.-R.i....["....Gy....!.Vx<#..j..g!....T.S.......l..i...O.~......z....................Aa.b.7Y..b.z.M..D...ox....*..m.s..Mv..(.m*..U.."/H.K...^R..$g.P....lS..{).. ..+1(!.O.... .8'...b.;a.4..AH=.._..h{.:..m4.7u..../f]....e.F..~.Q.)...KN=......d......(&..'D..`.....B....v...m..]. ...AY.8..Y.\X.......I......C..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120617v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):760
          Entropy (8bit):7.646132330850002
          Encrypted:false
          SSDEEP:
          MD5:B48118225A0549F9392CA0E91077625A
          SHA1:939CEB08793489920B4FEB16779DB3C1CBD8E634
          SHA-256:FA8C13A32E4AAB02A67CE91F074C2D6EA0EC9EED69561BBCCCAFC28C85D7996A
          SHA-512:FE544951D1AF4532F132EA37F8717A859485B409835E79AD0EDE0504194A43070C782393ECA06E80F82125DC9D8369C354C0DC2F84A02D1BE30FD1725BFB3A50
          Malicious:false
          Reputation:unknown
          Preview:<?xml..61t.........+..b......{ '.cf|..C.{Nhp...O-n...M=..sPSSah..F."pxq.'.}...f@.......xy...............2}..jn...\..+..&\$|t.{.&).E.#.:.f...4LQ.....5....5aR.J4O..1...>.R...1.*..=O. ......q..l.. G.....|..Y.T.W..dg..&...>..M.t..=..t.yh,M......+{...e.-.n.`..~i.........8(W..GL.T..M....J.Ql.7f.S..._.G....... ....4y.+.U.M..N...1c..y,..}.6..Q-..{......../XY....$x..=/rAB$...{-.%....M,...6....B.Q......-..Z{..5.}BwP...-FP.:..W...d..$5.9...N..Ba.....[.Y*.p.N......3L+.L9]..Kq....&.~.(cS..=...O..4...B..@2.g../..`Dj.~.D..^T.{.=~.fv..%..g.>..x.;H.I.....i.z.i...... ..o.......Y.....G.m.;..B...D...n..,.&.qcA.......l..l..zM.sc.7l.{.... .#".M.U.r(d...{.....V...].49pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120618v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):819
          Entropy (8bit):7.710019820665057
          Encrypted:false
          SSDEEP:
          MD5:C64AB849AA9613C1D5D21B6F6A5F8CDD
          SHA1:423015CC8B727EEE5B236B9784385FA9C34F23B5
          SHA-256:F3DEC12B2266DD11036EB1C6B83B70F50BF23E5BD1B4B8A71EE43B44101DED89
          SHA-512:E30952CE99208ADC454A3902C788D5C09048A8956E13D2ACF48A3CC6A3382A420A3D25A33D476F1C362BE2F638A14EE6257E6522D6036453F15F87EFEBA682D9
          Malicious:false
          Reputation:unknown
          Preview:<?xmlt.r....<..e.(.ga).t.T..D9...j....e.m6r6-"#.....q....\........).]....`.q..n_.[:..f...2X'.B,.....[.y...O5;....6%...,XK..`z..0.R.O;.~R..b.*..lU.m... =...a..X.%.h..A@).H7.Y...YM..xV`......[/tK..di..hv.r..~=....`...a.8...S}.Z.t.$.t0..a..Uo...G..`.cT...5..-y;.dc.,.f..(e.....}1..E%..FL.Iz.{nB..r.[o..?...P....t....]v.8.hV.((X.u.D...t"..a.....u....Ov....{S.E..e.c.4.9.y.\........Cz./.X..Z....1.9Cp....%b|K.g..S...>F}y..>D..P..O...K.V..L..4dv..x..OYV....[@.D..\5..q..RS..].....}.y..Xu..Bs..-~..|...Q.....d.0`f.ZT.6.`.cF"..:...8.....l.../..'...:c:....N2Cj7$.E.._..#.).#...PZ..cv....."..C....).x"(C.@..Q<9...O.g..H..2.....F2....kw...&.k.?..................*...2[/~nt?.^.;M.8.Jf......>k..wq.C.O.z9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120619v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):740
          Entropy (8bit):7.684571657127057
          Encrypted:false
          SSDEEP:
          MD5:818EAA0F15DE31E06C8628232854A080
          SHA1:4F2B7CF1E69A98D632BC1C1A8FCF3AA7C1974293
          SHA-256:832CA31F2FEB47DE0EED14F4DE59AA452B9CD4BF5AB9C4FF2F1BA8F55B793986
          SHA-512:A1B056A8E750B874BEFA8FA5E9B330028936FB1EDA0292B49138D8314E6AA6D418B1BD9B5F3778719D767188CEEFCE06A4F83F059BA53ED2777C510715C00A7B
          Malicious:false
          Reputation:unknown
          Preview:<?xml.. ....BB6.a.#.B}Uo..l.-K......&.[Q.;r..;.........j..zo/......Fp...}.r...-..>2...>.8......l.....m7..]..........!7.l..y....2.S.n.9.....0..,.B.l.}...xh*...sO... .}.8r..^.W.L..~B|..q`...B........,.`!..=l.9!.y.r.....F#H.m.x.\+.|..a....D.Vw..@...w..C.'.A.[(....ouu..z.Vm.u.h.D..P.Tw...._.Z.].h....#.dh.....=...e..[9lX.....W.{x..{~h....t^.......k......\@b...d...4........%8..n..`....Pp..(..J..g..fue..E....*?...U..`5>z;.&...2.g...C.$..g.....r.......xh....`p.>..p...'D...;.OW.7.E......0;3..m..H..c.^.......x(........>.1..zV.3.....v..4.....:&J.g.3..F.^g.l......I.P_..l.0YO1.^..Q.{..4.&=.w......J1...XA.79..H...1ee.Q..Hpd0....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120620v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):802
          Entropy (8bit):7.733236106979876
          Encrypted:false
          SSDEEP:
          MD5:64D352E5C587F8D3EBD58539A6B22E54
          SHA1:4CBFED39D48A9F2267E88B6758483B5A205986F0
          SHA-256:03C76389B1868F15242D3AA9F23E5E059ECAF35262C25BBCB550F71DB1018C3B
          SHA-512:079DA29E22A8740C7A5A288B4487673D1BD77D419C305CD27F74D29108B3BEC7DA45B63596D0CC507DD07B511C7EA559F73D99DBCCAB7B2073744F4DF8830CAB
          Malicious:false
          Reputation:unknown
          Preview:<?xml...;.&....uj...LM$..u.'..f..d...;.....b...1.U..\D..$h.........F....|4-A..y`8...5.....:..v....Y....)..-w.}..A.OI....#..d;.W!_...9..#.W....<aD.....l.>..e..8.?mh....K.N.L.Sl..'#....._..{..n....G.a........!i.W..:....Cw..XY...d.w]S..>l.F.........L.RO$.q....YDUv.E.}.... .G.k.|.-..../...>.V.Z.H.......4IH.....@...N.7w,...X@X|b.B5".c...V..E.....{N.lwtX.J..?...h...y..B.L.f....3.vyR.....Q...=.$.k.v...v%O.N?...)...g...5T.b$R.%.u.e.....)...J...e.........?.....:...?..."pt.65.z..$.@..J.Q&>Y...+n..M.V.).3.N....A=Z......u....E.4....K...!..w.+..kQ3..c.....].%..".>.|..V....P..m{...6g.U.....7.. D3.z.{.5(.{a.XJi.L.L(.a...}.<.....P[Q.O....)E.".Zx.Fz.b.G..7=.".A...(.....o...a..^n......ox..m.n9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120621v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):748
          Entropy (8bit):7.719911936064666
          Encrypted:false
          SSDEEP:
          MD5:890473DDC778C829123A5C3B514EE6C7
          SHA1:894379158EEBC806FE085868CAE495440212897B
          SHA-256:BE761DDBEDDD416E1EF5D576ACC3F2E918751700FA9A97012F99F2900A4F59DD
          SHA-512:4F6143ADDCD45E2537E66806DCB737B5E270E8DEE0B9A989C927C77D35B89F746F1E41D62A4FD1CF8F414E6430D162B393E6BBAB76F8DF9EDB1F27A4FCE3D202
          Malicious:false
          Reputation:unknown
          Preview:<?xml....q..z..G.gy......w..c........+.3.<...(..u.\`..._.....a.8.....k..T`.....~B.....0...............7H..7Z.;.._aT..h.2 .G.....3...#+..j..C..V..Z..w..o......A.....8.2H..........:_..}.'.Y.1..f7\...Y...HM.3|s....4...;.*..`.'...N*..-Lu[%.t.Q.2.y......G..G..R@..=..h../.6.S..D~.v...1..I.U......I.+hQbJ.._.2Z.'+`G..3.`..-9-...[PF.])....J..A..q.=iX.[C...0...c.N'.4.U.W.=.U..E...Tm>i..O_.....5.1'9."^*;l.J.h..v.a%...7NaC.'..5d...R...A...m.L?L.]S$....m(.C.....2.)8p.s.......k.49A....?'..n..m$....W.J.d...{.....P..<Y......q..."*Q..>q....UK...r.o-..1vz....)}........'..{.D.w.C..gf.y5....P.hf*.. ]*.V.8.4.m.$....R.^i...?.......a...E.R.l.9..-9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120622v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):810
          Entropy (8bit):7.681493657928462
          Encrypted:false
          SSDEEP:
          MD5:F6C7C6CDEB9BC4A779EB249AC0351983
          SHA1:519385AB8ED6878A9049BA4A252D0E579211288B
          SHA-256:70A858480796E22317A521AE30FA197F4EC1EAA3E2781F60874686A6185D3269
          SHA-512:B7F4B9DBE52BC748D38336DC6F4B189486E52D4D2A6DFC7A25043948DF2677F10809722B83B71319BF0C98844B4581806BC29AE215564D58CC8C7A85FBF8E811
          Malicious:false
          Reputation:unknown
          Preview:<?xml...{.Y....uj...~\{E....^]...,_+].-J.../Y...G.(...C..8%&r..@=..DCR........3q......h60....@.q.S......^`.p.--.....Sl...j.....*..9....:x.....Ex.....Mz~......1....L.....]..>.r.xK ..j..]...dqD.g....%.&..6.2.....kO..I.......X..A.=.*.!,.N.......6..<.....mXu..)?....t@.8...c.Y....S.........?.D7bK7.......;..bco....{...~zbbF..L^.m.?.....6.<..b..t.....0...%T^.!....p&<.\.J.[>..?.:&u. ..=...L..4....b...*.a.n.)... m.^.AbIN.No.L...r.......=L..j.....U..}_...yA..jQ..^*..n..a..Q@.L...3...>...p?.{..8.s?..e.O?.n.i...&.2.~.Fz.h.i..@....#.'....j+.....................2./.?...3.A.}!...q..tb....M<uM0..@.t..B_....T..f.~x. .G.Dpp..(....n.....*...?f.zX..UV..I...sk.y:.......O...O%q@U?.X.=....M.4.bc"....../.KV.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120623v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):797
          Entropy (8bit):7.715032742977471
          Encrypted:false
          SSDEEP:
          MD5:7D94B7C7B0923796ECD8273FCAB457F0
          SHA1:3A3338A44E91124529FE0AF42006A4172B88C953
          SHA-256:5101CA1C81B98EE9373A9A0582080D0590DE2F5895CB3DC1EFB8BB0C75B0E483
          SHA-512:4F0595B98DD513B7ECEC8288983BCEF881842196B4C34918226EF698A30C3B45E59641444E8C66DF1A38CF3A5ED587B98FBDEB532EEC82ABEEE2B86F7CD16CE5
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....v.., ....s'[8.g...w..Y.D.I......K.D.E3L#...i>.F.Le.m4A.J..1.(......*n..*.?,..:...o[..@....<^ ....:Zi..y;...ko.).>...ZR...:.._..l&..;.......P:.....x......sy.....8a.UW.zP,#.}...w=..n.......,V..(.......1iW..#....q.|..s...Mv'.zT..\....n....c......4.h.8..{..."WA.&.sp..i.t&..Q...._ad.......!.eM:..EG..u..(..;V..WMJ..V..J.=..B_....7..V...".zJ..O.@%@N.^.O.9..4.b.}x...9....^X...i.....|Y.S...D[4....-...B...?.....M3..o..Z..mW...gG.JE.(.`?k4>9X.V.O.2^..2.C...=..>...8T.C...;......n.u.....@...qa3.xeA.J..K.....)...l....R.+YQ*....K.u.glZ..9.5......F.P..vXa.m.P.....a.\.Z.E)...4>'... ....,.!.UTF.UEd:.xo.{{..[....<z...w...U..b..q|.``L-i..in....>.m..G.....8...m..XJ....?L.G.T..[......U."..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120624v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):827
          Entropy (8bit):7.739165926250046
          Encrypted:false
          SSDEEP:
          MD5:DC55202183205B3669220B226F31FC73
          SHA1:860E80AC2FCBFEC7083E47067CA5C674A55C0E1D
          SHA-256:062E8981DFF3F262E345D5816C09C51D79A45A24C73C7477298CEB3CB9679711
          SHA-512:6971FB133C9A34F74F6E392850B5D8791261075BF62F3C377C3B261844A0CAD5E074C05C5457DC3F2E56127B3A64E812AFD7313F3D8F494AE8D0C9F384D9290C
          Malicious:false
          Reputation:unknown
          Preview:<?xml.h..EZ...W...}.N.rP...H,.......I..<.+.W.epT......6.<. .....=...x..`....($/..*..Lb...S.2..d...i...t0...}.z..N..9.x..n.r..3......-z..Y.r..wCJ........5.o.X^)...lb.lp(.r.......F@...jI..dkj...|.|.......w....o.l.NG...u;C%p......8..wV.=.`).,S?u.R6.M*'p0.r...8....\.@.W]..1../~.8......`.u:Ur.E.|8.I...Vn..M....X~..4*...^....fm.).CosG.D...+n.....`.N\..2w......|.....*.......1.K......{.....0A...n..R..YQT.{H{).DZ.3.c....}......E'g....D..l...H........j.00o.?...... .`...Jy..m.ph...`n..X......KD....r.Y....*.....9!A.D.>PE..L...L..o%...T.k..k1L....MJ.O..........4.P..F.a...i$.hY@.DN......a.......(...N...q`.*.-L......K.....Xr.....} .L..R...pj1N..].?.)G..?.....W.f.....zA.....nS..a.:.....\]......D'^..eF....t=8.&go....?.yX....b...I9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120625v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.682833862307963
          Encrypted:false
          SSDEEP:
          MD5:57CAC1BC7FAA881E30782FFF1E485DDD
          SHA1:88263AE0CCECA03248C16A121CBBC96AAB51D293
          SHA-256:AF3868A491E0C32826B60868A90AC38FA197EBE213554BEB2A73F2DCAD6A23A5
          SHA-512:8B676664CE57F0F502DE416764CB04058F823C317FD43E9BAB03FDC47CECAE2E2A54092E04AD152EDC27992D6BB7E18187B2101F44C15A33B4AF245F74CA513D
          Malicious:false
          Reputation:unknown
          Preview:<?xml...b.m/j.z...j.w.5..GL..........C`.-....FV.4...A.j..P.O.I+:o?.*....:..*...[AI>...3.+...Py.O..).F..Z.D............DP.&..$.;).s...Q..$.'(U6N.%........~AP>..]...(...Y..h.....$I ......K.8.-..G.8..2...c...w..)f.Z.l..y1kL......)...).t..0.#....&.s...o6.%..(...0....K{..&>.<L.zu..j..d.qh<b.0~...^nM..Cej.{.p..~..$ay.1...d.o.......F?..*q5.d..=n@..j.T.....>.B........u.0....~2....5f.m.k6zC2.}j&-F..\...Y\5!.w..(.........S.z....i..B.....3...%..Kw`.&.T1.....Q....j7.&iO....g.I.._T.U.........!y....Et.d...F..3.D../...3A...Ze.9wDp9.G...a....O;5...{.}L.T....l,.~]..wr..l..'$.N...b+&A..D.G..........Z..........B......m......S..Rn.hr)uq2h...?o!..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120626v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):805
          Entropy (8bit):7.693605788125803
          Encrypted:false
          SSDEEP:
          MD5:717C7A75164CA101746AE6A789410753
          SHA1:948B8CAD9FA18DC31091DECCA919BB31CBE53A5C
          SHA-256:448CEF5A7850E53C7690C9239AD9F62C43277D44BF6D85F057C763FB12B2D986
          SHA-512:9B883C43D1CAA5B28A9ED21FD0B9875A01916EE2217507CAF161E96830DC2B9EE00F644741CF8DC3BB2C79525678F79726EAA45F7E49F9E188AFDC243FA5AB49
          Malicious:false
          Reputation:unknown
          Preview:<?xml..L..+~Y.....BD...@.yB.....l..{..Jz2..m...c*.yY..A.[....X.Q.....~,?.m0.R_3 v..X~u..a...=..c..8.,.Wv..?....e.^.....xct....c..gN...H.3k...t.u....0...YS.Y...I..Z.........oG.aJ.p.L.q?LO|.n}..m......n.....G...P.4`A.+Co.m...d.E..l...&..Y...;.....w..G`......J.f...&...3.[...C...n.`.............[...p.u.! Q........WuO...+...8g[....@...../...<.53.t...t.7...:..L....qx.......@...C..C7>..7J..#[n.....>cD...JcVp..77.t.8b:.~..5._@..Dp...to.5.y(P./vk..c.(Lb.4....NL61L...]...p......#...W.'}.. .....E...P....."ZX....|.()...V..3(....kk..=l..._x?..MLOU$.......p.u.R|.D.mk6.4..kO.-.l..2..q.L..W......zp.?`j~.v)'{3.-......1........{.)qEy.|.ssP.......X>])..w...Z..n...g.....g..{.i..&.j.........y...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120627v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):737
          Entropy (8bit):7.694212443743901
          Encrypted:false
          SSDEEP:
          MD5:1849A6C84486557851A13F316A753384
          SHA1:733E936EDBA4EB64610BEFBCC18EDB441E21AFB8
          SHA-256:008DA1B0F712FC57EAC5A975F1362DCF715090F8BDDCC6BB8DC79622E964BE36
          SHA-512:5A65CE8D061096AE70636D21965F1104DCA295F39AD8534711A2038A90D25E19040EEADE52784889A696682D1F8189BEEBC4BB0EDAFD7F5032556B2BCCD33A75
          Malicious:false
          Reputation:unknown
          Preview:<?xml....=.G.N.}..........^.a....g...a#.o..|.!.....zt....a....#c.> ...p..gZ.....-.Z'P._Xx..Q..T.-......5.O.Fm...p.06./..T-x...Po-t..!.....o..T..E.nD...1....W....w.O.w.%...T....x..hYX.....HS.2.r..Y&s~z.!.@F.(...E.M...e..A...q..r4/....k...e[....A..~.yC.....Y.(...l"(o...o.1....{..K~5&.PHm&_p=..y4.o.r$..)..Y$^...z.-,.ja..R-:...b{......_.VF..l....M{.i..d.9d.+K...i......9.\..(32..7....\o..hM...}d..)x...|.Yf84CZy..._.!.E.7L.e.=..<..l....rkk...7.seX..$......g.$.q..Q..4N.......rI"B... ....OXfL.....VSV{...i.}v.N./).A.......L..=$.}x.<d..\...!..VwGn..M..X...~.\....0..q..........lt...x.....d........|.C.<v....k:.=~..%W.s.3-?*....MK....I.k.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120628v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):801
          Entropy (8bit):7.723106707460135
          Encrypted:false
          SSDEEP:
          MD5:F62F5D7F891852FB688C50B0EB1A54F2
          SHA1:A5C4BF4D237E9A50AB85C620FDE7A97596C1E144
          SHA-256:8FB6385C1410CFB057CA2B9ACBB8933B86A0A650851E110A4A1F7794BBF2DF5B
          SHA-512:8F3DB7C96437C07EEE28D127E06FC6746C3C4DE8E89A2F761D61106AADFE314673B9AB84E4996DEDE394D21FFB9E183F06A6E17F7EAA2C986CA3FBB1524878E5
          Malicious:false
          Reputation:unknown
          Preview:<?xml...zwM....l.........H.y.D...v.{z..z...vMj.k.gyX~V../\7.A_J.Oe...r.O}L..$....Y.7W...;.B.......,....*..l..m.}W.....xXw.....kJ+A.V={..EZZ).A..m.9..LN^z..V..;W...B..6H.ht...-.p.C..3.....4....F....:.....|.=.~..V.....A..m.j..+...%5.'...7...Ap).g.G.H.K..O.v..u...~.tTz...~c......Ui.eJ...XPP .X...n.....9..#...=L....x.A-.~<.....].!...8W....5......~. <...u.....Vz.j. .]..1J..!.'o.......:<ZS...q....F5..r;..v$e....1!g.........t....Z..yJ..%...S+..3.{.\.a.T...;.\Y...........{.~......0..1.P..q..........'.)...3..},......;>.{n..........r......@{..%L..!...w}.?..098.R......6....f..7":qnM9...p`.w..Qlj!......b.1.i.u.....,.N....7x.g4....2...m..Wsb......i.)...D..Y..+.MG..x|......?I...6c.B..2ld..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120629v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):761
          Entropy (8bit):7.695810957348255
          Encrypted:false
          SSDEEP:
          MD5:C81BD8CF31CC6AA9E24288E12BE15C75
          SHA1:FE9F82B0C2CB0A5CFBACA4FB481B07A32F317449
          SHA-256:60E5CD833C79213C718DE39C04D98878C32B73C3386B1892A89746C1592C31B8
          SHA-512:9135AB9262DD4F5DCED7422241524E1AB1A959C88415AE20ADD10001D6F9F8ED1D4C1E9FB903DD79759C8C3C72F4FB9922AA3BE9ECF088899ACD571A77763ABB
          Malicious:false
          Reputation:unknown
          Preview:<?xml;.k.Z..2.g+8ST....8..E.....9...q?QG.4...A...(.P..?."..W.._......w.M3..sL..d1....(...B..n....nR0#..!..k..eD...cb.a.0.zrK.x.6V...D.,32=5..~].*lAYj.W.Z\.....w3M.(5...".C..>....3J....T.:.. .L0t...@...t).u.O.Bx..-*...5......... }...M.D!...rL,....$.1...y.u.....d)E.$j...z...m. .[BA...........5.S..gL..f..X.Q.^..3.'z....)o..XP...T).."..suBUn.XY.1.U.Si>..T...|.qk......*.p.^.B..@..0R.!.<L....=w....Q..4.1...._4.?.k....u...8....+..L.......<..J.G......dt~c9Z...h]..W.}..m6.-..........1..9!.....Z.^ ....D0-.P..J.k'.......N.....E:.|.'..v.k.q.+..Tp .....\...'..K...>....k.(....M$.I.6....8....N..y9........F..e."3.%S...o0.o.9[C.z5.u.....YJ....:.P.<.n..uX9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120630v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):832
          Entropy (8bit):7.722581726381373
          Encrypted:false
          SSDEEP:
          MD5:3C68446C76DCB9EADF06B1C2FF14096B
          SHA1:AC9C6225372781A96A139D45B452CD902EA16F34
          SHA-256:E3292090BB7202E5A196BCB662F1329E2758A2D6DF283FF4638C49A5F865C32D
          SHA-512:07749ADB4C7F0FDE75C7653650CF909B634EA5A892416C74C8167B40E850DC687845BFB92E4F91B716F8AA72620F858BA686EE59E72101DD947948422A34F915
          Malicious:false
          Reputation:unknown
          Preview:<?xml;enG..*7x6.I..v%...y.o.."..v.V..Z1R.U.m...u4...\.E.n....Vy..O..f.".n..j....2+.......+3.y.<tPgK.D..F..~..N.p./B..i|....q..Ph..%1...m..F+...Rw16.n.o......E+`.iku6.n`...1.X...Y..A'...........aK.S...h.U..Z..^...wm..!c;...>..V.....zd.......C.o.:..l..,..>..zc......*......V..A._.q$Bk.....[.n.....H{.:.........ei..[\......F...(.i:....4...$~.{.....(.4...&....Q5...ZO...F..C}.!..(,.../..W{..}.1.F..b.+.g?....h.^.....{'.A.\...2e.l..j.;..Hj./....*. ..^.Z5h...b..Fz.a.).3..2]....=.T...n3.}^m0.p...9.-.ZPiZ.e~y....;....0......a.._..*.../...B...I..V.~hH.d>........zp.z!....U=......1(H[o.x...=.%..,.?....;d"..n^M.{._.!...4....v.v6.|..Fn...3....Z...K.S.......K.a *\..._...E.-(..U.n.....H.*..CU....._.S.....j.D.=Ri..%...%..<ks<.t.!H.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120631v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):748
          Entropy (8bit):7.758269316518134
          Encrypted:false
          SSDEEP:
          MD5:54A97E2B2D0546E034CA8863F775458B
          SHA1:5C65BBC418F0A8CFBF7220C86864CD1B2455154A
          SHA-256:E07062302C37F079F49EC7A8DA0419DC40D4B8425994041BEEE113E4CC095C9D
          SHA-512:8525172642D32F6BBA575168F306EDE74076100D260F932909B6AE9E43380AD281959AC106F271A49CF4A85072534E4CA3A187E7A88BDDB21E9ABC20AD870660
          Malicious:false
          Reputation:unknown
          Preview:<?xml;....5&...4.Y}......>...%..,3`..oR~..!.2V......Qb.........}w9SZ.BX.).{F...N..;.)..6x.;c..*.`&. 1%It8Z.$..I..,.....8K<....<...- ....F...4.........*..29/.Q.*..'H..!..5.|....F.....p...g.>..}.jp.,...#..k...Zy}9Q^H...L......=w.s..=..-.~....Xm@@N.i....L.n.R.Qm....N...]....$W.F.B....%...Y-...-~.x`.6....gyb-M{...[v...Lx.:.....{.B..{...fm!..4...R-$.:.G...._..s.... ......1......@H..!uwC..........Y....t...@...:.IK_..8"..g."e...POZ<...8.....:.^.....WO..;B..U[\...n..Cw. ...n*o..L,.&Z.u.$....-../ETA\..75.V.......%...$tC.v;'WzK+.....n.w}...H.:.$.P..j.Ys[...2.@.`...&!.5..5o.<5..%J....L...3...R..fT..w...b&.~........6.w..E...y....S..D..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120632v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):804
          Entropy (8bit):7.699241169631848
          Encrypted:false
          SSDEEP:
          MD5:22D5105EC844DE9C80B70D378777BA8B
          SHA1:7B779247A2C50623353DE38593D944D4590F1879
          SHA-256:EC59AE804519803B1B307157E117F487814292AD211DC34BF4592808A29D35CE
          SHA-512:8A80583E8A044404FC1D1DCD6720E9369703299F31933C77857E948D30A3C453CEE975A401F04FAF40551CA03ADB16700A03396C0D49A0ADBAEABC4C923A3F49
          Malicious:false
          Reputation:unknown
          Preview:<?xml....o.h>.t. ...-..w../\.. .....pr;f..1M..[.......H..c.e...0.R[..z.aA7....[....a.[L?...*.%...!.'..._....y....!Ue!.?M....v/=.#.o.y.J.......d2X.[6$...Q.I.Dz.@.e....O......~.T..8...g.,>C.V.J......T6.R.UKfX.*.....(.d.3.A1..&.9..-".t.TP*r..{."0.......o3......c.MP..e...bb.%.........g}.....Y3...BJ..DE6V..8H....5....dc....N..?.`..s).H]PY..g...!....c...5.X..A.....?..(...[.|.'....o.Y-W.di.....^.$...>LI...,....}4.g..D..z.~..Q..2_T.......9.F....&.1N....1.%.....{...)..4..B..y[.....>>s...PjR].yv.(.zq._..V5.H.\...i.R8..N....2.s.JyX%p.._...v}...Z...T.?`vP..........y..A...ood.....A..*._)`.....7.h("..v.%.p.hA2&..l...hS.}.R{.2..U..?..>.Z0.u).Q.....+.`%d..b.P..F1.....i.@.".T..T.g..F%?.h........;j)9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120633v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.682823500714369
          Encrypted:false
          SSDEEP:
          MD5:FB9F4B353461526EF32B06FC6328AECB
          SHA1:587FCA3658BDB3E92BB119E80C5F6F0F55428797
          SHA-256:F0687EFFD45402926352F1D113A3AC47D3CE1AE706B42A90E9F154124927277B
          SHA-512:C0AF1B0D48651AD58E3532706A13A061E49F10DFA344196CC03FE6B94CA73A74B33190FEE6DAF99C216B9B7D2BF32F73111FDE0EEDE5F731A73836E4B695AC14
          Malicious:false
          Reputation:unknown
          Preview:<?xmlu..&j......p.g.b...~-v.........}y.:o...~....]m$.!.7(.6J..2... y.U?.lMQ....aw.d.E.G..=.E.........6.....Y.ed.....7..$..b..v......4.......k......z'..%......`c.<Q...}.=.d-...v.J3..;.;n..[.p'....|.t.]d.....>.\|.Y...=.......M$C.T..\.D0..u..6.@2=..C..kz:/..U....d. j.,.-.]`.... l(....^..[..#^.Q..(|>.z..<....3.....+..(..X....|ku.....NPEGW......k3..K.s.+].Fz..?x..N...j@..Q.;z8..r......kR....&.q..Q~7..8.<...........h.2..L...mV.xQ...B..ARWC..eZLJ!.pT.Q9`y8#'.).I....;....t.....4..u...{...G.:.."..cA.].T...,(.z.H0FV/H.5..... r....@..mT.z.,......MJ.....H.!I./.tx~.$^(u.v[...To!C....0a..<...I.kW.P~..z|A.....6}E8...,..d.{k:...l......Ky.q.m..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120634v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):827
          Entropy (8bit):7.734166970001346
          Encrypted:false
          SSDEEP:
          MD5:C374BF83D0D086CC2BD716DC5EC74EC6
          SHA1:224A6556B74C2FAF6495765A0877B0328FD6FACE
          SHA-256:255F163E1A037B58049C2E6F873076A8396F0CDEF05354299A64CEDAC72CBF2F
          SHA-512:96FA7295C0B9522B3C1E97BEB02BAEB9A14F0A7205D644321A5233E20E24F557E5DCD89E0BA5CCB3109946C310142C50CA430F74FD23782249309B810A8159B3
          Malicious:false
          Reputation:unknown
          Preview:<?xml.Ab;.8.:...{....3.l.....a......f......'.......[...F....|/.e.......L...r}.....y3..w.......Z$.@......k.-n)........f2(...e/ ...P:.....Z...L....Hl\&eut|..q.F..l....^H;...0".......l.].z.6kg....a.Q..58..x] ......Z..u..^.......>.,...'K..x5u..W.v.{3.}..4.!O..m...{..#..........YTn.k.(.<[.mo'.....2.....>........W.w.....=...!oT.op.Y.;..O....._.......F..qP.F.}N;..j..=.e.I.qG..J....V..P4EH..h.,:{n.FX....3.t..']..E..6.^..f...N !?...>.L...,.OXP.......wPq..J..r.).U..w.. ...~sW...d..I.0p.J..~...t.....0. @...}..5.........`...(.-&J..o.(#...f....[...@P.x.-..X..P...=.~.....c..<.>..T. ....W....k..SH......E7.....{a....C.3m..Y.\.U.Wc..<}.#.9c_.OG$...>.^..XzV...G.Yg.d...x.?.zq........la.s...cv..|64.;...@BD.A...r).9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120635v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):753
          Entropy (8bit):7.664482323623762
          Encrypted:false
          SSDEEP:
          MD5:BA0C7900AD9C25FBCD9DCFA77AED5179
          SHA1:29655FBCD7FAC1400FE8096034B1652F1D0F690B
          SHA-256:A33B982B0203AE25F31F29342A195A8280E9F491FB03BCAB6F6218EA60E8A9AC
          SHA-512:D9DF3A69B70595095F46AC1C0915DB67B2A5F018B975B2B069BFB74E59EF67E4CD42220FD49C739A8BDC0BF442168E14065ED2E3AA94EFA15BC66AB74A5D7EFB
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....\.tm.$.;4o#.....k.;.f..|RJ...n.h...C....'o.6y.K....!.n.#..8....6..C.m..&.I..B.{."..{..:.0 (u.`.a..3......L0..v...N...qjsR..k.B.f.X.0r*....2.C.b.^....c..GsDt...uH.D..v..^......2.".k.+lH.@...6eT.....o&...m..u5......x....a.*....>N.1K....Nl.6..-..v..~O......WK@x.~E......{.....}.h...i.n).:|<.&..da....}Y._..m.*j.....TU..Op....w.P?c..6..X.K6.]Xj.h#x6.......?.3l..V.......c.g..91......r...k.}..'w=.?..R.aj.i.....U'2.+4De.x.%...RA.XJ.n...}.X=...N....>}..=}z.!.c1.G...?..U.1|*......}M.J^..!.E.......S...sqr.I.L.......lN.u.64..8#Z..h.S.8..j8b..G ...#...bJ.wR.T(.z9...-*{.;.o.*.dF.1.)..0J......Wkh...7}.H...s....OJ.)..Oy.dK..W..`"HIl.....]...tm.l-.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120636v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):805
          Entropy (8bit):7.726947605134597
          Encrypted:false
          SSDEEP:
          MD5:CAD0C105788E473C5155FE9067035448
          SHA1:734C1B392EDDE3E499A1AB56F9B0127E53C1F9D0
          SHA-256:F2AC05EF42C9E06AE79A91A14D5938AC5C4DD5208FDBB7FBA4DD3286087FE4D5
          SHA-512:D7F116CBA368C1238032A9A8A16A0AB159459A2483072F08B209636BCD8F0412D92546A640B89F3B5827F556C1CF6BF041E3ED67EB79CE4BA70C32D9023685A2
          Malicious:false
          Reputation:unknown
          Preview:<?xml...`...W...C.?.p.....:.L..y.h..#.....W\!......Q..S.5......Omle.. {..U<p..|j..5.+..Q.....j.<.f.......)......r...`....N..2...8.&G4$.l......Q...)}..@o....RH..@...d...8..].g".....i.i2...4.o..v.;.dk.9"x..Jh....5.U4.z...|....SE.*..1..Un.....l....7.=J#Z.<...>....S...e....Y+Z./M.5...5E..Z.z-G......DR.8.p"....._....<:.w....1[..h?.N...G.P..._....P...yq.....X5....B.~.F5.q.$.mf...v.E..o.....-p..../...-..V1qc.{~..yc./."X.Xz..{..O......9.q...F.. .}6T.(i.....)..n`...?.'..j..~.."t6...tp0../m..{..7.8..A.-JQ.u.y.....{.&<.#-.#.K.4!.]...x{.....O.9.X.N.]..t%...n_\..rB.\..$...i`.N..p...T..J<.A........'sH.&15Z..@8.....U.:.O.kH<.-.i7'.t...s.W.......0...K.Q.....q..k..J.[....r.+QZ....E.....=89pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120637v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):760
          Entropy (8bit):7.641912239333993
          Encrypted:false
          SSDEEP:
          MD5:DF7C2F481C25F11092E5841DECD9DD86
          SHA1:03F70146385CAADADA7852FEFF6EBE96BB50B99C
          SHA-256:45EC43605CFDBDE7F99F9D62BEEB5E1BB7B65A59B2F07A693E765B7F7B7A2BD8
          SHA-512:F26CDF07DDF245A50B29F43379AB2CCD3849A06D18D3843A5D87764E9266A06618B99FF4409DBF185856C9653EABF85E4DB0A50620AA98BF6D24E3379D3B64AD
          Malicious:false
          Reputation:unknown
          Preview:<?xml..D.<@...<.q.)...3...9....5.O.G.w7Y..oZ....3+..p.|..8.......@.T>....$.G..Wk%.....Q..s...[.,..O(.Za@.Op.l5r..8t.n..y....k.PJ...!........!3s.../1....#...!.Ir."@^p.T...09.A..$.3.@.A.j......9X....9s8..b....j).I.9.......xQ.."/..l..........!...d$.W.8T....r.~.G.WuC.......V.....J8C<.^..P....X....(Q.A.XM..1l.q...b..*.....Y..I..=.B.,y...P..D....H.o....^.R..m.I..:....=.....,QU}..h....Z.y....~.SB..7...T....Y.....#6...|....4....Kw..Y?z.R.r/.."+.Ok..y..N....M5s..j8.....)j...h.....W....,.;9[../.N..um...q.a.f..t.&wC.w8.{&5e.O:z....].Tq...;z...4.t.6.o!X.Bg../2..P.B.ew.H........6...vY4.....P.P.Mh....j..+.`]P..s..B.......p=.E..5sM..3E....S...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120638v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):819
          Entropy (8bit):7.749815509736206
          Encrypted:false
          SSDEEP:
          MD5:F6A1CAA1C94FDC35566748A9A07FB852
          SHA1:7AE99F7A14EB23D96481C542996E5744F4F583C4
          SHA-256:4F55F5EA8CB5F28006B63D5FAA0C7A3DB73FFCE5972DDE4C977F069DA013FBDA
          SHA-512:99D7FD3EFD663CA9E0E2367B882CD31E03E9381DC852C1957E44034582C32B3AEA7D87BF23FC9935228ACC2DA011515ADC265B00AEB130AF796B8E5EDCE92EDC
          Malicious:false
          Reputation:unknown
          Preview:<?xml..54=.?.K.Yjl.....8X.R.xuF.3.w.{..0=0W..P..P....?.t:#..m...$.[.@.[.b..|.."..91..?.[...{.....1R..$mN..I|.ao....K).Lh..X...>."......P.-8nS%.l..P.@r..p...........Y...._....4.=.i.......L...[.C:.?.y...WL.R%..>.@`.P^!....]U@...7<...O......I..N.I.Q.$k..l...!g.]......fD.........i..]QY.gv.d.2F!#.Ed.......Vk7.`...lW i\KPR..*A..h.n).....Y....;....|.Q7W.....&.z.../..ER..[@.....`Y.F<.KB.8..o>E...i..7hD....!..#..9...;H..U.,.....2M.l.E..ge.P....d.7.....b.[.!....B.a.v...?HjD...0....~*Zp.\...1.49.j...z<9..J-.B...p..K.<.J.0................V(...;ww...4x>..{.b..o.2-..i.O....y...m .?.5....)$....y.>).....&..JbC....e..6(r.Kp...........^..%mw .9g.......{...%....{..8.....C.Z.Ue.G.....ag....+....KZ......k.$...Nt$.....p.V9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120639v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):756
          Entropy (8bit):7.713158489575322
          Encrypted:false
          SSDEEP:
          MD5:B4697A35521E7CA4D079D5685E5765B4
          SHA1:D695ED57BACF854713407EEC080F277E9CE6B479
          SHA-256:1E2654BD05C45638D91D8B74776A2E096EED677700D3094C566CA9CEEA36F5D3
          SHA-512:239C306F25AB8E74E54F3EBD92C78F8DF61C85A305D41B2412FD2C9FE784265ED5BB840F4FFDD3D357421D3EBA27D4D9690F20854C55E62980B42396EFD4CB65
          Malicious:false
          Reputation:unknown
          Preview:<?xmlX...Y...7.h..)...6.....|....C.^..s.%..PKf.L.+."....J.........#..51.B...Xl$....v.H?-.....?.........4....F..}.JS_..uN.......6c...z.k..^.^...%Y"S.;X.q%(.3$..8x...U....t..98..P..'......s8p..[.a..R'...$..x..p..<......Jj..!...].o)m.W'.B.G0W"....[..w,.f.......e.3!..6...iM,..! q.j.d.kzV'..l...&J.....E..[n.\T1.2...Tt](..i.]{.Mj..}j0..Cu&..%A&I..z.....c..y...D.$.....3....W......y...;.9...XE6....... *.b.m7.....r.#.MG8..K..8..YHz...&O.tL..G.%]..#...7.. /...M ...w....e.0$]......|...s.H.q>%..QT.8........)........[....Uc^......U...u...../.1......\u....ms.4...g....R...C...G~.Izs.h.Q.V.5.......9~.I.qw..\......./|u.7.x...7.h...&...b."...w..9.]8..-us.N9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120640v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):811
          Entropy (8bit):7.776809200758544
          Encrypted:false
          SSDEEP:
          MD5:41F7AB7997F709BF1F2F8FEE24990E9D
          SHA1:20B5EDDA6FFC7B5EEE6AAE051F75F434DC5E26D6
          SHA-256:55B80EA337BEBF89DFBF755CAE04D42DCBB3F73FC6207463BDA8691B552616D0
          SHA-512:372DD8A8AD04C223E8A3BEACED4C4A5E40E2A49905602AFF49669B2339E12D09BAB83E77A3A8B0F6EE26B6C5A84925AB85FAE76CA845D60AD76DBDA14CB5AC41
          Malicious:false
          Reputation:unknown
          Preview:<?xml6...mk<...[*..bD..'..c.v......$...2.W.sH....`.VP.*Aj....n7.}...dR.....O..>.{N...._..ZA....R..c..P3...j.Z.|.3kS.z.../..~....:.....$.yx.0....BV.......4|...IW*..N.:....6G...Ty.u..U...5a.N.Y.(.l..58/.=]b{.......A.d..s.".r.'......;..M..Im.....4.Po^...Hygm...<A._.p.F.y...T.O...]@.;.......}................(.,......7w....3..Y-..}K.......T.+J..O..!1..jv.$.b\.z.R...9O.... ..re.u[...W{.qi..&....%.eU.)....A?J...'.)...K...TDH......{2...G.}....a...yn....T.U.s'M.r..>/......I.Y.c.....C...X^....b..6.k.......Y...1..........?..z..cg'....9...^..BN............."2...7..rn...c.....D..R.;P...F..%WS.....A..,..k....%v.......6.......#.D......1......j.<....#.0.S...Zw...T..%5....G..!..ce.R..-......'K..f.Q.g..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120641v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):737
          Entropy (8bit):7.6962606875951165
          Encrypted:false
          SSDEEP:
          MD5:C8296D287BE1B99BCB79C1645833D44A
          SHA1:E149D1DC1A241467ED258781D6F3B2171F82FCA7
          SHA-256:0DE4EC62A9867926335C349B60531257210EA5D6BEE45EA9CEE6B0E6A6C58EBE
          SHA-512:9FC650C7FE79E6CF5A065BDA32ECC139B508AAFB40AE71C41FE7D7D93264BBE57ADB83ABACBAD045ACE956BC9A34294436AFEE2042085F2109DEF027D9B78BC3
          Malicious:false
          Reputation:unknown
          Preview:<?xml?..o....v..t$.wc4a..d...&....U.F...{....|...../C.E].e.....h".1..<.}.ZW....#...Hq....4L).n.5.T0.+.../...,H..&.B5Y.9.........X;.....1.j.u!.#._w.%a:..H.'..(.l......^...`.BW..(Zx[..W.ru).........-J......8..J..kxf....Z%.,!...#.H...q)G4...=.....U...1..m.!.]...R.?e...`...S".."...F.DW.3.s..xrR....R...&.#9..'J_c...V....q}6&=..*.2*u...)......Y.[.6.#.w.:2...4...I.....v.'.@..3k..w..v..F.^...m....e..ZSK..........#.|*0.L.V..0a..vM...<..<.......^.9}..:...<.PmaE...zu0..&.)ra4.....h........W.r...f...\b\L4a|.d...@]."...x..../c.......n.J.(=..e.+..8....l...z.\.@...>.M.Y.. U...!.....zS(........a.QD..s........7.......>....js3%kY.L>,....5.Z.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120642v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):801
          Entropy (8bit):7.727351720563045
          Encrypted:false
          SSDEEP:
          MD5:FA4CF85A25DA78904AC25E73B319E3E7
          SHA1:D4BA86C162C8F1F1C0DF1C8018AD2FBE459395DA
          SHA-256:4825E4FCE8AB21679CDE7343B5266B2408AB17F11665CC4A6674EB739D521102
          SHA-512:2A58EBEC68B93B3FFECCA4F0C9615EFC7BC20B91214C044AB4F94A705DEB9FF19F3A4AE30115B4FB2EF7E37AC39490832B1FFC3FE1B7C2EC01DF377B456DF83D
          Malicious:false
          Reputation:unknown
          Preview:<?xml.u.I...+..`.U.V.yC.xv.l..,.OqP.jme?...4..b...B.fD..S6..+\.I......@.{....v..M...f..z.4n.m=....I...O...qU>.......n../g].6 ..`.#.....[~7.......%T.M.m..[.i.W0..Xx.Co..a....X....P=.....l.rfc!.Z..f...q.uZ..`Ky#.......O..o..e=ea.9...j.V...*o.LS%:....p.[.3.y .....F>JgLs..!.]_....8..i.....3....mMMr..>`.....4.R^..=.X.....R...$.b.......%7.x...(w.o.b:...../..}...O.h....%.?:5.M..@...&..#...w....o..0....b.."..B.w.[s....@.m8..v...B.h,.._.*..Vl...~..W..V..H.......b.C.q.Oy.w.u.l....Z.B.6..y..,.;.......g....w....P('_.z...R.....,."y..~..;...S..)....2....R.@.wb.....MAc.."....A.h.N.X.4.n....B+.F.}.u...Z..:..2B./NqoF.|dgM]g.....o._..;.kI.Yo.l.....2.=...x(.'j{gO#s.3...v..4n.}.(.&..\.0...T.......:.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120643v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):733
          Entropy (8bit):7.658401561884249
          Encrypted:false
          SSDEEP:
          MD5:E32EFE6C9F0A921F8A0CA955542A2CA1
          SHA1:E85BCDF8C5DE7BA1105CE2F6395B65F4BC53B008
          SHA-256:5E8E076ACD88913C2B548E8E6C34DCFBACABEAA304A6EDA5F3FD39817603EE8B
          SHA-512:C6E8B7EC043A1561805735EBD34B69C6D5C8486E8C285958A9C439E3F9A1C4C51CF978FCC2BA7C03AE1F751124D6C1C7A0545B9B55754D0242329A8DACA5A5B3
          Malicious:false
          Reputation:unknown
          Preview:<?xml..<.N7..j.<y..|.4.9.....'..... oDA..4e...a.`..a.l|..r.m.|b.EnC@..J..?N.7.t.NL...UV...{.y..i.Iseg....&}.W.'x...(pF.P)6.If3.~z.Z..:.m.u....Q...M.._..t...U....+..HY.fi\E.'.'n.>-.B:.d.?...-....S....q.=.....4....Hu*..Ds..|[5......)C....n....%cy..&e.9p....w..R..~..Ic...*...d...|..$*.l.0gv32..>...q.zX..8.Yc..b.[5.q0....!Bp"D...h.X[......yK.....~.h..}Tja....!f..T.'...*....$..3.......1...4..w:..w..xEJ.r'..P=~<....Lc..S.{...*.S1f.{....\.!....L..I.......'*.N.......2M.g..>....7.z.[.5E..C...h..DJ.......2B.|kbu..J.7.5+q..'..S...`.yT.9.....+x.W......dpO.Y....J.1...h.<...D..+j..i....B..i..._a.<..0...........e9.4..B6...._.R.U.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120644v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):812
          Entropy (8bit):7.7097704262221
          Encrypted:false
          SSDEEP:
          MD5:8B03ADF8D6F369895912E34F8A9CFBE3
          SHA1:D2F5CD3096437B54F0B23AB5A9E5EF44B8E43CD5
          SHA-256:A5C1BECF4F855E78CC70082155C0B513406F334A67884A1B20925274C17F5867
          SHA-512:00C239A9F5E555737D3EB8EB9D2120B49F94709228BBB4D8F6FA19CD0EBE1DE015E769AD266375B989AD697D0DB35448C3E449F7B9A74D7DEFEAF31E47E870AC
          Malicious:false
          Reputation:unknown
          Preview:<?xml...n.JaL...lnB.......6?"..4.'...QA.-y8Y!.[..y..X.L2.G.........fk6...?g^.....n..pi.C...N^.@S>..&<.E..#....H.%E.{5.,..79...O.....k..........*.U..!.>K....U$.~V....Q..x.J).jy/NA...7M..\M....n.}.........s.RD.g.....Y..2V..L.5.<.=f}.4.PF....n..m!.:^...j..J.*F,.....W..H.k.F...).-".......x9@..C#k..R.1a.l..5[gl.#v.hE..2B.....#N#..%.l.:..4il.w.hX....H...J..7Oz>7B...IL. .#G.=.).zW..*...!.&."..6..22..._{..|=.R...2*a.Oz.....X`2...gl......4g.lX...Q)...........#p,.~.U....>b..D[^'...P..L...*...1...(.a.@.T..%..Fm......f..3..^...([5..%.._=.!........;..M.1...%5.f....:.u..@......"...L$...{.....2...3%.J.*&f>.z.....\a`.-an...1..9[t.\..H-..]R..vf.m.8.......{')^O.I]..g..?....]...m.:..d..$...-.\.J.q...E..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120645v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):758
          Entropy (8bit):7.743031659774615
          Encrypted:false
          SSDEEP:
          MD5:E52EFC2CE2FA042D37C1698F11CE3F98
          SHA1:BBE4BC1D3DE918EB91DDAE8DEFDBD324E3ECB6A3
          SHA-256:80ECC2D34D1780D4793DD4BF69BB73F739374B4D6F38D253FD8AFE0CB9464A5F
          SHA-512:3C9E36371B9717A369134D28CE9D0C63B35356923C644E75BD11903E666A8BD510B4FAFA30F7AB0B3503F63C4A6B6B8449B4A7373D6BD611E6B5DDCF24B34C71
          Malicious:false
          Reputation:unknown
          Preview:<?xml.d....m..y.....Po......(6#...>.b...> .<.}.^Z.a..|'..... l{..nB.pBR4.T..mU..w5^%X....D....p .....p."....~..dKn..h.j........2..4.l..g......Z.fRe...&......E..../...&>....`.t...;U..,.QM...s..{....!.g$...~1%Z]...A.v`.^4.H..Y.O".1....tr......J...u.@v&...IH...k....#m..../..]..R.a....fJ..o.#B.47.Mt..~K..J.g..]..-... .|.H...*.OYm....3......E[O.].t.++..H..b.........2M...>....N.T6....N..4..^..I#.C..*4..!:.....D....Lj.O....B#.3L_%...M....=...D..?Yz...#..Y0...*.JI...).C.,.u...-..(...../..XJ....;..rt .n$.T.5....8...iQ$|b..v..T6..bb..:.6...y.@......!.....{...(a%..\.T..=.....FH ..43-.}..>...>...U]..YE.5.NW...E.\.Q.o%.55:.~...%...1...<.....W.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120646v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):808
          Entropy (8bit):7.706008265412381
          Encrypted:false
          SSDEEP:
          MD5:AA5DD8A70C3B90AF572F5CDE84C6E278
          SHA1:4ED8D356B7C494831F81B6B9B94E868E05A75BD3
          SHA-256:4EE8143F232991CEBD59DC42189875D4A26BCA6C9CE0EB80199925D4A73356A2
          SHA-512:44C62F47F44E5D34AAAF6FC5D34AA93CDC8FB9B5B3860C153E4485FABE366F7A7B44B13475479FDA03D7F4F28E9933AAE0D25D1F3AC50C92AB60D538AADF7EFD
          Malicious:false
          Reputation:unknown
          Preview:<?xml1..x2.,..(...S."w.}pR.\..Y-.q...4.%Y()..l..?.8.L.<g..~......cN..j..dk....TI,......r8.w....=qAsc.,}..4...O..h...<X....R_....x....E....,....]1..<.8.P..S..z...0.....x.^..]w.65....e.2F..e{.B..7.CYn.hA.._.lE..X|....f{.5sj.q.G'...N.lH.-M..K.#.g%.rL..t.....T........#..a$D..].)d.L}..p..v....Is[.\..K...k...".7.>..M......=.1P.Z..n..Y....i.f.H....H.Z...sjY.G.tp.1....~s.........=K>O....b.v..bid/..7....9L*2....H .p.....CU.....+$6B.".(6....._.^....>..b~..P.^.Y$........r./....W>\.7?.C....vSL.##.8...E..........{YV..w.....re.I...dNL.&....>.c2.......#|3c(.E.].t..:A..l~.~.'.C.0..a.._...@...gS.......?7.a$N.,M..i..k..f.,.R[N1......Oh.[..$..G+._.p.v...w..2ue..M..B:.]......ZH....6..|.Q.N....`F./6.n..7..*.?..h9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120647v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):781
          Entropy (8bit):7.72394919216696
          Encrypted:false
          SSDEEP:
          MD5:F13D7F46A4C1DFC5E9DCF8618477EFF8
          SHA1:4515ED4D0B70B5CCF2F36A0C3816E5F582E51AF2
          SHA-256:431B12DB19ABAB83CC73BE8031793469748E3ADB9C002642270BA206588F4A10
          SHA-512:DEAFDFB84BACF2C7B6CDDD022C89C9A8401A9D8640BD985E835C4EE905CF3D2CA77871A0364F619908869E3282AE96A1262147D67F637EA640132F023C43EFEC
          Malicious:false
          Reputation:unknown
          Preview:<?xml$.0%. ..{.T.*v...)....9.4). @a..w.................K.2....W.....P.w:.........{....S..S.J.)...|.{V ....aN..U..[..'.".X....!....,Q.P..v..a..>.1.*bZd%.G|:&..s.6.!;.|{.{c.S.a~.....E.iS....8+..xO..'.....u.a.. .m.?.(F.X..L,.<........Z.j..wy..)@....*..\....|.n./>...<M.......l.$..@.Tm....x.q.4.(J.....4?W....).n.[V;.vL....?|.*...wN...."...g...~.....R%.N.C.7...-{...4....{>....D..E....Ay..y.f.S$...m...e5.O.w....l..../.4...;......'..../J..S.a.}..srr....|.~.@W..*....+PE;~S...[8Z.=<^;...].u.8<e.....R..%\....z.....0..).........'.R....`W..hq..M....{.>k0Q..$8I.......Ki.b..C..sKv.....W&.3..j. U,.L......I....7.|..l..Z9...j....~.......u..T.[B.v..}...."..5..X-.7..3n.uRs..K.._......_9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120648v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):824
          Entropy (8bit):7.750015483472192
          Encrypted:false
          SSDEEP:
          MD5:8627DB8F36E761AFCB96A68E97B6A15A
          SHA1:B9BE7FC87C7A11BAE27BEB1A23D43591BD13A5D4
          SHA-256:A7502CE7173D85789898C9E8583AFA03E8B47DC8504AC97D88E0E595BE7000F6
          SHA-512:C718B9448F549F9A8F64CC64FB0A526EE7E6611042C89F5F64F125F2ABF456008892A36D3A63B0D741A82F2A4908E66A00D696F1C915ED4FC562FAD84E3F67ED
          Malicious:false
          Reputation:unknown
          Preview:<?xml..`......*'q....%.....:w.....F.;.4P.v`.<.......p=k7.....q.O.......S.#.~@..v.*.-.]..h ..SFyu.l5....g.\.`......[.$g..%..?.6..8.X."W...Y.Z..P.....Yl.gw..9f....T......60.?Co..mtOO..(..{.u..u-..!...-.\...zeG.uh ..S..@/X^T...5}..z^A=ha.2.Q.D:..h@.'{..(.k.]7.==.~.j.f...L....!*.6....Ie."..w.}..W.z..or...(.0b...C...f.v.u.O...6.2.&.$.dGZ...mAKY-..zs.............3....~.k...Q>......E*......H....y..^\.f..x..@:......O.l =.F....j.(. .........X...%....B[p....h.U.I..../.R%...P....V.T-....2..)..u.......-......EX.C....Y...5......\..*.W59.f...s......r.........`Wz..j..3....h.,..u.k...7j..F.Vn...J.f.....W.]eo..KF+.y._...7...P.RfAbi......@..W.-...8[.0$......ay.c.T...+0..<..Z..)]..W.Te.....Q.^ua.^.L.....&R]!....1|.x..1\`.F.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120649v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):749
          Entropy (8bit):7.706787967436758
          Encrypted:false
          SSDEEP:
          MD5:0594E90BF5EA5A46D8D200C432B18227
          SHA1:87A8424104D9AC9092A05597CE713C6E9F9F3B72
          SHA-256:5AF8A3826702A853ECE863D879406F88700268128BDFC791676DD72940A85BBA
          SHA-512:96C1C4B32798902DE125D88F40D3F6FC6E7FF3A81BB81BD6FDE202F31D81842948B67152FB5FB33D02FADC67B2AB8FD71299A747A0DF57182716B32EC4A6C15F
          Malicious:false
          Reputation:unknown
          Preview:<?xml..Zf).7..J@ ..'..s.....F.1.....3..!|...,.........r5...8.S.#/.c..B.].8G....a.'P.6waQ..7`....D..F.Ok..".. .h..Y...p..s.5......y.".6..2...).0L......u;..I-...../.=.'.).o{..Xi..i..V%.`.p.CUBD.#7.......T.v'M..iHd.=./..;ZyM..b.@..$.=......`.Y....V.......M..R@.V..<..Z...IT.1.....f[.n.U..[...lOE$.."h......;cX00....!&.%.Jn.o.nO..$;:m.NFj...L....cT/...=.`U.tU.......9V&e..}9ja...u...#~..H]...@...q.?.U........,.h....u..j......{... ."..O......Ah..!It\..N.S....}^...{>J..S..Z..l.$.b.z(...(...$W.*!f.........>..?..n.+...G.U..J.'...{.k,4.".Zo&..dd.Ul.7.."$..R...H.lBk...-..]...2.4..... .,.....k..;..?.A.RA..T..4..~........M..^......b.9c...]IUr...U9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120650v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):812
          Entropy (8bit):7.740583359341022
          Encrypted:false
          SSDEEP:
          MD5:6501FEAFC1B20F2AB630AF3556FEE8AB
          SHA1:989C7E1F61AF9A9A6F953770A195E54F59560F99
          SHA-256:B8387CAECF76CA7C429660CE72FC4B5F0437BF2ACF6053CAD7E6428CF8FCEEA9
          SHA-512:2F3BD718A6965A0D757070AADEE4275177988972E8F480258E6EEDFC5678F0DD41FE5F0C17319055BB272DAE8AAA8811A19568E987F2AA1E595EE348ED5C6305
          Malicious:false
          Reputation:unknown
          Preview:<?xml...m.'.Y?.2.S...>..Q..7..eeT..;.K.|......%a1e.Z.0P&Sf.E..."H3h.. j..h.I.-1..gM(...r.rd.0.....=.....k^9..=..EUnw......i.........+...'W..J2\..>...R .e.....K.....h...&a.th..W.....t._..[..".%k..E$....j.9gUI....o..T...z$.Ks..B.{.G.?A.....\..e...y;........:.j..Q..<1....%.2......0.j8|a..rFnS7.K!..w.b.d....:....t?1...../Y.~D..f...pfO......."..f`N....i..........M.v8....vp?.N.T..$.N.:...K.e|;6.Gp.....'[.Z/$...)...>..c.T..p...a..I,.].r"..V..K.c....0K...i......h1...V,J\..M.o*.\.D.."..I...y`.&+...^.......kq.}VrX{f......)..y...5......>.{.|......-...S.s.u.2f5~...".3C.M.._...k....`.W}t.....>.L+.U.N......../y\.;.:..~.x.I..%.K..{..q+...g.,.L.{....o?.. I..N..k.....Ry....;P{.?5........L.).!....'.B...,9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120651v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):748
          Entropy (8bit):7.701372123886143
          Encrypted:false
          SSDEEP:
          MD5:CF6A07805B599496BF5321DF2102843D
          SHA1:887DDB54ED9D3FF4991BD8D54284C8AA70B8B645
          SHA-256:43B12F7320CFF58A29D312CF5A10AB57157E30371472B07B3B0A198C94250F8D
          SHA-512:C0F9E3290AAB949B3CF1FFAC476D4135484E598FF9EBC3B5744DD71084282C3E59157C9B2F059881D36578EBC414F11A0633EBCDCE7046E0811137BCF3556379
          Malicious:false
          Reputation:unknown
          Preview:<?xmlgY.B$...D..oX........A....U.......&TG.....i.sX;...>(_....Z/.U.O=&...r.....V.....7........|4..*b..*.~$~ .4.....,.B...ss[.?&.......L...._.i0.b..[*.......Z2$)...-v...X.,.v.._.y.8.^....2..`.Et....!C.7g../%.}(p).....P2....pk.&...km.FO..4.'2.V[....m&..&.N8L...O\fdM....A.Yf.b..~.t].....e.......L1...;...t..k_.../.|e..2>.P...o.[Y}[...iV.....Kw"lN...Ud.....V.(g.>M.W-...J..tj[a.N.6.{.,.#~..5.W.....&dO..K?.Uk..]..'e...:........}#.'_o...}.....gC.].9.8..W...?.K....3...g.9..0CvA Ps.7...K.8.y.........2(. /.V[d..u.~1.....m....D.........E.Q8!....~._..0.+.8._...,.*.....T........\..{t.oj .&..CBD..b.ts...Y.../.%...}Z<..#.......6....!..|..n..K9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120652v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):804
          Entropy (8bit):7.725077061007275
          Encrypted:false
          SSDEEP:
          MD5:CC2CDF313CFACF48207546FF62953B49
          SHA1:4BBAA2AB9090DD95E4D9FBDCAB8D0819A676BEFD
          SHA-256:7F54563C52A9A2C6D6D9CB7B7BACCF81AE2A2726E99334391323A886FE3C8AFC
          SHA-512:67F9042A8F0242043F04D84FF1E8661E3408C88FDD9B925E27CE75811F72F2BAD8F66BFAF9B580FCAB73831951DD2E46B11B6E96F2CF153C183429AD5ED7DEB9
          Malicious:false
          Reputation:unknown
          Preview:<?xml.}.fo..G...2..*..+.......i...>+-.<G5..LE._|..H......-.5O.....yhT.y..r...g.P.......k.......Dh.......B....*..Dp.6E..9<....|B.D....V.5.....)Q.t.{.<..1.......pt.`.v...e....9qvV..f...M!.i.....V.....AR8.#?.,.o..i>.J.-....-.?..q^..,..J........vI9{T..}).......j1.L.k....@r@....._..w..!t"..TE,$K...$...}...@tK_.,H.....A..._.....<....VD6..a..I.|..n..=*..x.Y...J........`.<.0d..3.p.Y.o.EGW4~.[.La:..@...oZCv9J.{.. ........8.....w.IQ.Hfw..J[.L.........r....G.L'q/.6.h.5..a..]..~.Ngn1DM..G.{.{4.W.(.f...C.......V..z...b....p.2..?...oN....m`..k....H.......W....W#4.H-v.|... ."....E.WIs8*Z..cBW.BpPg.[.]....>....U..+`'....H.ShI.....Y.7..J_k.T..<.?II....r}.....<..._j.....!..l...`.a.;.Q..fF...T.C.u.X...2..j.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120653v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.713073690215976
          Encrypted:false
          SSDEEP:
          MD5:58D1FD8211ED23DE8C552E059AD74E5C
          SHA1:4F051ED0B030B95E52CC50744016BCE7F7036909
          SHA-256:3D6C483BCC0D6324566A38BFF773D920504139558DA3EC01016E59C9E10C63DD
          SHA-512:53B6D795CE676EEB088AF54980720DCB1597EB9172D25691F3ED719D8CB57D7E442A9A933431A1A898B810BF8B8CED942B400A702B493034BBF74496E88A3365
          Malicious:false
          Reputation:unknown
          Preview:<?xml%6`...x.%....V.k.)....Mc|..._4z.B.d&.Y.W.o..n......D..D.Zo..%.T..J[.^.d.P..j..dM..q.....v.v...T.E../..\x."... .!....Z..^...S..I....5-...o......p4....@"c....H.q..}.j...J.8...c...6..4j..6.y..>..s.....v.v......k..TE.......R....t..B.'.u.G.:HXzNQ....".\.&o....*.}7:..I.........N..d.t..........:..Ia...0_.)>.J.....s4.Mi.....W.-.$#c..J..{u.'....Y.j....P..Y'VDu..M...6......{?.Xl...Z..l.$..Mw..]. ...a.vkm...Q..p.W.......%e.Ik..#C...WI...u.3.1...S...{..j.|`+.&.....2/..Ok4.w.....e.&P..;.=.b.;.N.....-c.......[..3<...*l..P..k.........?[...?...I.ve...x..K...n..._.f6T..\+Q_C.dH...a...di.P...o.G....4~......z.......3..f.au |.B..[...._.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120654v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):810
          Entropy (8bit):7.734124861866942
          Encrypted:false
          SSDEEP:
          MD5:FA723D22036D80DAE965A6631209837A
          SHA1:74424B52AD39A0B9B05A2B694295F4F48E618FA5
          SHA-256:845D14678BF9974F58DEB81CED8B5759D0F15933E305C93438FC824A5AF5F39D
          SHA-512:B6CAF1DE99909536ECDC4430E0CD4EEA0F190AD193EEC9F511282A5FD13E1B695EAB7E9AD87AF5A76761198AD994DCFB465C66F9CFD77963421F450DB0A4D09A
          Malicious:false
          Reputation:unknown
          Preview:<?xml.N.k....<...W.h#.e...?FI..{B2....X...{...z.~.`.^.......Rv.....s..T...C!....t...?.0'..z.......XqW....../.H=.!.s*:G.."..e.,+.$....x.3......TgS.q..b.....0eI\.S....=....%..F0......y.d^....M..x&9..'U...d..!kq2Dn..)..RX....W).*...1.3..'.u.".z.5.....;.C..@..M...kUzL.Z...v...ki1.V.M...5.r.......<....@....Zp.6....,.H..!.{.B.O:y6.(r..K.\.Nf!J....M."hG..j...}.;.;2OSh.<..tN..n...H...........n..F@L.!........n.;.......-.<B...>..V.jA,.h..l4..A...;..O.?..7.T..rd..Ge.`6.. .....k../6H.:T.WE..9.KQ.K.-C9.Hj.t..4.4...,.1..!.!`...o.A..gG.DqI..u...H>q....ux%v?W.....V..8m...S.$.S.#pGz..8...:+...XV.HA.%.P...........?.Xy...t..b..I..\.hUv..E..s...~p..+...?.3..u.|.?......8E..[.....1XL.q..........,.-..-...U.6..q.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120655v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.704751991400105
          Encrypted:false
          SSDEEP:
          MD5:58AA4D0768F39D2DD7DC36063BC4191B
          SHA1:4661291B73E1D6F61513069882A1F3C7B4636E36
          SHA-256:309D69F3FC74AA2191209F5FB87991D4F97D32DB382E4FA032723420CE751119
          SHA-512:333CE9C6676DF9B626D25FD5A4DD25EDE52BF25C54A57411499A80B84E65525BB9ED222E7E591D76119CD3BF545752F4727730A4F135746F7194FA47F0EA09DB
          Malicious:false
          Reputation:unknown
          Preview:<?xmlq......SqOG......t0.\..d7...p.....a.`.zt.Q..z..........g...3..5.0z.Q]`W.@...u..B..... n....w.g.D./.~....cc!~.7`.n...p+....<.].a;.....&b.....A.%.y.,X.@...i.l...6.@..}_iB..~.3ME.K.V....`..L|./gsqP.)...H..4.r......2o.<[i#]X...HC......b...../a@.=...fM.T........u#......X).a..(.W..G..../.r......kf.QK..E..3...1... ...0.ANnV.}.....L.....rH$..=.l.A..Xl.i6.X....b..1.......2&B.ud."i......{.._.Z...T...)...(y|.....a;..}...Hh.M.......{.c..\.&%^%m..\..9.J{'g..>..;.6sy$...&..[..P.~.e.Zl........3.&f+...K....X........Q..b..K+..^.....3..../r..5Jqw.B..`.v@...nM.....k..'_..;.r...M.#.c.../.S...}.c.*.....Y....`.2J..M.5D.&........c.L.{.yt.....XJQS}p9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120656v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):810
          Entropy (8bit):7.764152662999615
          Encrypted:false
          SSDEEP:
          MD5:4CD40917CEAB78ABD33E97C0E007152E
          SHA1:A325A0AC337F8EDB7B4E2134662AD24C7636F20E
          SHA-256:03FAB516CEC8F465BD2C453D28D6EE49FE23B88B13D8386A7C8E7F89994FAE22
          SHA-512:9E2D2CDA6880B73543D2929DB70DC5D80ED7AE6EC5BC439DE2E2D333554D5C1ADD6FB44E3227E9680A8886B6EB4323C46728A079677943F92E34E7767AB6127C
          Malicious:false
          Reputation:unknown
          Preview:<?xmlu<...J.f..^.y..p..Pt..tK..1Jx@s..X.F.!h......8..b...]..v..I../.$.............5}..d'.../.:.aP3O...k.....,vx..?>*w.0..(.D7.vhq\q.[..4FO.z..j..J#..].AH...%....4<x...@Y.z..... +D...!"..q.==..I2.S=...+;.M...Y..N_U.......G...).... ..~uh.8..k.R..z.D...T.+.1.t......"....X/3.N..{SM.Z.....O.B...w.i.Z3.Gfo..1*".#...dE..?..}.&.w..%...Yb...p.\pR.B.[.WF...99..SUy.j.....@....G. a......T.z#L....-.c...............t<..v;.A!............&u.9?V...ty..6.z..v..1o.......pC.N.S.mWz....K..w.#l6.........A....|r..c.J]^=.\b..a...0a,E...#.Pp.......n.=..D.....kf......\.e#../.r......0G...B..H`.u.c..:.. .P...?2..7..Z(2d..Ts.i./o.."...T.f...\...*.$G..."....p.S..X.3.Z......}..A..."+.:.>a.....~...58..@0....3..._....6r9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120657v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.697888614460299
          Encrypted:false
          SSDEEP:
          MD5:AF314D03B7E795A3F8237AB17C305193
          SHA1:86264C36F681C999C9B1887C1C4DAD4F76132623
          SHA-256:55F62F4230185A27977676977C5E7BC46EECA8B73EC3929A80CA6EE46978D5B8
          SHA-512:C5CAA762366F5349826338FED8C0FD391BF3614102CEFE4CFB6C1FC1F352B054D65F2F3A7250E06A2D5A47683F536E8D71F48C2861D4026F29CD5DD951B23A15
          Malicious:false
          Reputation:unknown
          Preview:<?xml.4.........0...................X........zT.|.u..P.f`.E.W....}.i1......g..$,.{)..V.~.].W....ls.........&..........!.b1%...?...x.*.. .m....~...........v."E..o.....~\.y*e.Gt....3.../lN.F.B....z..-..s..J..SC0.3R/..r.EJ.o.R; I.JE.pt.i..D....Su.....9O.b....^.7...\....O<O~.:7..>..7.veI...+cm.xV.....qJ.`.:....f..r$....u...K..fn`....9..x.#.h......_.r...]rg....-}doi.....w..'.7...K.Q..^o. W.9.....M.z....1.......*]..P......+J.t..X./..|...I+!d7......u....._I..kb..(I4....!:...'.T...{...7.j...sh.x.,......u.@.....+...9.,..0..h.).o.......d.u.._0.8......QPr.".h(..3.n..g....@...H.y.?}.y/...@:?Ij..n....g....N.D3.....L.q./>.U...Gx...,.Q.p.L.../W9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120658v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):805
          Entropy (8bit):7.6918285295823825
          Encrypted:false
          SSDEEP:
          MD5:0EF39FFE7A6F88D4C3C73B6A2207AAEC
          SHA1:C18AF2B6725A577F3A2B0C84DB99DB7A015AC205
          SHA-256:0A0F983DC64AAA6677675D374A11DBB102A9D87EBAF3FC080BC4A3C9F9B0188F
          SHA-512:EE9BF4200E2F9CB86D45A05E23D8C631E60BAAEEC70C059F63B3DE5D7509B60274034A989F15D6A889DA313BB506423A2A45023EE933ABB23035EBF5BC025370
          Malicious:false
          Reputation:unknown
          Preview:<?xml..'.?....<.A......_....,.;.....D]I......;....].|.Kh.:.... zp\.v....;6..i..w...V.Nz..r..c...d@ ..]E.(K.).l.....F..J.^...1"$Q.u...d.N.....J.1hQ..."..`.......l....=vu.</A..1...G....V.ni.s.....LH}..<Y.vbsGU....\_..._.Z...$.Y1....p...dyF.....[...p..c.!.w..t.u.,.`..2...B.I...l...;.<..o.L....-+.VsBE.r...Gh....>xm7e....,.2........-=.E.......S.....wR8_N.....`..Aa...b...D&.}..b.....(6..... A..S...i...p...Is..Y..j.N....**K....A..w.......!:.........@...'e..k\.l....X.H...]X.m.A.!(..qlat.{....'.l`.....M...D,.L..y.<.....I#Y.'Z.s...8EH..z..Y.tz=...a}.}....):.....V..R.t)3.1[..F.....r.3.7.E..oq.9X..h]_.9..G0..{../.H.B...'..*...J.l.v|..7 ......<.i..'o.S.F...X..:.6Xa.a..ph.x..r.d.hB.;..Q.z.Z9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120659v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):801
          Entropy (8bit):7.7493150070765955
          Encrypted:false
          SSDEEP:
          MD5:A1DBA5C961887DEDCDD6A56BE82E5387
          SHA1:C639194DC9EB0C0E7356D652147D53D39E71EAF4
          SHA-256:209C7F8BE3F61F64D342028D2DCE35EA63BE8DD38AC89CC1B12E7F53AC558883
          SHA-512:4738D14A37283298D08339CFC72867E1FE0DFC890526340CA84A35DF1707F96E7D0E51652CB49B546D2D593F8553572FD5D780093EE0DC7BD019703317D69A15
          Malicious:false
          Reputation:unknown
          Preview:<?xml..%F.z....r.......5H..83.....jNo.1.4/..Gu.5. LK.....>...y...=>F.).....w%]....yK9..PH!......P...G.m.o.)y....o}.bu..._U..........&]..~.Q..4.S.X.%.P&.`.....j.3....O..SR...f+$.o^...x.P....G..X..C..)9tQ..kW....K..<.%&R-d>.nx..Ut...%p...C.......S..{.sd.-.#`..e....#..............?.b.W'...@.Ln....\.......L./..>p......I..sQ......g.q..D.%....M.....h&B.Q.7P.ln.i...*l.].....M7?.F;....z.'...8..n.V!l.e5.`.[.f|..O..=....d..!W?4U*....:1+...uI...][.F4.(LH\..D..I..<......(R...t.....W..l..I...}..V..\(...s_0@..q....;.#w..{.',,.....~[...QvA9}..EY......4tM..I..,0.<......v...v...~....6._.U.M..j.V.Y&.L70Y....s(B.^.M;.#.w...D..$.'.....}...".|...\L...U.M..K.F....H......E.....MG#...xd1.G...3:.-,.P.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120660v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):818
          Entropy (8bit):7.728630551033603
          Encrypted:false
          SSDEEP:
          MD5:53612141BFE0AEA4A364312D21F8B989
          SHA1:3E034CED4ED4C79D8EB3466E12288F10B87E6E37
          SHA-256:802FB1E83AA7B2CED726A79FE786E8BD5A84F764DEEC69A2E92C3F1210BE4AB5
          SHA-512:D49F20B794E5F29316C78DEF49E7605F2C3C1B7B2FC5245731381F3C116AFAB50385DABD76A903B98E90C9C2B3B9A0E4D9562AF51CA9FE90DA5A86EF396016E2
          Malicious:false
          Reputation:unknown
          Preview:<?xml\*."...0.\>.e.J..I.q\q..ne..]%... ...t.....3.....x..Kx......SL.h...K.o.....>.=..W.?....Qmi..@9.."....b...?...J..\.8\..'....Q...~(KL...a....T.'E..B.)o`i....&..f...)..M.d.._..K.MJ...E.{.P.....:.A....PAC.....C.O......i!....k..k..L.....?.'Dg.G%..;j.B...7Yd+.>.A...[.w.....-.-..H..x......u.....L.,...t_..G.[.0...k9..J[-.!.*...n...vj....... B)g0!=.{R...vl...".|& .9..>..\.W....(LT..4....!..5..1......MVa..Z..EU.\.......9:.}..X.V.3l..../....e..9..El.{q0.Y<Q7.+..4..0.Wt.@..!.G....Y....c.......Je;5.h:.O..'c...M.#$.` +...\...+.X.%.!.P\)KL|.$...A|..<Z..N....X....S.:.R...2.ddkHUw....l...|..4>$......@.fT.S&..Fp_.YOT.b.<..].3.JIt..e3.p!..t.b.Y:.s ...x.... }P..j..;.v....m..9n....3.%........)l..<U..=.%.d..U..f3...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120661v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):744
          Entropy (8bit):7.696968390655739
          Encrypted:false
          SSDEEP:
          MD5:E9AD98617B12A1646C5284D37FB4BFA4
          SHA1:D4A6DD9C62454831BDBA000C30C21C6346D27FD4
          SHA-256:C83B5D8E20C2F8584594121FC37EBD8836A747C42642BBB6C5AF60AC998AC07E
          SHA-512:9A4D5F3DD02E4256DE4D455870FD74465AAD4008843F1B41AF7D95C71CEF17A698BDFEEA8B7141B000382780C49A40EBCC5E2EA958FE4859987CDB751454D871
          Malicious:false
          Reputation:unknown
          Preview:<?xml..]oJB..f......OB{..n.r=r..n...Z..A....|..69....]Dc..i.5....+...8XI....2.~. .....}.=.4`.U.D.E.p.Cgy..Z...<lWT.m.s&D..d...k...Jz.x..>(.^c...GM...m=.V...5.(...#...#A~.^.G......Z.....B...p.....cFf....b..M.T.tAT.NKA..]s+..~.3...u.#.w..XL..0..29Ck.k.J........Jkw...x......5.es...k.1...2.s.H..w..._........y.(p...d.'....k.P6...n..Bc...?n.tF..rK].J.- ...(s.f1.k...w..XN....h..~2..A&.r8.H.D.W...........pC.y...-:...(.n...9G......]...n...R..0....k...<..(p..."f...1.!..E......>_.*.[..g"....6....@..b...{..........z'F....@._....y}....:.9`...I...O*M.Mg.........8..........=).j.$p..........N..`.v..:.......h.BfJ...G.i.j-_*.......{..u.?K9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120662v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):803
          Entropy (8bit):7.767013808132848
          Encrypted:false
          SSDEEP:
          MD5:568AA17EAAFAFEF7A54975EF45D1785C
          SHA1:E7E4E7B40D0545D54398040F920AB41B74092789
          SHA-256:49D9E8C83128FC8CC51E2F3685CD872E8CACA83031D35C9B543985529FB59A23
          SHA-512:86A1FBBDD39EF05618553731FFBE2239FDA0DD3164428C1519DD3C266102F5F8016CEB60A15623CEFEDB2C18F52729CB5FD3D589A66F552A8247276ED0BC3D02
          Malicious:false
          Reputation:unknown
          Preview:<?xml.W..l............8dK...5......E.SA..O......Z;..!..1.{m..+......Y...Mu>z.=...+.....w.^.".Xa...8..k.....7....)..B.....]...&7..s..,.]~U.Gb..y>...[.o..N.Md..:Y....!..jnG..+...@..........A.8.].#'V...p..z..=?.D.%......ZN.MQ............w..j....Be....;y.8a.J.2T.S1L...b.Ns.c...}.."....]..J.7..g(.o$._.g.........C..l.{.h../-.V..YajRw..*.f..%......k..^./.......V...Q.A@.. .......=3>PX..R...:........9{_.l-.Y.lK...2..D.I..g..3}cokl-....@..f..j...O.(v<br..S....%a0...`.n......B........)....q...5.^..\f..?.LF.=...t..2....$...FgT.vow.Ap .t.&Q.G...U..9.....|&.A>y..t.%..vo?..>=..B .%N._.}..Mr..?.888'..@.7.W........l8.-..8Z....2./.0..s.;U.....)..2.,..<.$..W..y...i._L.....3V.....u.....'+5|>1Z.t...k6P9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120663v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):760
          Entropy (8bit):7.7347504974785375
          Encrypted:false
          SSDEEP:
          MD5:A21F206586A9F45BE27CD458783AC29B
          SHA1:FEDD7A0491D2A2D8F21D2486D15178FF68ECCB23
          SHA-256:6601711C97B4F91D045F133309CAFBA17DEF18F41043BD1E91229D8D04DDE042
          SHA-512:4EDD1FC3120641BA7EFA9431AFBD318FF0730A74BCC24F3D56B7C21415C1E3A7166EB04EB6DD2C925F1107880A9B3DCDC1EBB0B1BEE39FBF311F59EB8B3D23E6
          Malicious:false
          Reputation:unknown
          Preview:<?xml....@.A...x4......U..E.._...)..EfH.?!..^.. .L.r.....'..F..2.#s...1..@lik....#d.:x.....(2.h...........x...^....0.S<..;...b....D?k.Yp.W...?.....Ya....'...t..3."s.....'...'.A...a....u*..}...R.4#.(".\J..U.uV.......vs..N. 5.[..T.....8Ls.m..3.. .U....D..b...x.9..,...+..I...,A...6B-Pl. .G...C...\.r.t.....=..Kj..X...=...H.nr...-.J..d......XtC)..!......y...csi..I.f....T.n.Y.....(..t.2ITF~....h].q....X.......'.W.fo-.s1.'`E.*^.......(...p...:..%._..t....F~.....$.....g..As4%......Ib../z.g.F.h..'c.Qx6.y..S.......`B........gh...D...5.P"......A....o..FC..d).....K.w..w).w....Aj';A)^.c,D.>...."H.8G....2...r.3...*..$.....<B.V.a.3.@..&Ur.4P.=5...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120664v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):835
          Entropy (8bit):7.746104894499326
          Encrypted:false
          SSDEEP:
          MD5:03A7DE101B6B22FBC8EFB5FF4174F52B
          SHA1:D31E5E3BEDA344AA3CF659F66D3F9FF19B90EB9A
          SHA-256:CDD83F1DB74C58BDFBD73E17D3FCED6911C886E368DF745EF8F3CED8832496B5
          SHA-512:6F1FBDB29CDAA5A36306E510F682045A265AB7D59B8EF2AC04FAD7880687DF633ED4D8B41D7C32408E23AEC38C0918E90E5C018BBB9C3BCFECC34C38BB20636E
          Malicious:false
          Reputation:unknown
          Preview:<?xml..`-D...f..K-...@`..).).....&.....=i.......K.^.G.V.......e...[|.c.N.a..08.|....8|.K.N.I....N.m....d...~.2......G..c.d.jG.W$.bN.u..@.I.Z......".q../.....X.....F...i............A.|!O`_..N...u....,.m>..~...y...!.U...I..L....R&..A...;..I<...tL.bRE.E....zY.D.../oY.......s....f.... .,1=..p.1A7.7~.FQ.f>.3.z4.......S....;.......7;.t...bz.....^wHj%F.y..[.C.E*...w.2.....L,B.......4.>..K.#l..{./..H..3........ ....*.m.S......5.).t...........p.5....wc.S..M+_..g..f..e.L....$.D!..d.\..J...P.....D...U.[.?.UK.`..C].....I.{....E.n...<.u..w..($&5.*.g!=.2..Qg......\s..U..............$..5.a........g3..'Z.,..~}@.kA....R...0....8.MvXLs.UCq.;9.My.{..A.I&a".{..$.......4...3U.......E..W.R.._.E..xA..H.E.e ....T{...uD.{..P..WY+..;..W.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120665v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):740
          Entropy (8bit):7.713828352710745
          Encrypted:false
          SSDEEP:
          MD5:C9B59BA6307A79BD39467447DD289C89
          SHA1:94F8161AB9713F1B98744DA3AD67165796546963
          SHA-256:F6EF6C2C30E48CFDD2FD071A199BD15FFC509950916129006F227EF6A49AD9E7
          SHA-512:0E471C4F7FC298CDD37CC5A9615395E7E0233592381FC396DE090DD2554B8F8E6EC24E86D00D02A9A86F95DBFBC7621E9F6E37DC6A388EC064F353B07851EB4D
          Malicious:false
          Reputation:unknown
          Preview:<?xml.u,..^f....y/ZUD.;.........~.QZQp.c^%m ...r..........n.<R8.o0.....K.3........... B`W.OU.....].X.8w..Z|).m.......q...p.AiD..}....w...q.0.!...Lv.NV.....A..U .(....... .w..2.......S._*.T.F.`..YF..$..G...z../..V<\...&..N....F..[..k./z..<...L..N.E.$.61._[..B.A.(.?my..[.G.......#`%6....'T8....O./...a_..Y..E6.,Q..E.Gl.W..:4.{..*.2h.]1..^+..y.].^.O.......P.....jrD.c.n...yx....^..k.%..i.%.G...g..9.l(8....63qy.\.:..#"....f.9..tC.n..Y.....dw....w.~:.>....^r.Y....V....e......S&..t.jV.~.P....2...|.N.t.H.$,."N.i..........Q$..i -d...2..o".h...J.w;'..`.g...D,w8..-U[....N.k.....c.bKC.G2.H.."f.....o......)......T..P.l..V..W.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120666v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):807
          Entropy (8bit):7.743529764972188
          Encrypted:false
          SSDEEP:
          MD5:110C17B6CF2203ACB5E942F5A22CDFD8
          SHA1:880FC1A9002DFA43B2BACBE9FBF52F54A64A45A2
          SHA-256:007D3606EE1D6B98604728ACA0E0F9C31B702FB3FA688C904A1D420FCB3A8BBA
          SHA-512:B69EACA43A88EAE9220E7A4DBF93A55BAAADD036BDA1DA0847375E9227875F8D6C75CB8B7A278B8B040873126455013515F24464499E51C115DA4A82BFF9E83B
          Malicious:false
          Reputation:unknown
          Preview:<?xml...p..9.Q....Z?15@....8.....vD.u.....#dA.:..A.....{4....fA....!.....TV.....x-.c). .27.i....-...k..z../sg...c...;j.P...5...^M...Oq.R.-G..R.N-R..h....<1.]IE9E..(.x.......^.b .j~M.$LF.....t..&Q{%Id....ET.v...._nO`a....X0../.z...c.'VzT4....~.......;7K.....z?K_0.N..w........s.n...:O..<.6........tz..Kx.....Pc;.).dwT.]..z5\...$.ce..s..[..+.y..........V....x..x.[....%2...X.Aq...._h.6.......]..u.'?......8...}S..c....?..9.X..E..v....'..[@^.........:Cu.0w....,...4.V.V.O.j#.o....JXF7.;F<...s..XV..2......M.Z3k.....X...Cb...>.......M.../.bv....x.<J.2!.B.@.l....N+o.y;..]...w&.iKzB.T...'.%.\^...MB.....tN.R.. ....II.,{.....5..$........!xG..JEk.....4......y....i/........t..j.T.?.e%.gH..u.Xq...'.A.b.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120667v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):741
          Entropy (8bit):7.707310754044919
          Encrypted:false
          SSDEEP:
          MD5:57847723F66571F8EC0865675C91DBCD
          SHA1:49E7A58E31FCA182113792C62F09D5240B436797
          SHA-256:CDCCCD1EEF61F409D3E4974AF7B2C52BCBEF175A8A2DDC1D560F9894676EBC1D
          SHA-512:590178DD8C5F368F856B33AAF3AE260E99829828AAF22B1DB6A537E7A0AB4F0CB5FC75E32FC11E560FB247EAB552BC85219400C8DDF742BDDDD42103A5EAF728
          Malicious:false
          Reputation:unknown
          Preview:<?xml.).q`..(...c.~P;.....wv..k........M....*.y.gT...V..$c.p...-FM-].....kJo._K5.$.[.....V.hP.....F.t.L.....GC..E=..O ...8;..V.....*.w..J.#.a....yC.O[...;.O.@.sC.....d....`...)...H....[4....Y.aP.nK=....&=..:.....a.5..K....+.V.....@...7../.:..w.}.A.....=..@....f.....R.~......L....0.r.V......N....W.P/...;><.o}.&......h.k>...._...ni.lD.R=LZO{5.B..5xEx..v...8...].%../.+s-..N...?......o.TX1...w8nr....=...s^.....za.@QP.$z..^...TP.$..M.Y.7...U....t&../.e~..%.r....u;.e..J-F.\i(..R...z.y).C..3...K.,....{+!%.ta.u|...E!..7./'E.gM....E.-...c.}....cfK.'...l.....V4EF<.#'B.i..&./..b..-R.e)/. .....A.=...I....pA....bm.S.\.9..B.....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120668v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):802
          Entropy (8bit):7.698332210664788
          Encrypted:false
          SSDEEP:
          MD5:955511E8FD4F6849E8C43D035547E1F2
          SHA1:2CECD8D17C440D440EC02CA2B6FAB9374BBDB2BD
          SHA-256:6230BCE33A7085C037D41CBB986283C58AE2E38FED8788A0BF5DE719E2FD5233
          SHA-512:129859E095D7079FA9576F4FA40DA875B367554578CA8695819A2442ACFA2F96E5A0AD4C2D3314BDD37FBAE84CAEADE656D8AD722D8121308F66B6AC17FDE4BB
          Malicious:false
          Reputation:unknown
          Preview:<?xmlZ..6......}.ec..W1.|\.....r.Q.3..E.,..=...&..V=U.*;..JJ_..M.;.."36.J.Ka3W...9r...c.q:m..3.$.J.)+.m...<.|6...aV..Z...V....)R...G.i.....{..jDr.x.....X._..+....I.e%0(.@_VH.B..<....L.K........U...q.....7|..8p.N.......a..O...|.>..). j...-3v..Z$...!....S.y4z..a...b...A[... ..S..E.Vb`m..cwc.....DBA..(.*&..q....ZX~...;E..y.-^v).pn6{.#.ZQ.0iS..l+3Z.[...[I.@KFu"mQ|.Cz..6.a...,..j....g...E.D6...R.'.A.....S'L.@.>.L..c);+..i`_[.'Wq".$........bE..U@....6..o..q..0....j...<;m.....w......z..&../.[*a.....k...+!..,....N.3....f.....-.xj..h.|..G.3 R...~tD&...')....h,!..........*_U.`Fr%.j..5..A./.....d.y.\XZ*0....=7J.........@y..@.=.I.....6C.b..! ..Uy..n.C.QB..8%w.Cz.....4.w.Wz.?.....P..9...3.499pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120669v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):749
          Entropy (8bit):7.672254989297836
          Encrypted:false
          SSDEEP:
          MD5:5633531CBDEAF2A13643ED383C7B8A1A
          SHA1:EF409607A64528DF6864BE28FFAEB3D32556EF85
          SHA-256:0D4B5F41753D662D1920BAC2EA01BA5B6598450BF1B37D7EAFDB7BD6A72D833B
          SHA-512:BF0E83BFBAE5AEBB0B682744983F28A1E9CEC8EB1905C9F81821BBB27D854589D55DC32C7E55C13F119E4445F48E9ACE60126B201BA1FA9FC0746EE05D587C51
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....E..5.`..:....<:;%........F..4upN.Y{``.Qt......).h../.!.L..g....X.._....3rD.WM>..\|.>...Fi.;.BF!...V.,Zq+...`....?........i....L.dD"0..:..L.....41n,.x.....\vj...m!..^..t.~mc..n....SU)+.+...F....(.u@[>(...1.....zP*...4`..v..?.gR8g.kw."iy.......n~..].P;....!..xB..!..K....Of^D._LkQ`..py=.R.....{?%.JB/y.c2%.k..(.O.....x._....;}...&.....zM..K......UQz.3.O3..#Y..K.j....LUL1..Cf.c..F.}z2..y.N..3D'..~6..:}$.....*.....Am~..u.B).Cu.6..8Y..'.;l...<<.D.uZ.....^..F.W.Nm.w..k..*;1.....|....WU.C.m....p.b..I....J.rP.....V...Yzv..L.....&.a.p....s....".~..7.f....]...F....G...E.m....@....x.%zB......In.".U.kt..g.@.0.d........2.x.G..C59pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120670v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):805
          Entropy (8bit):7.731764631468956
          Encrypted:false
          SSDEEP:
          MD5:DD41EE45107F85C59C5C67018F060D7E
          SHA1:1617925A71CBF2B4617E3F0B4DCB80051D43AF3E
          SHA-256:DF7D8FCCF79CAFD9F6C29ECE19FB8D21276B845E9F315A29A02EDA1E2E4BEEAC
          SHA-512:B9C34F90AF812D7C335A5351A00F247080BBEB84E28294EDDE825C05493045D60A366F42923F6CD3974F7A58421F93D245D986D9E2F035CAECD292A37837BFC3
          Malicious:false
          Reputation:unknown
          Preview:<?xml....X|.A.6/....6.W9..../n..{.....UL.S3KB...e....Q.......?...xc.:.....m.p..D.qK.N.+.H36....D}.g...#:..V..NBa.2-.J.{H....l..z.....#....~.^....%PM.6....j..Md.E!.M....]r..`.....iC.L\..O.4O...[n.u>c.w^.L....v.e..o.{...<.`G.Uu....$6.XP.....:.uM....?br./...t.bt.vn...y..v.Y."z.-..Q.r.....XH(.SP^....F..j.A@vc_#..w..Y...-..Yu..+6.n....B$...........HE#...L.!A4-....>/.......O3R.|J........J..@....[O..c....`O...[.....+.....6...".\o..w.C.n....Vq.].N...T..WA..0..3C..h.B.....AE..5.......>F...'.......l=fV..*.a..R.J>.t.>k..C..J...8..P...../.K.........wl.].9..'*...-...L....Li...T.L.....J.Z'Y.......hgL...."....Y.Im..EO.i.../5G..<8)a7k.)c...D..._....4..F..-B.L.Y.94.j-..5.-.....vKw..t...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120671v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):765
          Entropy (8bit):7.706162229887329
          Encrypted:false
          SSDEEP:
          MD5:D88AF97C319066C553A0251A4A76770B
          SHA1:CEA7F9B1DCF3C8639FEE21CA1AC7C3F7D8307E11
          SHA-256:15B7F1CD6804B93E90C8A428DDCE40FFA50F73766616F06F3727CA596909A599
          SHA-512:F23EF37D5CFB610E69CB725F9E5128A9D3B28D38B73EFE868E28C70974B331B631C13D7B4C7BCC62220F1FA18A11D9B988113932EEBEEFFBD5373896FC900572
          Malicious:false
          Reputation:unknown
          Preview:<?xml....)dK...>p..w.|.n"..."H.*.S......a.wM).7......7M...Qp....qP.;..?...j.;]..0....n...V...^x1....K...2.......S....[E..Fv....a..G2VK[$M.....4.:.aN{d.|czfm.(.dvk.......;.y.K.Fx...N..*C*ui.....4..=.l?.@..:.<Y..|.,....*7..;A........9.p..;-p"..9..|.....4.m.M...1...k.....*..}.?.a...j..r...8...MT.:..VZ....&...PE-;.{>...r.[.....{...........A......%.D../....:.s.f.d..A5...,..,...NU.A(R.T.............G............6..g.[~.".8.T..c9..S. dV.....3..,...Kb..-..tz6.2.q....2...?O...GTQ....@.c;.d.H.f.)F......k...>R.....k.....~...R.J.J.ik.).lIgI.\..1..NX..:.o[..|..(..^.W........W.kGk{;..s.,9...O..v..u\@Gk4.V.ap4.e.].P......I...&bN.<...&O..tD$G......=7......s=9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120672v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):808
          Entropy (8bit):7.723022106762685
          Encrypted:false
          SSDEEP:
          MD5:42683B49C780009035E4F0E11C1DAF50
          SHA1:8ED8254B8FF0FEE8AB31E609E1C56F1BD0FA45CD
          SHA-256:7DD54CBED7DADC2A2D949B9E21167232FF19C7358B212803EE3C474C921527E0
          SHA-512:E3FE340D0F396EFC81D76E966CFBDCCA2D71F8DF161EE11DFE9001366C4D25EB6D6209E99CD3D31B56B0B3C6B9EAC2FB85B393167F0DF2A242279A21501563F1
          Malicious:false
          Reputation:unknown
          Preview:<?xml..+.S....P....[w=:...u.,ci.z..G-l.p...m....F.lJu._.^Z./.'.f....=.3`...y.KS...E.P...sf..r*.\.7U._..:.....T.h..S=, .?.v;...7.-....q*.)g.1.....yc..h.Q...R..$.H.."~.="4......j.../...K.. M$....g ....r=%.]..&(&.r..1.[.v)..]...%F.,........2.Gm.U.N<..q......O^%b....1c.Mo........m.1.I..(...4..#>...B.~R..T.....IB.?.h.*aCk.Su".a.<.H[...k....+....6.gK.W4a.....Y6.+?...|?...A..$.P.a..q.8.Yh(f..V..]0...C].1.....h....5P|iJs... .4.....T3C...,.).._j"......K..V.M...x...ln..T...#^.2.'...v.....!C.J..u..8T..t.:...^NE.,.c.!......nkOA..'h.....W.....*G".....w.?F..f.D.(x.....Z7~7.a#.w.B.,.i3F.:..8.G...w."1....&H..-.sU...-].m}.|.b..!..d.g..\..%...Ag.....v.da)..J..?..3...3k.?.X.v.f.Q5..W............/........9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120673v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):760
          Entropy (8bit):7.674667167515462
          Encrypted:false
          SSDEEP:
          MD5:F6CC127807B2B1A1CCA99B02785E7E08
          SHA1:D233948EEABFEFCEDDA10C0560B8871B55D139A4
          SHA-256:191FD3E7B4C71F50C98E81A67852C9787531B367C9EF07D5585434A29B900938
          SHA-512:4B79B8663413CEADC6C4C5DAFA09A628C3FBE7050DE3E0294687D3DB1665BC0B389B10511A35EEEB0E09B27CDA9529F3F271BC15A5435780B984BD762A64860D
          Malicious:false
          Reputation:unknown
          Preview:<?xml1...c...X5..{.....Hf._..&e.....{....\Z.....*;.Z...Zw.m..x.A.Z.}...6Z).n5...~.v..Bj...E.^...vRZ...Q>S.3H.Y...N...4.'_...%!..e ~K..:z...m)+..q.......$a.....)..so.]].9>b..+r.#[EH..n.@3.W.6x62..v.W'..xd@...l0.IT.w..liRl.W....F-.m...). .l..A.6.fAS..z..z..0..:....y...'........|..f./.p..T.*...Hn..O.L..EZYl....C.[...,..8Y..r.F..[.r....-.1,$$./Ji...o{Ng1...d..@..>..Z.=.#kw.e..0....."Lz$q.{..x..l.....0`.UP.0...wP.8..2.L...{&.C.....=\.d.w..D.jN.5!.l.G....M.+.N...r.f..w3..}p[..~.r....'..c._..r8'..T.C.].}.y.......5....q..a.......2.k....n.^......8H9....z.......(......wa....[E....{..:....y..^.(K_;]..N..}.(.U...5.#.......F.m...?q....MY..R..!...../....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120674v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):807
          Entropy (8bit):7.708978521289539
          Encrypted:false
          SSDEEP:
          MD5:DAC301A5A6A3B39A7ABBA8D3804BC52F
          SHA1:C4DE10B33C3C6B691587EB4CCD1FEE14B3B97A24
          SHA-256:FB8C4AB02D81421342F1E8F65E2A0B302223ED3275FF8D4FA197DA9E1F769EA0
          SHA-512:1B98CE30069895BDA1088F55E6AB45F02019C6254D55CCF150B712F4CBADAD77FA7D2522438216D63F1CFF74DEEAE21422BB1F71091BCE9681A43618747C2251
          Malicious:false
          Reputation:unknown
          Preview:<?xml..0p-.X...Rn8.w.......E...F@.soZ.pZ..e.....A*.....[.a....Y..=c......\.w._=._[..0gm:..m..Y2...E.b.\z-.r.{#!;.*.....%:%...G..](...j.]...N..b.}...F..kV.2.z].4K.D<..m....H.<.U2>.m6,...o.s...kiQe..S..u;.m..Iv..-.....h.q.X. ..nxA.8.>`P&i......u....?s!Z..t.4o./ J.Btfe$..^..G%.{..RX.'..G....../...0.=.&.}....gj.....t......#DJN...EmZ....x~..........+w4..$........z..X......l...5..`6P......s}3..+I.7.....F......)..G....e-...DF..Q:....j...D..i/.e.Y..Qs.-..9~...Dsz.U&<...S3..T.l.].0....3...8...?q..&?G.....}........^{K.U...D^H>.F..2.s0\...4n....%6.]a..C.Y.Je-...pz*...sR....F......SR.j...d.K?HT..kVm.1.Rx..(...at1.7~Uxo.Z>.Z.9 ?@..)?ps<,.s.W.W.sb.....A.....Jfl........\...J'..N...r...>..t_..1.....`./.Eb.F..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120675v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.686977342687634
          Encrypted:false
          SSDEEP:
          MD5:494F47BD29FBA461CAD4CB75C9CEC8B6
          SHA1:315D617166D0F2FC88829563F78111A7055A913E
          SHA-256:F5AF44EB66279BE925CB5620392487B4574D2BF51569898AB7BEAAD66AAC6B50
          SHA-512:6EF54623AA8A11E26077AB70F7FDE5DD3F38A1E13D2B201379DD9B0851E49A174533976B77988B15DA831BBFAD03E57871309A75EDEF884A7478DEC58ED8427F
          Malicious:false
          Reputation:unknown
          Preview:<?xml..G..H.8=sGmx..9.. p.s..R........N.$...#.5...\....J~?2..m@C....'..++...Ct%..~..*<...P..na,..D.Z1...X.05w.&.{.@M...B.....e.yQN..(.\q..1K..0..c' ...N.Up.kd....h...,....FH.4-....9.. .|...Q........C...Q`@....4.r..Z.|..".....?..Q.Q..;h..~.h....m.S.]...'.T...WGU.../V."...<,[...4o...7bd..Q....59...u.......n....n0]c.....l..H..........nQ.U38.....A.AF..p.....;A."..U.>....g.;QZ*......no.;K1.1....}.a.<...o_..<..A...qb.#...CG.....:.}....<&...|...Z|.8$.I.......{wr..3C.x....<....O..'..Q..C......6..o%CD...@..!.8..Q...2.....yq...!.V.7.....-.q.p..o.t....NS.{.....0.?.axu=......T...S.NS.o.DP..z~...Y.D.q..+...:..Z.k2...[...$\..I..z.4..!$R_..7~.9...^....#b]9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120676v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):805
          Entropy (8bit):7.762971463997964
          Encrypted:false
          SSDEEP:
          MD5:4F44B518F9559FD0BAA5E4A5A740C20E
          SHA1:63CD8795C7A381B571D577053B34FC9004D984DA
          SHA-256:6ED171DA913A2364ADE63B18211C69C4EBEC73747364D0D4B65570F4D1E8A5A8
          SHA-512:91046B6CCAAE9E4407E4ABB1EC45370864B546DD738E4B3F7DDBB2882DF3C9AE419A4FE78062D977A412345BF3D2B8DB0F61201E74B01197E01128727FC1E5FB
          Malicious:false
          Reputation:unknown
          Preview:<?xmlzO..;..\......*.Lys....{)Y...s.vx....m.(../.........F.%..)C..3...l...jV.1.........J%...j..pcg+.R.........H.:.g+*..<...gg.4NRm...0TK.^'....<..]...b,|e.#4.u.\...9.....4.?....._X:...w.Rs..aO_2\.....iA"z......v.H0........Z}i...c.p?E.H..L..m.......s.....&.M...5j/............Me.a...._u...M........I..*.x.BV..y.=....|8d...Yc...:..H...>P.........8.Z}...<=9..w.\~...r:.[.... =g.h..../.x........0..n.;@...........`.bo..C..J8..T)&...f..0.R..-3.W;.<f..?2..6..M.m.6....].....0F.R...7...}T...S>.....`.....#..PN.....,..R....1.K.[(G............A.{.S=N..F]...]..t...\.{C5[.4.....Q.(2C=...mw-...b...Da..|...5.\K[+<....7....LG.,/.`....u.f.A.[..V:B....*.>.cq.4.._.&.J..T.^....\W.1../....$f.I...........(.......h.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120677v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):738
          Entropy (8bit):7.736460720386599
          Encrypted:false
          SSDEEP:
          MD5:3C492A008DEA92B57852CCDB84BD59D0
          SHA1:4A8D1D321C8319188C1F21710794E3C5A41D0653
          SHA-256:F5A31A8B77C5B318A0311C768F86CFF4B5B17EB60969083438052AC7D0B47968
          SHA-512:1670C965837891F3590CC03398F176B7CFFE78D1C3C7FD05CD09C6F0321292A5975DC031DE69DA8D234526B215EA57F17EC9E5341E41448E2FA06165779D2FBB
          Malicious:false
          Reputation:unknown
          Preview:<?xml..|.uW.WQ.........n..`=..`..w.)...(l.G=.tr..VJ..Gc%.o...~#5M,..,.m`w.x.>H...l.j.Y.....^[8.L..G....U..-.....yE..!.......fa..H\....4]..H-..(.e.@O.....u-M.b8G...L.D.l..*..i.....F'.e>.....z(..)...\.u...Vu.m.. .C...r.......D*g.Z`...p!R~.5....!i#.L..qEj*eC?.H....K\&U.n....+.`i*.......5.g.@7..{........Q.74:/..m...........gzc ...P.iU..,.i.1*...ys...._M!"..=..).G.o.."s-...u..#.>^j.a$..#&...!c.x.Z\.Uw.b.....v.,...u=]b...w....8.4.U...r...v..S3....&...O....[.....I>..!.M..j.J...._.H..F.].~L....\..}..<.\.../B.+.^,+..p.7....`.|..$...p.Gg>..4.......l....4?.....2x..H.L...}..I..k2:Y#.._d9c.h..V[..*......;..H*b.)......M.N...*..u...7..<9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120678v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):801
          Entropy (8bit):7.710357204927869
          Encrypted:false
          SSDEEP:
          MD5:4B5BD81F2E642E33C93A26F6C6FE56B7
          SHA1:CAFEAE3D8214168E9B0457F6134DEE8A51234B4D
          SHA-256:132789E4E3CD9717A5F2231D6B802167CBF6FD3A74968826B87E5BF13A86B499
          SHA-512:72078C0531F7265DB8AAD2D5EB5CAFD7494CFCA0FE59795336E93749E77E744BB6091056960C8F31D8A96081B3C6B0B5F3930F5B3073C48A6E497A36C5248DF7
          Malicious:false
          Reputation:unknown
          Preview:<?xml{......x&....e.ZP...._Vqk..b..+.B.F...Dn.f..E.....XJ......?....d"1){.T6B.z?.{....#...E..(".#xI.|G......w..O.+..}/..Bg..S..$k.O.A&.A.)......qf2...Z..cmt.l.........{....._.9n....\G...7...[.*.F.bA.m.....I`....V8}M.Z.a..wqb.TR_3z.i..OB]G. ...s..P..SA....k...j.4?.u..._V......1E.. ...I...7...zK.-R.G.....C.-/.a..x..o.*,J...B.\..T.p{.].5hb......bpl'.`./........|...{..)x.....u.w..g.._...lE.=D.YU.....R..D......Q....p..}`U..WmPpj....@E...6...G.....;bp.D....>.vm...%..v..O... ...~ts08.G.._...m...|.<BLz%...B....%..f..I......:v.....".A...2.v..i....,...8..l..F..&..`H.......a..H9.......w-.(.~..'.QJ...9......F-.R.`......Z........P....K......D...Y.sf2$...6h.O'."...{...1j..X......bAn....V..|....5.J.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule120679v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):507
          Entropy (8bit):7.585481997550475
          Encrypted:false
          SSDEEP:
          MD5:FDB9386959E08D6FCE8DEB7F95104874
          SHA1:1F1E7D597D1B9F96712E337CC289FB355B717568
          SHA-256:08C1D529F4DEAE1686372D01003E800D2C127D73290C1D1B43CF71D463C6D7E8
          SHA-512:C379E28B6F58BEEA198FB1FAD43B682C7D56BBEE10531476FD7273483A93BF18DFF8FA7A12A7D03CD8EBB5CDB69F198D79828CF4674F9D07E6ED14449876949A
          Malicious:false
          Reputation:unknown
          Preview:<?xml..Gn.2.E..].|..W4.!..Ev..f......R;t../";...8..<1^.jG..K...q*............ qGf..1.e.|.+M......_....^..w.t^....Y..}.C.z'J.X..*M.vd...8........x...o[...j.s#.g01.Q.zl.$:\!.:$.q.....k...!...].:.....7..9.f.)t....H..y. .4q.S...{.......f...;.c(.x.Vc...g.~..!n(SI.`;;6i.1....xY...t.t....h~..V...$=...1.?Hl..].+....;.....~m...Q.....@....N..!.@....NN.. .../.F...C....M.mJ..b9LJ.+Z}..".].5...0.rI1...~2?.~#..../..2T.. ;9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490003v7.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):978
          Entropy (8bit):7.767711489358915
          Encrypted:false
          SSDEEP:
          MD5:50E0DEF6D5FF1D7DDB0A9ADA557E85E9
          SHA1:6EFA34A6B3C3F3B82D609BF139C22A24CF833A7C
          SHA-256:9903B3A218C1790760CB50D7905E32F7F3980048FF90E8A3DB9E8B75E5CEEC4C
          SHA-512:556F6F6920D89360D25CC3FCCCB6D38AD3C860B17B6EFC1C5CBAC01B8F1AFD2BE7C907B031B346C9B7D49F734861FD285EF0A7E6CD28CD6738C3B8AE8B42D45A
          Malicious:false
          Reputation:unknown
          Preview:<?xml......g...(+.d0..Q.^.q.~.....Q..o.>^.F...2.|..B..v.0_!...q.,HH.%...._ .;!....?;...y......j-..kz.V{..q..!..A..0yH..15.5..R......B......-I!....ME..z.s.ub....tId..b.@.N@w.........R......+%.......C.v..7x.m.s...`d.tr.1...e.7.5..VE.9...:...5...Es.|....@.(..to0.P.t_....~L.J.......9..`UY...?..qMi.=...s....b..{..#.!.AH@]q...a....4{.mQ..(.. ..{..dJ...(..w...j..Zqa....Zqw0f....B....D.....C..]}....<....rW..E..[.!A...Vy*av^EW....i..Mv..8.....+.!....6...<.-K]..3rJ...o@.!**?....m...+I].n.".x.f.8...L.'.C.o...c..y2....o...Aox...}..u#..}G..%..q..<...=...#sj......3o(.O.4;.ib5r..XR...8.xC*l../...-...y.9V7..y-..d&....).|...D.z..~......!.......,.%$..)..`.Nq..W.....b.o...n.1.>......Q.j;.Nh.".../..u.>W[.x......v...b..K.H!.h.T@f."..t.^k%S..P.1$.g...%.k....r'y.<..3..G.b..+...Y.h...\.B.y@CDW.n.....G*d]..b.A..C....0.*........x......PJ.\Y.|..>k\.....!'...|....i..J@..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490004v5.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1008
          Entropy (8bit):7.802303358017388
          Encrypted:false
          SSDEEP:
          MD5:44ECD7C4B539CACB5C48FF5CB5282C6E
          SHA1:E5148F4EA98F44AE8AAD15E02E456C7921065186
          SHA-256:0B651EF8E9D66CDC16F7D2E13AB0F6B5B59AE581612F4C699D93D79FE096DE01
          SHA-512:049ACFC2BCE270D5AAA81BFB8F867606704D9F1A5CF7D5A453D43BA6AF299AAB0ED758DD517CBE595891D3CF233B3B792D9BF7AACB01CB7E64814789095F0147
          Malicious:false
          Reputation:unknown
          Preview:<?xml..dE..{....G.IP...&V....>.KK%.`..u......~.7e.v>...qI.s.h[....a0"..1.%.7q...X.......q...[....7z.g:...-T.A(H.Fe..CL..y.........g~5=...*3..x.Q{..n....i.......\.b.z.y..U...(..rwr........0!.....$..x...Pd.......}...h..3.{..Hl..|...z{.....Z.HD..E..Em.`..b..T.w.../..cc ..pK...........1Y8.s.g..TdD.X......*.l..*..P......,.:...<_.Z..}_M")...V....6...F..2.3..r.a...^..=.r.R.....lb...K.{Z.:5}6O..n..8...0....;X.H......_..XL.Z5...&dy.....f.{..|6..Y........y.......1....,.9.J...Y..i.(f...[..e.."?..?|.b....'....e..9%}1..`..%. IMo.M...>p.=p............j...[FP.n..E.D..E.........M[...iK.H....{..mQ.1[.;+.t......4V_...G..(..?.^.. .&a&...:34f.........%.:.3.<~.j.P&....']...,6.[......[E...y_e./h...<fD.....{...........po..]..$.......\>g.k..)IP.m..E."..%Ab[5-o.W.R..%...}y..h......8..w.........ua..+...b,_*...@4+A..r.v^.$h,..8......d.v\@..Zf..C'l.rmi...T.I..8.........>...#I..R..K.I......$.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490005v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1028
          Entropy (8bit):7.777842916978651
          Encrypted:false
          SSDEEP:
          MD5:C9C4E446B824D9549A5F0AA03D30AC07
          SHA1:05E6614A3B73716A6BAD70210D1DB3258E6318CE
          SHA-256:8E9DE138FAA50BFC2F9E84801EAD5B308B16A6E8E0E25982A4E912BFAABBDDEE
          SHA-512:DBA7104A468A70279917F07D72F4B67966DB09DDFAC447152CFA4437DC0A320BAE16D657E8FC2522DDC27B70F15AA252AF235C02809227F917EAA2E8F5B103A8
          Malicious:false
          Reputation:unknown
          Preview:<?xmlRFi.^...kc%w.\.j..j#L.C..b>. ....4R....."*Od;k.A-N?......:...X...~..X...Y....s .O5.#..u8'e.M..v.*.Z...y!..[.6.".f..e&...!....Q.A.9..',Pj......=c.`......R.D.;`m..96...7......#U&dR..a..V..ZE..W....F.|.YA 5....L.M*..G..$.....t...H...Snz...)}......^.?.V.B.....K...O5..ImF........B....>....luO}.I....p...4.gM,(T...a].4...K.?.bf.T..../0..Avb.....7..Wqf..+*...j..a.1..H..F.5..r\....".1....X....S..^..8.v4NvPnX..W-I.....5...A....:g.Y...K.(.=..P..x>..R.6..bt"P~........x.,v....R..f.....r-}T......pE.^.%...ECD..p..z.2^|6.hG.APF.X1.d..29].....f.yI..^.\?..6...}q...]_.aM.6.O.GMO.a...H........C...#9Y..r.....q:&....p.j.X.{.)..#.....8\..\7....n+.....)..C.Ut....#qx<....y....y....."5...._...."u......>..{......o..(.20.....Fu.......@ +[....[.b...........K..\.HV.~..xB........9..V..s..}..6.B.#..D.M......M%..]...p.'.Y,^?....._q..%..7.&...a..P....6.@^...Z?e?....c3....#E'...c>c.P4A....9Q..7.!m..f....In6..8T.2....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490009v5.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1453
          Entropy (8bit):7.855825919493521
          Encrypted:false
          SSDEEP:
          MD5:54D03AD4413C162F0724A071182E1E31
          SHA1:86203B80BFFA10C0E3A3329628BBBCA0A4CB34C3
          SHA-256:003388DC17E8904C63BFE53464A8A5A574E7CDD890AC992FAC192919811C3902
          SHA-512:662B5BACB581A0F6C74C50A566DED4D60AC316391C4AAFCA89FB212CE2D6E8D04C7559F4856B5D40AA798C8EE3F0D7EAC5E89757CC0E2FDAEFDA4328F9521A57
          Malicious:false
          Reputation:unknown
          Preview:<?xml..9..:_...8...."K..3=.L....36....2.....6t..=...[.Mt....]...F...8.II0#M.}....4....7.e...Y0m.O/.N...."-.b......}O.{..9..M.'u..qK..K.2.yek./.......pdu(.......jg...h^\mET.....,....K.q.*Pd...@:4...y.n..w0X.WE.r...6.v`....1..O.lW..K..a..p....K.g..3.3...<...O....q..@<.....G..B..T.;.e.<I=Z....V"...Zq&..0.|..b.u8..N~..G.t......+..n...1.~..|F...W.....,.L....B....o\0....U....r<.o*.....`.@.nf.....B.%6T..|u].}t...R..7Z.-;.?.C..d....1.......j...a.8.C.....G...x........5.b.@.7/....n..G@. .HC}.......i...P....,o....<.l...........P..Kv...H...8..>..C........]...k..F.y!T...*VF.cy.HW....z..b..].gJ..%...z.8gs.V..D+T.S..G.KI.I..,*.`........s.u&.4...b..6\ ...<......h..H.'..=...G.</.B&....!.H...d?i.A..s..iM....0.%4..Q..*..2..D.N...8!..Q..,....~...A.....5^&.0<..r<?...A..>.R..-...-MF..gW.Q3..-8..vU........'A,x.....6....+...r.FP/k)..C.[..N]..C...".j-+e...rP...0..k.^^..P.q..~cR......{A.%..o#...c`.m:.P..Yr...1...|...(...\pF.....Q]..........&.#Jb=p.<...|....i;G..(.+.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490010v7.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1388
          Entropy (8bit):7.873807454519975
          Encrypted:false
          SSDEEP:
          MD5:4B0FC5472FFE9195A0689D4552913A30
          SHA1:27AC04317E706405EFC17469C2120501FFFB314C
          SHA-256:4C46C59B93CC2D189DEB744E4B790304651D0C0071BEA389912621B16F4DEE67
          SHA-512:2BF550D6BBB85DCFCB73A1C7BD073C34609D355CAA99E08FAC18FBB5FD3F5FFBDD886CF15A6D37AE00A2CECD91BEF2D3791CF61CA35ECAEEA68EFB12DF4AEBD4
          Malicious:false
          Reputation:unknown
          Preview:<?xml...uc.~4.|-M.q(.$..u....O..Hs'.uvT.....b.S......9.^.M..^..F9n.~.........X,\`..\M........^.st...'......I.1.......].[5........z.#g.X.q...*.nW......P.8.".,...|Bt._..f.a.N n}...e)......1.g..|.........j.2<ofB.<._..f.U. .E...Wt*..........h.BJ;t.."..!v...]..G!..*A.,.C..k.<_W{|A.;......pR[.....:......z-`...V.F..5........d.~..........d.v.R_.<..".......}...A...R\r...6.$..Ez.s...%..AoI.A..|oG....R.O.k...,+Y.k.._..%.0.n.Lb..`-p..c.....A.2.f._.....l..l..).{"..K.76.f..(}.r/LeEv..?...Tz&.I.U4..v8S.'.M..eu.aD......H.iJ3..P`.LB[....S.n(..+.o..&.f...L-.P...P....Kx.....Y...P...r......V.E...*...A..8....e.G.H....`..C..o'..%.\......FTR...g.qi...(w........rj.y.....sF.N....FZ.'.Gl).T...R.B...[...?\>.*.W^...:{..1`*.H.#..."..:5.....bm...j..I......g^...~..j..6q...e..]....0...@A.7A.x...<.g.Q.{.e].:...f...1T...u8..K....,A.&\....l.....V....sx/.].L..v=.....m:....kB...N.%~XEv..G...........G..T..2G.....}.jk.3"sq4..l.m.~....UW.(r...g.]..5]..1C..|n...E.>.l....<hM!

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490011v4.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):856
          Entropy (8bit):7.751308575936391
          Encrypted:false
          SSDEEP:
          MD5:D9A0049EC3848CF44EE02D5C6BCA2DDB
          SHA1:5185B383EE085ECBDF46D3CFDEA682DC6DAFE9B7
          SHA-256:6F8AD82848B7720805DE4D877A3532535E2704B47612686ED8C694BBA51498FA
          SHA-512:CF7DAF888F51C1CB7B8F197569DDB6A9B2894269719A061FAD4A56B10FDA9F3F89AFF7894D3EBA6C3AD975B5359C0F7EA9C2697AE9E42B16BD177F48349DA5A8
          Malicious:false
          Reputation:unknown
          Preview:<?xml...kPx. (.L.{+E...w.w.A#K|.|1a.2H1K..`;X.TZ/a.,....B...O.x].......n.'.v..|g.E.x....A2...td....K|..R/.c.lc..i|.^.......@........z...Pm.]K...l(.#0...G.:.S.+T.h,.4%b*x?.....:5)$..]6r.Ht.... ~..j..\..J...I&3f...C`...C....".@...~.B....Y&......n.w...:>.uY..x..C.!......3.z_...y.Z....!.....)..k......OC...... .E".8....j1....p,..5c...S-.xs<.......Ag-?f.D..z.$R.*.*.......{....D,..}.j..J....q...b........_r....-h.~.-../.4_.Q*...e)rV^.......z...J..u.._M.....O6..Vf.@VhQF.fux~..../y.M..t|| ....M.=..](>.w..Q.'..).K=........V`.E.$...V...7"4=jWVk.eIH.P].=..................Gz[....O.....lH=bJ..,."H/..k..Y...m..a..=.X#>..g..Y4'a6./`...........2}.....zH..@.......%.Fv.....^...jt.....GN;=..>..y.j..:x.t..v89.f.....9/.,..U.CL..{[M5^.rD6@.....`.s.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490014v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1084
          Entropy (8bit):7.816315829044545
          Encrypted:false
          SSDEEP:
          MD5:94D7DC6392E5C4863DF829D9A973BF68
          SHA1:CC27761FBB92A8584F015E1F2B7921D7542C44AC
          SHA-256:68ED461D7AC71B2350BE8F8070CD570FBB326EDD6D7EB35BF23D1DDC77EF3A52
          SHA-512:1126CED5C81F9918BA25FBB78F57B28EA700D70C59A30BB758DF000F46D58B514895DF8B75A9A62B71CAF07590181C6B9788B347FDB5DAAF55EA16D73C788C1F
          Malicious:false
          Reputation:unknown
          Preview:<?xml=[\bFJz)p.,v ..X.C....H._`..O.i.0..HK.?.lo.m.......w..6.*.E.%.s.5...`*~.|0.0K.....h5VD._...#3.. ..q.Zb.G.#..3. ..QzA&..pJ.l..(`BJh...At.....[........./f{....7)v;|.v...q....N..J.IR\.W.u+|...0l.`Y*.C...O...`.m.y......].P.&ns8.sA..!.t...>....s...... V..W.8yR...jw.....G..Q...3...'.../.(N............P.{.l.r..Y..C.\$.g..]8...'.{.....#.u.:.2[ .h..@.U...c!..U.....@Q.X..50A.).<..L.....JS....-.........!y.*".1.. /.....,.Y.1..1...a..cc.oh?.> ..T..+..2#(,...."..%.>y._...>...5..s....zs....6..v.4.j...D.........S.P..k...>....RP.K.3&..2....e..H...N<..$EK...&..kQ.3U ...D#....3....m....s.Go}..w...5.......j.u.Y=......Z^F[....X.Lm.........o......KR.I.+.V...o.6.=5.H..o....`../.yk. .U.`.(..ToG.WGq..v..sv.*V:.!.CI....?..}.......u7x.X...E.k.I.o.E..0..P.8}q..v.e@..g..>'.M..h...7.P.+.k.i........p..*.x.rC.....=..y...{N.t.6...R..=b_._....r...|q........x..&..._Y6._..<.a._....$.(. [U.{V."[c._........Nx...... ..<..e.HT......N.P.Tr...V3<..$K..C.C'..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):924
          Entropy (8bit):7.761937121199867
          Encrypted:false
          SSDEEP:
          MD5:91A4AE66CE3A93BBE8C5C9974DE2E05E
          SHA1:02AEA4879F9C1428DBDBBD59AC4B6D9CB817361A
          SHA-256:896601A84919263ABDCB331121BE3EB872A994FBE44CBA47A465962C2A669F82
          SHA-512:BB39F7BE886D85DE27CB7F91F7113D232EEA544A2AE02312F08639380E1D4C9EABE3E6B033690A0E6B6CE20779CCD31679547CE22E59C41CD15FC114FE66EBD5
          Malicious:false
          Reputation:unknown
          Preview:<?xml&9......|.sL.d%..I.D%..=...S...;.`Sk. .......HNJ.]L9.e..M..6...w.r......DS~@..........p...u.=....U..RH...l.#.=..?....Q.....xT.......Q.4.1..../1....c...4.>.,........X...U.B..sL.R.....ld......... .....-'.,..ux....L.b.]F.fr....K.B.....1.......D..1""....&.c.Qk.r."....n....=~nv........q........].?#.i......bf"`...@.L...#.$./..]o.D.1YR..}...N.[.On...KR..|.%S...}..z}m3v.B......k.fzJx.o|i..R..;u;..2..X9.....u..m.y.X..Lt....w.R...VS.<W...-@v6....c..(.k..`7...._...bH:\.q.tI...w..(.}K.L.w....O.H.2...U.FU.d..d.f..V.fI.a..........}..f........;Ge(..b..p.NE..6..F.........w.:......0Q...m.P;>..N.........4X..^H.:.....$J.{M......K9`......._8...#(}.^......JM.x.-i..-.@...>...4.S.@Y..m...z..$..v|Z..O..<....i....G.....u.2..N....L........4b.v.{1.{.....85.K...io.....2.W..E/...B.......|.F.l .T...<.:[......Z.b9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):7.801089826267808
          Encrypted:false
          SSDEEP:
          MD5:704FBC7D98183E639DE8564403E801F8
          SHA1:9C6FE5DD75A89E98E36B94C5EBD50B21C33BC73E
          SHA-256:0B05CE8CE1D19EB311F710FE3B9004D53856A890D00D5AF13D5D28BDFC904DFE
          SHA-512:F5BF86ED0F406906DAD304C24D256E7C0F5E5AF07B0E47ADA648C3BE19A2F8C1BFF198A09215CE87D28240F662FFB549CF4F93EFAA9ECDF8A73C4F054F02F938
          Malicious:false
          Reputation:unknown
          Preview:<?xml.yGj..at.$~.IK.. n.V...z.><6<2.Xo.hB......./...PL.A{K.).T3...<.v..7..ah$...'.ln.C...u$......Y..3.Y...p.?..B..W......)....Fd..vxSC].'...G._..........{]MF.T...g....T.).{i..9..~H..](.^..u.R.+Z........S.#.x..........&.O.....$....].....bH8.@.......YA."yW.m...p.._..F....:\9k...w.V.....]' .#...Rz.SNo..M..J..g..@......A.J.0skl.......a...z|Mz.N...+r..\V..E.........8/._...V.Mm....7.*3.{z...=y.g...{...MJc...3v....E.#.]y..Z.Z.{=I.v_bnF.....U.......|.5Y7..f.#./.{.!.w...?.F..tq.....`C._..!5.~!.5..|...].e.2R...e...7...Q..*.....*.ip>..+,.Q.B.S.....)w.c...l.....0.[.[K<^..l.5...7O..'eu..d.....2F.^....03.N.^.`[."g?..g.X-.w.e_..t...M..dS. C_.....3.......)....`K.t ._h......=........."U.eT..WBl......<$..<.b.{.X..U...L.@D..Ny,..91....g..%*.J.2C..Qn..}.X.7..De'Q.s,...1.o.c....)GB;\v.t!.m.+h[ho..r...g.B.W ..5..E/Z.~..yGU5.K...z...`5R....I...h..[.PR...z0..C*.*..bc.......L|.9|.J.4.....Z..U.M.. ;U?.6k..Z.[.K....8.j.....3.licz.!.e.h.%.h.G..R.......l.].`.9|..b5(X.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v4.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1090
          Entropy (8bit):7.809981027007685
          Encrypted:false
          SSDEEP:
          MD5:0E7E3C36B8AD6E48736EBEF0D0167504
          SHA1:A4ACE4A6BCF4ED937B5BAA94FD0B9A0D22F246F2
          SHA-256:06DA6A8E6D3A2CC771DCACADDC300225D21E5D1B89E758DF06DF9D9B9D9D910F
          SHA-512:43362E6E5EF97D6B9F80B41285F95AB21FE7595B3E45A0167929821A157C1947954F38FED1B15BB20CBE2BFDB3964AA0BBA6F14CB8BBBA0D6B37AC50D8B7BAF1
          Malicious:false
          Reputation:unknown
          Preview:<?xml.3.MP...\....P...(?..-...T......m.O......~...?...?..j......i&.4..e...._.V.d._.I.......F.^H...Lbhu.....[%....o.j..P.2....m....K.+.......M..d..,nh.8.3q.o.b....{..d..l..^_.OnS...9.{...6.....0.l|.E-.zM|...K..F1.N...a........}+...LRcm......A...,..[=q.@...2a.A./dN".b......MF.w..(.......Bh}t...b6o..o...0.i!.;..D....i9S... .bm...L.t.Zl].J...-......!B......s|..B5......T.d...;\...BEN..P..9.t.*"....Z.....r.BU.eZ..*......~..3.k72...."d...YU..a...$..,..T-?....P..o.......K...Z'A w..t.=...............}..;....rRJ....V31.O..3..;*...fm5.x|`hj.._v@2&...K9.[...8...&,....i....oqy>....,.....\....sa^n...bPbFX.T.H.2........$..p.@:..)..+;..{!.x.V.....J..k\4...6....8J;..$.I.c.......6.8S...ey.......:.IC.k.b.r..m=.. Dw1.....=|.R.1P...p.P.p.d...%[.%N.>.\...5.(r.~..}K..Z...FZ..`o..8.-B.......Nm..'w....v..M...~Ri..c(k.a...t2...A.x......x.@..........8...%.r.q...........6'.{j..IT.6..=@..g..'l~.....$.Q..q*..&-3..]..5...r.....+.....}..p..._%..>w..}^]s::W8..{v|.....m

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490015v5.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1108
          Entropy (8bit):7.7782445859528835
          Encrypted:false
          SSDEEP:
          MD5:AA5D61EFD1ECF45DA6A858DE4DFE2930
          SHA1:245B3560EFA7B4B35F93BC99EF96016146D16625
          SHA-256:D633B32948761E601350BEF23F089DF2472C9406F24F625577A14F9C1EAD85E2
          SHA-512:8CD88C9405E6FE12E62F0AB26D10CE0B76F1E6B2AD5BAA49E28744D2F476131D9103968CBB7DC29FADB42F04F8D0EE10B69A62B36083E97BC68E8C232F3C492D
          Malicious:false
          Reputation:unknown
          Preview:<?xml....O.."{8..h.p..#.e.....O1*....@o.....l.,O{Q&...C...)$..*..M..tAy*Y+..d@.....#....;3O..w..I.8].. ....>...$....$...4.:$...t..`.....n..h..b.."..A..q...3(........6..\G..'..}.....s.e.04..~.8.9...>K1...<>.4}H5.....Q+s.|.C.h...^..!]=2..y....T...b..P...i..+g......\.3fC...[..H..9!..p...c7S}......k.\...PB...X@.J....,.y."u2$.{#.J.S.-..oW....g..`..D.]f3.lq....\..... _.cc.B'T..>...".&..O..._..(.......bo_.2'....@.....0.uVq.8...8.....h-.A...CP.K.N..*.Nm...FGk....t.....Z.".M|..".......z.9......O...._u|^...~.[7_.............bJ.......s../.=Z....K....5Eg.)......)+......F.H.fF........iJ..b.H.\.QmB./....UJ..T...>'.B !3+....:.&G.m.9.......~d..:......h.Bqd.B/]..6a.7?.w..p..>.a..8[.y......X...B.4.I8pNB.R..c<.....|$...8.B1@.G.MMj.....T*N.Td.Zl.]........7....G....I...4...;...IB..[b.<.....;= ..... A.=......Fw.5......05.....s,....6T....]...8 .b.......#G.[.......7.C.5..;WT.s..6.b..'....)Znh...`...;.+.#.....b...t....iX..R.v+L?.QLF...~...U..p0.YS.*....t.Q.\z(h.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490018v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):934
          Entropy (8bit):7.790421295276224
          Encrypted:false
          SSDEEP:
          MD5:B522E6023F8CE5918307BBEE61E119A6
          SHA1:762EE7C61A1287FC2E9ED3499B722E2F8289B6E5
          SHA-256:70397819835AF6CBBF4D6CC2A0CB58E490C0637ED8156B25D1654BBCEB7129C5
          SHA-512:D6F828C3FF59165128C28B0A0CFAAADC8BD28D8C782D4C83B9569D4CC1CBDA9E30383CE8F0F2B55D4C0933C48E9D44F41B364C50ABF69B1263AC6C96DB0FB9DE
          Malicious:false
          Reputation:unknown
          Preview:<?xmlL.s...GE...!{.0.Y.k#.6. .R......A..yB......U..0.f5{#c........F.n...II...m.......G.!.Z....+.X1.k.NHH..r>J...I.K.[.....jv...?L.z.d.. ..!5k.'.g.U....@u.._...J...e...W.......i.(...B........-F.....&..7Ai..-..d..E.....).0.nq...d."....~.M....1zs%..h..s..=.....`Q....t.w*/....@. u..%.._k.L.j..........W......]..G.b.}....-.._u:.m<..}....L...ZA.9F........l......:..+.h.....]c.m..V....ZY....U.5WT".%.p+.d........J.^..`$.-9)A.E...(..o...~....NV.O\.`i-F......y...O[..U....8...N...@.#_J.S.y*...-..=zF..2z....;+"........t..Q.448.s.kK1..N.........I.m....#bSO!.I.ZrdHa..Fd..PF.}.B8*C...t.`?...TiAY.`G.....-...A2.L...!Lk]....u).U.<:./R+_]do>.8bu4...b-g.~6...Fx...#..".J..9;w.Bb....ff.k......W^+!{tx..*....FP`..a.!..O...k..'oo...w;D...-%{O..X........R. .SP.acs.IA2...7...t....)..=.....3....%c.=....%.N..z..8.F.R....c.=rL2...J.4.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490020v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1126
          Entropy (8bit):7.826715725676371
          Encrypted:false
          SSDEEP:
          MD5:C634B448A659BA7569133C5C6377E032
          SHA1:8416913E4D77A27EABBEEDE8AAA4C6B7359B6A44
          SHA-256:0AA0F8F96CB978F9A434167C2BE259F5BDD389A5AA0B52064B94B2F53F3F224D
          SHA-512:44F7A1BE589BD7A47B36A5ABEF2FA1CAAC5FF4EE3FC66CBF83DAD241C279C7563EDF803D07C290608C981E4BE25825380CB21DBA0C50367FE87FDD56E6A2702F
          Malicious:false
          Reputation:unknown
          Preview:<?xml....k,.`Cu.6C...."}.....x.$..%...TA.f.:v.WY..a2U..1..W..l.."..=\.7n.....1....c.d}....r.6../.pS..QB..~...1..f......Dp?%U.(p.a".Vb;.I..\......:......U..*j....q.......F#.. .S....6.~....m..^.^N......B.g./."m.b..a..v.A.?...=.>...`9^.O..5.>7.4..9.c.....n..0...'..p...$.E].=r]k....xjG..q.B1.&^.M%*.8*H....u.....l..%^T.m..5.`_.......Z...*.Y(<.....3.b#..A.6d.r..$.H.37.5B.eK.~...+...x!.=k.....I.......#.........D....L....a...W.vc~)...p;.P&3bj=...".E].g..+$yrw....hk......G.Z../H.v.....p...k.Z..{..:....s..9...6.D.....w...c.D..c\...I.......g.....VX.>j..>.#.t..y.j..-..E.....b.n.&....f.y.#9...F.&.........b..z..oo.gS.`z5J..N.<.Q@.`b....J.......bz.(.s.e..........e.}...0.l...Y...Pk.I....0..K.a....1.a.U.t6......H|.t....d._.......~...)c..W.+~..^[!...(J1A......N...H^......&.U..+.iF:...4....gnL:Hak...*.x6...2|.....N..p&[.}.cY~..f~.(.....r..f.......e(b....O)...LX..x).S.l...t....B..._\.o.....;.lK.........wR..T......A.....19P..`.d~-w..0.x>D(.......G.+}.....$}.mdxz.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490023v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1243
          Entropy (8bit):7.83405614486425
          Encrypted:false
          SSDEEP:
          MD5:E8D12FA4C4A2EFA41B1F3928A13076A8
          SHA1:40EEC9D5F476C4721163FB2C90E76B4B57369CD3
          SHA-256:24BD7E545A8DDCFDDA207855C7942883B6845A1C8C737FCC7FC6BD4A9E91ABCE
          SHA-512:FBF3229E3B9962FB90F42C2ADCA0ED8AB798993DB294342A12A8C1481774EA45D52254A8537E5D795E42CE118B8D7B5C0DC0762EDE4633CC56B2AEC63CB38831
          Malicious:false
          Reputation:unknown
          Preview:<?xml(..3Q.Y.N...B....'a.6+W$.$..Up...+_~9..9.;.x$.IQ.5o......}X.w=6...JNKX6.MS#.e.m..K0.....n^.b....q.Cod<..7.Oj. ..@.V..._.G.S...Kf8.'".$>8..z5.V..`...rw...?S:.4O.Y...x-.&y..].i..h....r..D.Zv..G.....1...w.PiN.rGW.mB..iepG.T.......{FO.%....=.a......+r6....I.....6..............C.-=7K..:.[X.n....C.>...[L..h .zT.}.h...p.-..8....Z..5.....4...Q......v....2OV.d6.O...e...K.o..^.#.Cfp..W...$...0...q.K.bT.Kc.)(e.d..LZp..b.....Cj.g.qu.{..WIr3.w...6.y.k....S..&...@....0..@..f..dX.....Z...7.p.8..o$]..8...O...:........;....S6X.G...).HK..>.0.t......A8t.........&2c..;`".."..O<8.....e:..?.\Dl.....fFF.W5".<.K....2....`.z....../.E...;Q..89..,.x(xC+..X.tq..6..)..nT..g..~.4.9.6q..1V..z.w....eJ....1..s....l.o.\N....5....N260.Yi..+0..:c......Y#..e...m....6bkti...y.....&.tp.........-...?..W&d|3...D..`U...aJY..7..7.om.S......U..]......kI.~mJ.n)h./...)......l..C%..N..X..jf.{...Rt.3..,...y*....+.T$...2.LD=l.$.,..j.P!...=...T........)....9/.HE..4M..[.svh...1U.y.T.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490024v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):871
          Entropy (8bit):7.72641677374209
          Encrypted:false
          SSDEEP:
          MD5:A4F86AFEC2DB54FF3B8F0C8082851734
          SHA1:05101300AA9DA0FB1AB42DCEA38FE0304CCF6666
          SHA-256:AD9B039290A804EDB2E3BEA211185C6452E075F37C086F12386BDDC25B12AA91
          SHA-512:79764513971D55392DD70027CDA5FF7A77E9EEE681ABC2658A5E75DA8032A43BA445CDC782A32FCDADBFD6C840C6A5F5D6A35B3CC9DAF7C02E98708A10E83BB8
          Malicious:false
          Reputation:unknown
          Preview:<?xml.b.......$.\..........+Yb..A!q.7%....Fi.N.B.=.I.........+..M..y...np....qu..5...Bcj9.-....k.....7.x.......??uB.=.v.Xqa....Z..a..l.!X.x...=.....=...8..E....1st.4x.".4.L.t.~B.....L.....8*........i...d.Z.r.[.{..u.nJ.B.5ul.c...i.....)oK.ab)............{{>.....s.J%.i.6.[.":Rn.EF .v.1.........4.x.=9.Y.G....7.hX<..nc.[~..cO.4.M.fa.].@t]7p. ..*.....&....?..u^..I...1a.1.....D~W.[...gS."......!.G..m{..^f6?g.[.6..C.w.t.T.PJ..j{F.......F..e]e.I..<]...L)0.co....1.>.n..i.P......OCT......A..]Q..5[.J..'.I\..s$...[-.h#.......L....X?#.Q..w....W.E..<.B...y.~.&....<.s.(5.....Z#7.d.....Ble#...8.ul.^.QH..Y.0....O.._.O.1....`I\..V..Y..5....L..jU!....a.n*....h....`..q#..9....=J.a. ..C....k...D...s).R8/....cBR...Q......Bv1.!Fh...sI...4...[.H.!...!r.do..%&.R.f(9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490025v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):866
          Entropy (8bit):7.7210974243523225
          Encrypted:false
          SSDEEP:
          MD5:07310937DBAC2AAEC292F85EB1D1D6B3
          SHA1:2B540EBEB0A365A414B272B338F683A234B7A71D
          SHA-256:BBFCDB55D757F44DB35EDB85B43915E38CF2C40CE35411E35681417962E78F64
          SHA-512:7CA7F693B0AF5F5A144CE7EE589386C8D35BFC942DBF9359A3A76729C12B72C5B1E54B4802A00B5DBB2048E7E5E75E6C10476E8EA12AC642A22282971C6DA264
          Malicious:false
          Reputation:unknown
          Preview:<?xmlj......6N..........c6."...p:...U.N.....QW7tz.....c[.......7..$..3.....Tv....Pr.C...-.$,.M..}..S..;.(..F'..!.Q.}.GG.l...,..Z...U"..M....k.G..b..D..4...l .N..}..v...H..<p..+e.Q...GO.2.)1....pcK&....m%...a.G&..L..}./..nS..3.v.k.....%.6.D.....,....._m+....<.P...XE.k.DBW.4UH...$...Z..i>.]...w...^+.o..d....<.j....QKn.._.....Ie.d..5..d..~.K.@a...AS=X'.g.;PE?....rT.......J,.....H%..@l......._.n,...&..E...hV...._.A.o..,j...U......sa.$..$]1>..zD.".7t...4..&.k.Y.Cf.b8..[BB.|^1...N.\..v....'CV.W.....h.I....,.."..c..z.F-..:d... ......:.T.I].l......^6/......KHZ.s,z/..e3.sfJ.q...x_!..p..;..'.$q"..c.1g~t.~"...l...f.|r...UFo.Mo{X.]..8.?diU.C..>bM.O....e.....BF.L....9}....4...U...\......c..%...T..|.-P~.DA.......7.......J.K.0{.Lo,T../0...G..R....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490027v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):860
          Entropy (8bit):7.752458071669941
          Encrypted:false
          SSDEEP:
          MD5:4249FD1751EDB6D4418CAF633991C1F5
          SHA1:0B9760584FA16563ED1807E97153F06909BA6C0E
          SHA-256:CB0C553F45EA841A317A9BDAC3A990493177908F67DF2A142FD1D0938B6CD05A
          SHA-512:C377437F19DF80067FE71B32C0A72C21045757ECFB128EC8ABA7C7906C68DDBA2D6C2F2EFD99DB6B7E49177E514E5413DDA059FEDFC8C42D9AD182D0E13EBB27
          Malicious:false
          Reputation:unknown
          Preview:<?xml.s..M..L..cf?.`.Z.=.*._..Jr^..x6......m.#.,6?=.E..&.)H$Jdhm. .L..,m7.`.zR.W3....<eZSp..I........f}.2pf..O.8...I.#z..L9.P.\L".6.....z.c?.\..7...s..{7De...O.O..A...-...}./...#.Hv.c..*..^.)MR....2.?......!.X2.>;...].....\:....Zj.T.; Ym..;/.zh.&i...ax....s...Mnn.H2W0,.8..5."X}../M:../......F...[.f.~......L..#K..3..../....k!.x.......r.3.R^P. ....l..{...y*8...@...p..Y.Q...Yy.+.,.b.u7...........i.....w..?T..2pe@..h..oJ2*.G.'..U}.9..#.x...|...E.....P.r?.T+...t ].>p.....o...P..J"`ZD.Yf=..O.8.~.. . j'.....I.?.,U.t..4..?K.=.W...lsB.9U.3./...Pk.N......o..E.."..W..8[V....+..uOG..|Q...0.V..Pf.aA...W./x#.@.Z.]k.;0.H..(..J10.......I:.......1./.4.H..5v4....,c{...D.!....%o..h?...l...h$.|..Z..(.t..F..K...,.B..I.\5+..i.XE.fAT...G..P.D.......HaR9.A..d......9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490028v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1057
          Entropy (8bit):7.833801418731637
          Encrypted:false
          SSDEEP:
          MD5:CC21A00D977F174105632551D25A93C8
          SHA1:115F91B03A2E3E2E7296BD18C69368537492FBD4
          SHA-256:CB4A5BE6F0B0C16286FBE25765308350F45F9ED53761D2D406FF3100221C1674
          SHA-512:4B8EC7A657C500361833AA911A55F26A63664EC76756D471711208C215DDD1E8246F156096CCBFA52C71ED40D9F1003D2C361CD5821DAC88A87DDA1659A74C49
          Malicious:false
          Reputation:unknown
          Preview:<?xml...45.}.F.L.....]?O.6.'...mTs....>. )"U.....();.O`.3.1...LZ.~... ..!....t..".e..1.....9..V...P..8.Q+.T.._......8.x...b.. .Z.(p..t....p....."....Q.....}.O....F...1\..;|..`...r&1qF.F?.t....G...Y.&.l...wb...;.9.^..a`'..F.:M.+..._.....K..4..}K._.Hf....q.......P.|.\...gm..F.....R.ki.../5..\.......>.Mf.u<.8...Q..()c.OF.M.j.S.>.O*#..ug......R}-Y....w...P$%.".,Hr..l.... .$@O.wq.?T.i.4qQ._u/.X...k.....[....)..' ........O~.y......4P3..H........-..*..}..N...B3....^...g.6.[.5.}g*.Ry...T.....FjM..........:.....|..a.&.........G.....,$j.n..[)t.%7...u..c...|.(...2.v...Np...z..FZ.u...#8a.........R7.6~..j.3...)_..{.V..W...;]..-9...Y9f..s.B.A...d]I.#.....G.......~.yJ..]..4...9g.q.....{...*H?O..A...E..0.-.\...d.B....i.:Q.u...fib....o1..mpvB...b.L.y(7...%".mv.e..i.9_.......z.^.....Z..4..'b.g~.uOc..:.....p.....M........W.......V...c,.D..2q.l7q..*..k..E.....b...%&._kq.wA.I../...8......G...8..i4..../..|e.....y.^...8.K..=....Y.$.S.t.&k.Z%.9pbW1L8qQshua0c0KnGl8

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490029v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):766
          Entropy (8bit):7.717245430896464
          Encrypted:false
          SSDEEP:
          MD5:A437A7E06014E7EFFD6FE9D733EBA324
          SHA1:DC988C9FDB76DDCE1819A6443E6FF4FD7196AC8E
          SHA-256:BF8F3339FDC7B7FD4118645D32A5CDB5B9E2C4E7F8144ECC2307D2EA89C950AB
          SHA-512:DD18BEA2BD8E5C3289A45FB0F13946E48A60F647F9CF073D37CE0BD1E2FE4CD94E72042548BC16495C3A5FA5A1D3D7EA045EC4E2B4AF7A79221BB9DB4A7AA354
          Malicious:false
          Reputation:unknown
          Preview:<?xml.[..s....%)H)(.4......\.A<..'.e..HG.}.!l..*....r;.-..$7c+.2.X<.2.}.;.}..;.-RBSv.p.GsHb.Y.DQeRl(.....%.........Fdi.f...bn&..O.m....H......DL.O.u....M....{S..c..L.....f~.>..9....[P.3R...{...*zX./f.r../'.aH..K..2.Ibd".O2.r.......54....0.u..!..K}qn.3A.n@4?*.2.....,....sS..2.D*J.h.}@<..I...o...T..A.2Blg....i..hD.t+O.......T..q.8.5.9_...2.2....e......v.L...!F|.+y=,]M%8..<..G..A...;$..B.k.*0-.`Qz.Pw\.....x.ok.....Zh........|.w....o.=`..m..>....WJ.Q.e...q..I./.3..f....'G i..^Asj.`&..t...../E.L..=...@..I.GN.(..".hR.=`......?..0\.[....i.jPs..#.Q.!..#-...z.......%..Q"~..E\.`#T...L...w...f..(.G.3N.R......={....y....$.}@...(...~..........%.0....+9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490030v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1037
          Entropy (8bit):7.7774385267108626
          Encrypted:false
          SSDEEP:
          MD5:5A2BD99454A85A0A3EE6394192865FC1
          SHA1:A4B48D005504E29DEED9F354013AC5D143829C32
          SHA-256:1DB7365495607DA9A77082E900AE994FC463D19484B4355FB12EAE1EBA15C9B6
          SHA-512:639B6A610E1DB83472859699E4FFABCDD6F76683C486FD38B4A41AD1263DA6CBE566D9168FD69974FC829AA31A1DCB5AEE2DED72D6F51CD1F10D3A2BF15F7F36
          Malicious:false
          Reputation:unknown
          Preview:<?xml....*....V..!.:9N....I.=VMQ?(..t....i6...`..(.C..&...1.t.!.~./9..?T....1.M7....Q...y.Fb..x.....n.!....)......36b..?t.\...z.\...}.`.f...~...Yf2]....Kg.jS..4..zsh!.3....{..b...S...o1......O._p(.N.A..A)>..Tr<..i.|......i]....F...Z_b..ug,.?.rR..BF.!.$.#W.._O...-...L.,.....l-9..F!.p..T..v....B4.../.j!....L.>.h....2m......j.6|z.n_....!.!..."t5.;r$N...E.*..$...U....g.: M.z..&.M&a-..N.....I.!...e.[6..>j . ....r#..qg..*.T.L:...".K..2.. ..M./.T.......LM0M.#i.[.f.J....k..h.8.\....o..U.n.U.'3.lR@._c..1....!j..a.'...k.v.~3....o..2....L.rbGyf.W..?#...5.}.<G.0.ca.....8........u2*o...%%.h>3K..7?r..@..!.....%..d.y..G.F...D.b....aT~.O..p.(.#n...]..P.&q:.4.=7._.....0..WC..8w....G....N..M.ld.|%?e.....\37.........5.Jc.O.-..n.j..O..*S....._o7....g.L.2.....G....`0...<..1.<)..-..(...o...V..>.........aw..6r.p... ....2.....]......O.\..2V.<8.o.A$.YU.E.?.b/G....S!...ZbZ..}..`.'..h)..^`.....$...\..&..&....2....o......].9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule490031v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):920
          Entropy (8bit):7.763326092617331
          Encrypted:false
          SSDEEP:
          MD5:52D8EF14C93D52EAC932B79CDC30C4D5
          SHA1:0EA6E205A95C1873B2041B6C676862AF80E1CC51
          SHA-256:2DFD98E95BEFD639074968164488AE9F06DEA5C869885F680D6D8939CF7D0C8A
          SHA-512:C1218CE79A8C02A4501D590CE37AB2DFEBFBC6E845D9E7210DB60E6865526E67E2E1C336DB72525BDECF1108D611D21C9F944E7D85AF15D26F38D420A6F006F2
          Malicious:false
          Reputation:unknown
          Preview:<?xml.kq...`..-:.7..1TJ.....X.k.Fp...2..J.U...w..QIA[.Ow....y.P.o.&...?7.......;| H.`.....<.....+T......C.S..8.J......4....r2@..h...) ...K..^3I.(bc.7....!.H...dL..Y.......M.....>..-.....8O.}..U.......kM.'T.R5w.Q.NQ.p..nA.,l. <..l""...".-.If.u..l....T.>.)2m..0c...k...nln..|..h..>.......9.Q.J-_B....-B....m)FA</......"..'..bdR%.q/6.....E&....(.op.....P...Z..l....Q&&P....9...%.6.....d+...L.N..+...EO.k4.iKV.N.H'.B.*...m.Y~{F...p.....N)....0..ONG_..Y..K^M...j.......~\.....E.&......n..8.rgx.Q..=..b.*...&DlHD.[..;.?t..Y.Y...f.".zF.u....T.hxfyL.C..*.O...6.J..h9-.f.<m..V*.....1.!]...".H.U..........Q......w..e.W.)..g.p,h.m.H.......&o........JC....._....zk.py*.[F....0.<....j......C.....<.........q...Y.}....3....-.i~..Y.....&....{.k7....5..!B..=.=]G.G.|P....W.U....g.">......^o7n......\`dj.....A..=..F."0..-.!C...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500000v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1147
          Entropy (8bit):7.798779170988886
          Encrypted:false
          SSDEEP:
          MD5:728175B7F094F48BC099B088A5F5E2DD
          SHA1:AB45CE1C9550AC60C05C1C9B64E0E34927CFC4B8
          SHA-256:15145128E5A2400330629B69D2079CD99901CC97F203C642D45F754F8C44A52A
          SHA-512:1F9BD5F3B500AEFFD1F667918247A93566BC4FA66FCDEA1C1A4CC69475D252027A6E90087F47E2BC60D07606B88FAC03719D10308B36147F954D476E3C0A1493
          Malicious:false
          Reputation:unknown
          Preview:<?xml.X.v3.HaKnE!..O.U.y.a..q.........p.,...d/.Or.*H.."..%J&f...k.0...;.bm...@\.....`.(o. 0G..S.L..4.?@.o.KQY......0!.phWo%.R.]....U......nu...V..HP...G.K.T.......I.TX.....).......]Ql./H....L.).RY......;..3.yXp.+..R.-.g...z.....4.......!.v.S9..`..$<.=)[....tJh..B.4..H....9....C..8{J....T|').O....t.\..x...-]....Z5..]VYx..vM.C.V4".{fI.1..1h@J9.a..l..g.pV..Ub....%6..I**..,+m..-.q{R..cB.;...u1.c..J.3n.1.e.M].&.B&.fV........i[3....D...?W..#...9.`.&|..F..w.X....fr...P. .......A.|.J.....qX.?.*<%...)#..C9...Hu.....D.z.../8..0..-...d...3v.......-T..*M;/S...\.G~$....C...;X.....uctE.0+... J....pZ..}.5"zv.[.ed..o.&.J!.e[.#.gu[.r...t......p. ..9...j..Z.$9.^...$.<....*.L...IT..i.p.z"p..I&=.....^.3@..Q..A..Zp.JZi;..0...Kz.]z.ENV..D.Q .aM..e.e....-6P-.S........B......6....Qn.RC..x..!...1.k..p...".9..-..4...5.......q)0y..;......%.I>K)z+.0z...W..(..{.c...k.C..[KJ.ZQ..1A..]@...U(.H.1*...`.&+..%8v..0.jx...]...,....R.;....[r/....".....gO7{..,...N.1...DA...0...1

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500001v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1141
          Entropy (8bit):7.797158039111063
          Encrypted:false
          SSDEEP:
          MD5:F63B73AC2F5554672E4164D1D42B568E
          SHA1:9256962CE199F1D503518D9F2A621EDE6833D7EA
          SHA-256:EA6ACC9CCF25F35D862A3DB8C554077BB4B1DEA9B1AFAAEEFE3A94D933302EDB
          SHA-512:D4AFFED433410132C4D13B36FC645D97C519133A6BD096034FF98308EBBF6977845DD3D113C8ABC05754CE5AA7E28B1DDCAC34602D55679C1E5C9470A1BE3DA3
          Malicious:false
          Reputation:unknown
          Preview:<?xml.j...5._8;..m.`.!.).+.]..O.........K+.C{W-......3<.o..,.......8|r..&....".V`%.....h..>3o|.....a...T.R.....N.s.?Y.3.G.wh.F!.&...Lu.J.I,'.D.].......wk#j..Ux.Bc.8i..`rT.I.\Iq.i<;..21.Q@.v......^A...T....v.f..=..^....>.,...f./X!.R.,..kF;.e(..%....p../fcKx..`E..lY(y=2.iy&yg..8..\YK>6m)....-s3.JS.z..(.x~L....4......I...Mi#..F.h5`/kF?..Sb.........X2..p!....G.\.z..w.T-..r...E..f.6....HvCg]..o.+...'$.....Gm...5(.2,.D..E\..y...?`.>o....n+-e.f.'.tf..yD...,~.3..C.G....@..yQF....(PD.x:v.......u.l...EH...-.T...B.4..M.s~..."..S(eb...(>t..0o$.l...J.g\..b.T.U.x.."....U.9Y.N..25y.'-.1.....\).S0M.c..k<..^><f\K..8.....F.[.....,q(.bpY....mhM.w...?./........!...F.w.L.@Y...u..ed.>2..D(;..$K.......N..K..b/|.....#:...........0...X....-..Y....2+..t...H..9.(>S...)8u..D.J.w..x.........LS......3.|.r..L-..R.4..1.j.m.P.?F.C..U........v....Vds..........c.Y.)44....5.T`...8.x.}C..A~.....b.xR..,<k...m`.o...S.J(Ka..G....Y,...G.3.....).....k.x.|m..V.Y........U..h..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500002v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1145
          Entropy (8bit):7.804262270372068
          Encrypted:false
          SSDEEP:
          MD5:8EFCA0A7262C9D0B2EAEEC8C14E71C2E
          SHA1:7B7D5DC5BBC6D6F3091060E8B33E25A114BB4A5F
          SHA-256:2AEDBBA6BA327E91F18A98F78547A3F63E7041D08732463108ADA164997A4693
          SHA-512:8DD46DD2B5F1DBD2E00B4C3907C721F4B4A536B28DB12504FD4F87F27C2F903969EF654C74D0F0135F0A54CB88B8425032C41F59587C4C19A1041F6109310728
          Malicious:false
          Reputation:unknown
          Preview:<?xml...v;.z.uuc....6T.Q.v..]..%p.#I8..N..m79.H.....&..L.....~M.R...d8..1.9.X1...+....$GT...q'...3:i......!e.L.{.fO..n.....H.c{=.,mp....."...1IR.Ic..[...H..v..>....W....HV..I.V%../..p=.5....4.....pH.V...J6.>..S2..ht..W.fu+.. .;.L.._..h..1...x...E....=.....GO..lioqy.%.....'..N....@n#..0.):.3%...<....{..^........W....Z..+.?.@.!..?..E..4..Sc.<....4N.....q..+...`...O....-.d.*....D.^r......$..B...._.........C.....Dpb0...@.g........-...O2..Q...G...*..l....F..B...L.Q..l.?..3......O....J...~..H........nq..68?.T/..tA.#v.r..._a(/.........~8.....b.........,9V6@P.....2kc.|.v.TE(.H..e...!e.q)......%uG.....l...J...P..2,.[6...2.nr.e....J./q;...z.a..H...C(~..22......q.4=./F...$g..?..#.....\ ..].Nt..t.w<.D..j....{vRjX@.....C.........4..d.i/.N..&.t.:T].W.P.2......eSE.:..]`.u*..`...*n?_.:...I.3O.e....){./....}Mt.c..u&.'.-.;.z.....4.n-+.bb+5..p....hH.8M.7A.&....z...`........Q.^| ....6U......>+..W.......+...M.;m...gq.0q...0.w<u.4......K lZ.3.T.>o........>...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500003v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1145
          Entropy (8bit):7.798625553559095
          Encrypted:false
          SSDEEP:
          MD5:43856571B4FFBB84965CA936D3D0B3BC
          SHA1:670AE22790EC24997E217E9F91E8838B487BA6AC
          SHA-256:47FFF077337AA2938E6EC52A9E6086D4FFE11AFE000A548F3F14EB68091EE915
          SHA-512:573E566486864DCE0833E37F390BA4AF15924746FEE80E3CEB186A38CC29A553AA9A49750082584312ACADA32DC27A349EBE39049CDE02A46CCE9D25EC35BCFD
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....@`.E#m.SRa4.m.....Hm.G.NL.6..H.N.r..]8(^m-...E[<P.%.!*G..I.JHwL.Gy...y......s......tV/.Y.5t.D..w2dU.....C]eE.!.........?...(.w.......;.%..iO...6./J..XT.]dY.mT6.....U..........s..T....[L..D..K.+.O...E...-.......G .1.|...\...p...NW8,.... ..*.*...a..G....HImw's.<........V....M....[9....h.g.Dq&*....i.....}.i.U..5..^."....~..h.......rf.c..!u:Xr.X...jz.=.$.g....X.CGV.!........]......7Ls.....H.[c.....rh.........$s..O......l...k`..n.4... ....4._.g....mM....=........'.Y...>...o.v....B.S......$.....:y.....ox.......s.........m.^C.4+|r=:}.2.-.-.p. I.<'.........:t..sqI..9../.........I.......G.4.....&...o........r.?.6.C*...)O...fk.N...!.3....V9.]..'7.]...Q.+z...o..('.6.)qw..K0.76<U......f9...t.^.)....'..g.. .q2<...Qy.}....A............1q}..._.6.(.>oS..Aq...m.s.#o...tVgk..:.Rv.....a...G..n..S..(.m.".P.A..l..r8..m...E..&'zG..8...N....NM...R.g...:.L.m.l..n..b..qL...W..Xu.m...r...1.4...X..)....e.,....Fq.......rub..J.u.c...8.$./..&...D..y

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500004v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1145
          Entropy (8bit):7.799940173988907
          Encrypted:false
          SSDEEP:
          MD5:6F5CE522EE03DAD34DD6F0B506444BB1
          SHA1:D1896E00BE3AE67A02C440B50FD8904D2A039FB7
          SHA-256:8D0F5B335255808A9D347C1C2D272EA9007749BDCC7D29C6E50769972C42E55D
          SHA-512:11D8F977F803C06FCBEBE3D971DAF9826E9FDE1D356B8138DB74E753F6D4BF7B4BC9094341678F9FE9D30ABAA40F61029DE609202758EAC6DADBA3257EF74732
          Malicious:false
          Reputation:unknown
          Preview:<?xml`.<....m..s..[..y..Y.B..v..t...3...t.1_.....&k\..8.#[.....8..0.YB..~..D....Zu.~.O*..pB../..io....XQ.....E..J.z..TD.2...:#..\(Q...1....(h.E.......=.G.[...=r...C.X....j.$.96i....Uo..........;A.`.?.<....F..(J..a...~-&....(.2<...fT..Q.6..b...ff...H..J5...e.uS....|.....D<..<... ."../.3@.nq4../..t.`.3b.Fr.....?2.E...@.........}........:...P...VZJ)....y4....5.E....^\...EY.T....+...v....dn*..P.P`\I>...........K.Et.pXU.F..(|.>.Z.71j.m.......X..~.j6D..7.......)x.3].y.V.!....aj......Kj.Ng.ZS...T...Fqx......3...p./L/.}._.....T.h...O....sL.Q?.......(.."o.t..%....O.].f......!..q.U.~..T"....kd....."q..%^.z....|.m....-....H.a"n...`..h......SK.....~|.Zy.`.a.x.d....rU5..B..f$._..d.r.C......B...4.c...z.F../$U....}...M....]5.1x....X.C.o1.f51R|.g.Eb...oD...1y[...~[..N...m.E.......t..PI....~..Q|.(....G.>/%........z...;.......j..l?...A.=..]!R.o..4..$..PM.G.....?...N............ .v....1....1....!G......@.S..0....A.kU......-...hu.z.`s...O..w/.qF

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500005v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1144
          Entropy (8bit):7.8311529600405345
          Encrypted:false
          SSDEEP:
          MD5:24F27E1195E7743B68FAAC0AB4291159
          SHA1:20F9EA904ED600C97AAE31672B423B35882BB61F
          SHA-256:9FFA4037A153D0DB8293B778D1F78201AB4C8DDADB0C63D1C80BC1D321689809
          SHA-512:32F8C9376814286AC2339AA5B43E8BD9541E913A8C056C741D554C0DB678F0ED092EA720129971383488D9A0E6A305D71AC8F848970467AE27730522069E01A4
          Malicious:false
          Reputation:unknown
          Preview:<?xmlZo..YZ.....X..sC..8.*Jv.......st..&M}N..TuB.C.+N......X..vn....5^....._..vn....nrI>...".&.m........4R.<B.$.:h.J....>@...Xv..vIH.^{.".."`]'..%..t...hl..S.h..v......."M......'.D.U.Z.....". ......e..p.z.^(t..Y.&H...u.=.X...(._.N..m...j.LfO. {y.Q..=.t.... .lm..,..h.D.(.....>....5"./......d.5.q..'..+...^d5.(..O.FP.."..f?6..|Sr..30.?.Q..a./~)....v.. .z.i..Gm...(...l..1K...f.^{=.k^W.)g.b..N..G.4/..v.n9W..,..o............<.....`F.. .#\0,.....3....v....$..}.^...n-g..08`..F.......[..e.X..h.`/y..D=.=....N...!..-.E..Uj.....39{....k]....os...I=Jz.....`...,2.~.<..^......Zp.....|. .....\p0Tf.zz.CX.9..G.l.H9.8....F.f[.e...Cn;.....b...m^D...p..a.i.........w...{.A:.mmX.&.. :b...y3S..H...{..$.P..COE..}...n.,.W.....g.!..`-..rc....#..bJ.b......L..\;.}.>..U..-~...y.fN..w.YXZ...W..Y......k}.......O.s.~.E...U.2@.$....V.&O..3.+!..*...o.|....t..bT..^.9k.vX:...5]..LN.G{,.S...z(....7D...%0.j../.q...H..$..:......g.0.....~..".....L...F*.-....?7i}].w]....5.u.v

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500006v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):848
          Entropy (8bit):7.735904342893755
          Encrypted:false
          SSDEEP:
          MD5:127A0B7307CF91C5CD302C8E8D73F07A
          SHA1:14CD3A3B0C2E8AFE9341B912446671C1D11B1CB9
          SHA-256:095D2FF18369F0951199811B532BB7AAF2634F86E49EC7B9C7454A9D202B78BB
          SHA-512:34FBCE6E1D58454D24F37600C4692BFD6B344AC43416810C229B1F8EE6A2ADC326E284EA302A414DAFFB29471A56A87E77F5CB04DB836A484E98C6BF4A45B632
          Malicious:false
          Reputation:unknown
          Preview:<?xml.,r..k.U.%#...L.._.6r&.yN.f........9..1D..J....".v...c.jfy..........i.W....m^..p..X.........zO.....,...lu.lE.a..|..k..Q...k....'_g.>.D.....0...#...Y...e`.x...B.*.f...l4..h.l.\.}......!.......=.......E..;P..|k.w..g.....c...H.....:....7.T...wI.......A=.p.]C$..2...VH..e.G...sL{.u].gU`E<R.o..H....?.y\...P]..C6.]|...S...ruu.] ....$..?...$!...m..[.!...U..n.\N3S>ey..S.A?=o....u.ej...!Z>G..q...b0g..A........Cwx..s..F.n..o.....n2l...2..J.}_.._..95n7MA....-....t...%......N<..o.x..B,..;...8C..4Of._...y|,..|Y.7X.bLb.u........aJ.8....jX. .W..|4......)....7..D....<..x.<..K.jM.K.......X.2f.g.........)....}M.....K...Y..8.......W...Lj.^.ha.{a..A. co..0..9.5uaCy/..(.}.+..P..T...;..w...\...I....=N.@...t...#{#r#...w.......M.....e.A.X...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500007v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):767
          Entropy (8bit):7.712522602155573
          Encrypted:false
          SSDEEP:
          MD5:C5C2CAD28CCFBCE9403EA5E3990DDA2A
          SHA1:16F8A45D9F46E20594540ACE66A07F09042FC0AE
          SHA-256:0B2F15FCC71C8AB073890C9CBE7EC1C8D747C0F403E6D628D1886F61F009BFB3
          SHA-512:056954EAC1C69A0C151D388B5411B84C0079F88699AB1596DE05BDE084577E48C20DF774F38857C98F93B75B49116F80A214EE335DC608B2DCF713CE62663598
          Malicious:false
          Reputation:unknown
          Preview:<?xml.z],.+.B..y.C'7_.q.k......p....B..!M..z.!.0]v_yK...<..Qv..6.8.....>.f..!A....7i4w ...^......p..2...0.l*'\z...-z..g..r.eBJ...ey].!..x.z.S'.~..^C.>.V....Y4hI.Q*c.4.Rg.....Cz...4.....".g[.....5..M.#uxydD._.erL`C"..:h.K.~Z....O.....<.M..2U..."..p|+.6..K$.X.6.........h....q.}.>....W.F......].w.../.JK?}..V.I....JKW...O....6=.g.....w5.g._.|..E....E.z[v.....B,T.D4....~...b.ih4..Z..2.9.h.G...Jl..$..F.......E..IU.T.......e.A...a.m..2k^Sg.........=......S...1.@..k....t~..V..j.^..oP.(...g.?...N.Z.....@............U..O.k....AQ..lx....q...i...c....%...u..3qyF.y.....pk(..|Ot.e....4....e.l...d!...G....E&:.7.]SJ.;uiQY..........^.s...$...C*..-:..4M.>z.Z..."M.`}9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500008v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):845
          Entropy (8bit):7.716486898608888
          Encrypted:false
          SSDEEP:
          MD5:8FE2FE9D7DADFE2CB0809C3A4E7BE498
          SHA1:F8669558E75107CECBDD24DA16794324009EEBF4
          SHA-256:F3E78D7D92CC7BEA201B37AB185003E8050AD09CDF1FD4B8296AD1B23DE38EAA
          SHA-512:FBDB6317C10E2B3A907799B9B66131B585493107667C4EB1D57649A31BAFA8F67EB5B5D49CE4BA07522BC331F8B51C041DC6B1E4FEB6A61E12F9EA59D28EAECC
          Malicious:false
          Reputation:unknown
          Preview:<?xml..r"%kJ.W(.T..+*...5........j.4.....@CP&-....."I...NA.wx.n2...n/O..;..+]}...4.li2....L.,m5.p..q...([.P..>n.Wf.K..[..J..o....`A>.^.D....+...9.F.Xf:h...on.\...T....x.c...4wM.....[ `/.f..OYv[..\Vo.E...!h..e....]N...X....;..X..>i..l,.Ot..a^z\.,<......A.n.AYp...em..[\.8..17y.yP&bh......[..o...<.....eL..}...#v...+...Ggq93:..EQLQ...J5(... ....0.M..........X8`......~X..b.-C...c..z2..Fc..o....we..6W.......m.9W.f..V....C9......L.c.9[b.F.].V.^..(...IS........y..q....[u....R...L....r....Q.?..eXx[.vWR.'..7................p..Z...ChE[gM......%.+.+E......Aav......gi..r..8..k...fI\..a.c.....0...N~~.6t...C.......tE3\*h.....vGU..e.....Q.._r...q...B..Y.............-.h.S..+.........<.....74..!.^u.KS.!B."..1...+p...MgcK.<5x..>.&..!~..;...<.b9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500009v4.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1233
          Entropy (8bit):7.842775173751663
          Encrypted:false
          SSDEEP:
          MD5:3A6D8266C0354B260C162D211E3946D5
          SHA1:8D65C342369723211ECEE22E7BC2D4596059B310
          SHA-256:EB086E881B28CFDB377B4870CF45014D567E50024DC5DD29FA0202F08440C1C2
          SHA-512:3D3DD2A0E909B5B2038957512F387FA04CB264471575864605BC59777923C15C3BF9F31DBC68B6FFD489478822BF4ECAFBBD2E5E7AE3DD3E846308A996964ACA
          Malicious:false
          Reputation:unknown
          Preview:<?xmln......!.5Zz..-..0..x.%..)m'...7....>.>a....W....(.......ZrXR+.pX7.....b..7;.....&a...........^.'L..6.k.I.Z./o...K$..r....Cx............GE....z.6V.\.(w.d..h[)....)........9.:.jf0.*!..C.t...j:....1.0.W.[..%.sz....]f.........?,v....3..o.@.o+.o .q..r....n........*..O.E.....}f.D~.....p..#..`......y.W.Ba,..P..RoS.0SJ.-..*.Dc......Q7V......!7A.6...-..K.qL/..m.Dna..Y.`N.q+.." Y....[{....t~*a......4..P+G..n'..+........U......`.4...Y. .D..4n...l..rm0..J.*....JF.rO...K..2...~..1.#.Ep%.T.4,Ri........XS..<....'5..>Z.....B....f.......$....4tk..VS...(....)...HC.$..u...i....--.6...G...t.?.^7.+.M..<...r...6.3RE.s.*.?I1......3x0P.s..{Ji.../.N..]......<~.0...B.4...G...GB....h*?.A.aG...Q...*...e..`A.D..t.d\..0I....].7u.C...eA.C.>.e.r.D...........3 2cf.`^........B......V....H.`..>...a..z|..1.H=...Yg%Zf...Lu....9GH\..%.oR..S........}^"....x..G...N........M..&.s. ...kb..ES_..X.7.p=/..cE.T....ucg.>.....m.PH"..M~.*T..@Fn..t..\~..g...X....;..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500022v4.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):934
          Entropy (8bit):7.763788239640181
          Encrypted:false
          SSDEEP:
          MD5:C778E6D9C13AC3897CEC4A3A2B73E4A7
          SHA1:15FF066C5E6EBB9F6E62A24C64AD841F7509C9ED
          SHA-256:D0ED37BC4F2E20CE337CDC91578E28B7AC11BB68E06797EBC3E8FFEE9321B28C
          SHA-512:0BCCAA10FA373B4275A546D06D24DFA2E06F1B26E2923C32E4D080B58F1F85BFF298849A1BFED8A44F0DEE13053124DD73ABC1A46AEE1D39A909D285A608632F
          Malicious:false
          Reputation:unknown
          Preview:<?xml.zY.z.......4.Z...Ab.T9>..,.n`.%.k..O..)./...,S...p...p....>f.r=....9f..#.8.O0...p........-..|.^..(<o.}.(..6hT.......pDZ.<t.P..D..v..V......?..|. .N....s...R]hy*.O.Gke..h#./8.U9....^D.g...A..GDv>x.. 0.Q...........k..P.W.S.^....#.0{m.O..Hw..UH..2. .........T..;H-;j^_..E&Us.s%.b.8t%0Gj6.mj.v.;.wn.5oT.A.R.N. .d.IZ3>..|.\..^C.....3z.2...{.<...k.X.9...}J..PKz...3..24.+..^...e.U......Ka..# ..../..)Z...<........ ../.S.x.S.n....62....?.+.0.z...S[Z~D..z7X....p|..&.K=..}N......NVmN.H..........P..."..M~&F.[.]...Y...].IO......U.......`#..s..gTo..Q..u..Yz.].'.....&).....k.*!...F........>.......r.c..Sb........Y7.~^.......G...y.`0.."v..|...b8...1D.,S.Q0j.]d3.m.........h...."...w.e...9..idn...NT.>..j.......`zA.`......!:1.2.h.6...2..c....dS.&....$[...(c.V*..@U........TG#....k.......8.....L.T.a.?..j@.....rb.y.r....'..."..g..?9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500023v4.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):969
          Entropy (8bit):7.7824189605945016
          Encrypted:false
          SSDEEP:
          MD5:4B554261ECD27C7B95342352BA7EF142
          SHA1:6C9CF644F44AD333F5D99750D288E665A4990BF8
          SHA-256:9A1A513E0C7EA4278E8D2AFC26D9D96D2F79500FA39A9F54C44B7CA07CF62115
          SHA-512:C738D07F866C8388C4451E4E92796B87064C3C07F815D1389372CB902B1727BABB103F08B17D1848C636FD1BACC76E21D2F5F5E8ABBB6A6D260759035139CDEE
          Malicious:false
          Reputation:unknown
          Preview:<?xml*gE..J.B..J...s)}......)..Y.p.cD.........lqp..7.jE.,...8.n.....^H.F...L........H".p..4.Z.....~N...l..@.*:~[..:..#...{.....m.../k..?....6..dbW.......*..o.WY..P.M.X......m............`:...kTv,....w..y....@.&.^<..=....*....u...57.B...aNi....0..]...@....0a....\.{...0.r...[IcO.".q.,.-.rftex.0..H).x.5<..b9~MS..+...t..R..w$01.-...9....7zNI.........u.oyI....Ys..+.....2.hx.i...`...=.E.4..7.l.z........T.<9..._.[.S.(a.c.<.....|...\...]&....Pn.%..X..j.d'H.<.$./.E..#..|.fW.kh!.,..)1.)T..y...u,S..".I.0#....k..}....C`.........L.....)..T.0eV...sYCe.....<.s.RO.&h.1.uQnAP......-...j.C..D}.i.n..g....D"G.^.........G.....Z.].j\.....K......FD.$/`^.Jl.N~.d.5..K..g.k<...D\...o.....^..V,Zii.3...50K./.....]<x.e^...x.....P^.Q.#!.._..+...:....&.....E.0....-..%.M.)dBt.P'..Y..n...................E.^}..c......GZck+.g..9*.5@.v...;E..#qi.@..&4.......O.@.j'-..u9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule500024v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1467
          Entropy (8bit):7.877763655099141
          Encrypted:false
          SSDEEP:
          MD5:4CDF5BD8E1FFA300FA7815E2340A1EF4
          SHA1:4A59E7691F503020E2E0059CB53BA08B2A7871C9
          SHA-256:A446410BBC4F47208ACAF55917EFEBF2758F5AF428858A7CE342BEA8F8A5186D
          SHA-512:33CB1B14B549291A4A437565F1EF6812ADD5D200C7788AF66FF0BD55D3A56DB04A721596ED8231D3C3A8CDFFEB5CBD8C335755700CF529D526923823401584DC
          Malicious:false
          Reputation:unknown
          Preview:<?xmlMP.....y.N.s.....?esD..v?......N..\...^.;...)|k.{T...u)....W...M...G.t..dQ.nbF...w`z......q.r.-.|...Tu.....F...7... ...b.H..b.........%..F.Y...J.k..=-7Qe...N.."......(...r...Y..)vf.f..?T/'...;.P.kq4<.w....L.Oj...n.T..r.?..Ro.i.s.&.a...I......>.v.MkA......r.b5....bh|.Q.Xt.LR.".A/..r/..>.JCA..2.T....|..C..p.....h......i3(..#.."..1;.%.=$P..T.>M.T.X..\.....i...4....+...6K...-.' ...1F=.s....\..J$.......?...)...4...x...L#;CD.3.=O.Y.e.q..".)^.D......V}.iw..^..$..tQ.*s...2..b..*...>?...)8......w..OE.`r2..c...O.n"Ez..R...Mu.B..g.#.I`:.{.[.wgp0.4..>.....H=J..M.K.7ozwRV.]...%.i..$...UD..I....5....&.Y7..y@.-.X.a.......2n_}.#.^>.;....X..p~.E..%5.q$....O...r...`T...8.x.;.Ia6F....-....L...I.E..QY)............N..8..*..8f.uI......]$.......I.....`..y"....Y>..|.d..U.Z.;.^eA@.UJ.".....sy.dU.....b.,6..q.....-../R.....*.M.1.i.zkW]n.{..=...}...y.2d..fj.=I..DW.{...N..W...Qh>M}cby".'e....4Z........p.l ... .(...*a...>.L.o.n.B...?0..7..1Zid.\#.`2v.xFf..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510000v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1397
          Entropy (8bit):7.862804861820854
          Encrypted:false
          SSDEEP:
          MD5:07CBD78DF9327483B05F9ACAC5865ADF
          SHA1:606BD7A0004B6C8A08F3AC4A34C32C274F924659
          SHA-256:8C77036D57C8FB29FF639C8675F570AD59E9C4DA06B6F26FF40D78EF3008F781
          SHA-512:8220E88E77DE978F328F20453D36D78BBD781528CFE7CDC738E524F2F54BDED0558D5425B32F1684F3D43E414BA45511D01C5270FADB6562FA4B4DF7BF2262CE
          Malicious:false
          Reputation:unknown
          Preview:<?xml..+*q..#..&.Tz.~w...'..Z..(..2)c..Z.q.M...(M-vVF..A.......K..^.yu....x[..,...G.z\.l..%.!.}..t...B...W...N#...S..4.Yw|..{.8...3]....w.K.-MG.I....9B.}6..$n6.,:..=.r.v..&gN.....wb....Xt..E...}%[.~.z.9...1.....Y..&...... ...G....JB.3.....dbaq......u....*v.F..z,,..'H7.5,-y|._S[.[w.."....+,.WvC..x..[..xJ....^.B.u=.po..^^E.<?CL.i2...'.2Pi..!....s...eUF%.%oN...`6u....?.......c_..........H.....#K...#~...n.=.n~....}}.Y3...V....f.e.K..jZ.=............ .).....{)g....1.f........!..E..y5......).........g.....c].L2..}r0X.N.r.9..............n.C..H.+.T$.....@{.%T..n%d..'..(8...?.b@].s{.&.{=..J..^[.xZ...0p.s>...@....>..s....<...&.....3pG&t...t.x..J..G.))...k<!..R..j.]y..c_.;8..{"W.y=..:l..O...[...p.h..L1..n.o..]..d.,.&..$.........7|......K.^....F.....D...Hq..]"..G-XQ.:..(..)...=x~..YL.R...&...A.tb.\..-...q..+A/.x...5[8.......rB.~0......N.2.r.R.v.RzV..S.?2.\..F.......k.^.a.o.]-<%.tOZ.....).....:....yW[;..D/4(...........W..m.^&r....E.A.."...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510005v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1269
          Entropy (8bit):7.8491083834898046
          Encrypted:false
          SSDEEP:
          MD5:A345B7187A1D09CCF03D1078C311E794
          SHA1:F28DC7B28B71A9498460185ADA8002134CC674CF
          SHA-256:24B6CF69485B9AEFBA767FAF26E078F7AE215636E2213178E73512388FEACA19
          SHA-512:A71C5677D3F2026AC7E73A8D094B6EEBF913144638DC96CA0021069D774D22E424D22FFAE1F476CA4137803B81CDB8A1CACDA43BB55469F214CE503938F1268A
          Malicious:false
          Reputation:unknown
          Preview:<?xml....a....[.A0.V.).m.9.."lN.j.....?.."...x.7L.Y2C....Q.9.....%....%s_h.E. P\...A...qhX.7v...F..X.....V...U..m'm..j.T....=......d)..w..G4...".w~!..dhm.T..a`.....(.....A..-..=5...g..9.@...,..'.h.P`.....q../i.. +*.k.37...PN..t..0...8.3.DG. }ly(?.Lzj.d.gajvj7V.....|..X\.e.t].....V.A.../2..4...w....0.9%E@...6.#.s.O...o..P..%..G$...Zft....q}A....`5E].c.V./..R|..O.1K..y.n.<...\)'...}.m.z.)..h..f.r..>.;Q.N.^..*.<..C:....X..\...G....r ...F.M./.9.`.._...z.8........^....N.[.o.v.ZE..F...-..........eV...0f..9.7......D.,.f.p]...,....S).W..T..B.G'#..n.m/[.,.^...r.......G.#v`.7...Z.x.H.h3..F..c..V.wo.-..0.....?e...u.E......]..^....(f...U...........:+r...;bG..e......m../..=.|...E.l.Y...b!.....%.?L...J..O..x.wV;..e...........|.[..\...)%1J_.U3.=.."I#.~.'>.....}.......J..j.B.t...&w...z_'.no.U.J....<M..t-H...k.rq..on.%.a[...#..Mb.8,.]p3_i(...G|.....F...8...x.d.......^.%."....A........\.......A?g.........d....=*.).UG..#.#*Gq.*..f...*X.S@..&.....>............

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510006v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1088
          Entropy (8bit):7.802809931674383
          Encrypted:false
          SSDEEP:
          MD5:D0759825EE2CBF054887FE28557E7D06
          SHA1:7096A90051601F85814EED6FCCA5BA5F0761EB4E
          SHA-256:05B01406AF0E6B091BD010FBE344EA77160191FC4D250C56356260E631CAF91D
          SHA-512:F470BFCD50CE96989DE5C9A0EC0FCE5753A8D56C0853DF22025D35A2B72E5D013FAE573E824D91F064EC0C5EE6C5323C2277F7B8D8FEF96C093A945C1300F47A
          Malicious:false
          Reputation:unknown
          Preview:<?xml0..Y...mv.}..'......f.sO.R.ti.<....%..,d.<.M..3=....p....'.6._......t..Qny...w.......c.<P.wh..l....fv.m.C.j..[b.`.J8...l$....[..}\...6.v.?B.........9.,%{KN.B'.0MV...2.Da...W........e..Y.h..RD.......H....2....e.....k%..GV.Y..F...j...t.F..w...c.b..N~~.l...8.(....}&.X.....|.D!..E1..(..e.e&.....T.(, ....Z....'....H.W<A.n].~8..<%...,8.....V......H.-...`.UJV.hRyaoJ-?zT.G....M.:......t...:...4,2.....f.p.Y.".U6!..LR+Bo..eonE6...9{......g..s.gC.$..uR.rD.0....{.2.D..YE....z."..$....^J;....O.a=i.7t..w.x.R..2;!B3S.R....~..kLI....R.....tR.zu.g...+.F.gYG&...mr.L..l.....m.>..........+.b..ik.0.?uq...gv;U!}.R......F..AS.kr..4`.k..S~..;Uys..../v.U.$QaBICaZV.....e...h.`9..{...q..O#..|.,...g....<..+....Hm.....i....R.u....k.e....[p.y.Wo.}k..?p...%.+.j......m...(.et..:......|h..v..h.#......c..A..\-7.......@....QF..B(`.....2...y....~.Y1.>...4L...C..a.I..............9.{t..A!...."{z.S=.o.>......]..)K..H.....E..*.......-5....O........EC.*d..k'$".j.)..G..^.&G.'R."

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510008v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1100
          Entropy (8bit):7.817664058729795
          Encrypted:false
          SSDEEP:
          MD5:D80A19429515B1F4228FF7BA5B585D43
          SHA1:3FC373B9A12E33CB70C7F837496098D77B2486BE
          SHA-256:EB1CDE7004510DB0E7EAD3AACC178B05499892855B0A272EA78879E7E65248F3
          SHA-512:9FCC0E3464229F16122AAC7BCC01F34EE3287394E37E141227CE0043B3628641FEE794A5FC89F447C2007720FA8DEDDC20F441B715AFFD4DF6AEB966AA8B355A
          Malicious:false
          Reputation:unknown
          Preview:<?xmlN).h..R. .....M+Y..H...w.JdT......e.c.}.diVu9zP..(....G...aj4s.qn1.*......_...X<...."..f...O>.....5y..W.b.1;.@..b.'.mAr.r...h".E.....}.:..............*_/.W.0..........8....2O..^..1g..Hs.dM........_DQ.T.Py. u....W.}.Y..i.E.1.O.c5t...{..........D.?Qr..S.L}.N.Z...U;r-GW./...9.; ..^.}....[...>/..O...4+.N...J*.P..V.I.9T...{....~yn.A....| ....#...fc-../.......&t.oj<.b.....m....u..m....go.My.....}..[..5k@.m...f?...{..`_...........D~XH.@{..s.y....DH\...W1....=>. ...[..O.....~....\.#.|.<u.+j#.x]...B.y..@.X.1........#..2~.Ox..k.N`....[;$.xsI..P.".......,9...o.+.t$..f..hNl.h..4........R9...s. .)...q.[....5AQ..|(!w...Cf..U...v|I.u.s.9..r...@F..NnT...07H..n...T......En.'6..#.....AY-..,.<.....!..$./.`.y..N..a%'v.u..........C..o...=.U......._.-j..e....vD......V...gqc.#..<+C{^?c$Vt*.....w...A.......2N6....t*.....(U..i/..m.Nf..L..I.XH8..y.k.....+...c............e....c%.m..e.T....L..P..._..|..0...)9.%$..|.q.wu....:..F{#<r.r....IJ,..\....a...m.......e..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510009v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1192
          Entropy (8bit):7.81672722135091
          Encrypted:false
          SSDEEP:
          MD5:8ED9323A12C74803740FEB2474F793FD
          SHA1:61975C5055C9E62CA9FCA95F9784817B73B2D709
          SHA-256:F37F9A8B9A365BC717F17AF66C07520BE28FA978E7E6D5ABCFC029E03BA769A2
          SHA-512:4FC9D44C361335B8736F953ADCB810060A9FD37E80CA8832F8839DA41D2E85D4138AF349A6031DB98831626934626213656B3BCCCC6F0181BC4705D1F634319D
          Malicious:false
          Reputation:unknown
          Preview:<?xmlG.......@..8.Y,Mx.'.:..v:...+L.C.s`.r.P..k.6?.06.rK4......W...(qj<]A............m.[G...A}D"./.QASW;...A..............9'...w8`g....T.(.<.X.e.....h..l.2........S..M.5.q...z..C.F!...__Q....I...~bm....;QvC .r...p&.lr...........u..O4y.#._..]@r.N.............M.`XS...7.-"%.b]..W.b.2q.f...!.......T.K|dKQ.n.S}9`<..s.?..a.%t,.z....o....-8WT@.z6.fS.`..9e........G9.j0f.K.K.J...G..&.{..-...z..H...I..MW;@..IK.....r..9.f..f.!{..]....E...........U.....|6>=x)..,.....nQ..u...*..p..8.VZ...!.......5...T7...;...;On>>u..L._7&...$......Ko..f.H..@.......R<........X..^..q..;(...^...%.....(...v}.d.q.....c..<..`....x..I...L.z?#..E~...V:.....y............Z..p..2.......].M.7$.....SR.i..(....1.VhZ.YL.z.9..~..'..;Hk.G.y...'....>$<m.c=.<..a'....<.l-........~..9.w.G.A.......e...U0.W.f..a.\..I...3..o/......B/.u.......? I%...#.(..z9..?UM.fr..u..HBuAS....Z..b.rN~....]...R..L.Z.e.....OY.....[..C...74zg.........J..-...rW.y.q<.R.w..+...'...V........%............*s..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510010v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1031
          Entropy (8bit):7.792394564844073
          Encrypted:false
          SSDEEP:
          MD5:D7F65561F1D1CC099AC98959DAB1CBB3
          SHA1:8FB0CEDAB6A08569D533E143459A6DB5D0A4C1D6
          SHA-256:7E69F9CE2EB24D4812D60D84B5F6C2B94D0FD9E41C7DC869AD734BE2601C1EF5
          SHA-512:2B58CEE9C32B4A68BC362166D5F5DB72E256A2565D8BE899E0495A2682D8667492F8308AA81836256CF5F24AF92A69E67223F41ABD4079754B38889A0CFBE47B
          Malicious:false
          Reputation:unknown
          Preview:<?xml.2C.0.ko.ur.1N....A......x.C.....!.l.;.:d.d}..<D......S.a..r...}.....q.../._....)..c.pUdP...U..d.+.3....\-i......^*.x..@..H.<.D:.Y.3..q..!C.....q1...T....2.a.)~.....d...i.5k...u.j]JAJN................P.|)...8lZ.L...5..1F.>,...s..KC....e..*...q.-..+f..s...Re.=..E...."PG.....- ..\.l.e.R.E!<Q%.rY.ib.;t...w.h? .3Q.rb`X.x...v%W(.<..}~.l\..t_G.c.*"...s*..@..s..<.v..A}...=...b...X........b.E:..z..'.f.x.........=...8.<..<a.Q..$..op9.j.....t$.,.hf.....O....9o._h.Q..E..b=.xbR_7..F.{.8...{.Q......S...M....<.Q....c..3|..;.e;..#.Ar\.t...H..j..X.a@....GFzn..T..Im..&(L.9..#RO7..P.F.U.P2.()!.uo.R."{x.YjD.w.......g0.N.....o.H.C...:%......"@f$...........<.....q.-.)..;...:.L......N....n..j..sq..w..O 5?X..Q.=jf<0......Uq".5.........2....JS...6.[.H....g.....ZK.uo...j......[*..Q_.{a=.-5/^.d...@R...w..D...,y....T%U..vG.J...3f..............hB.X..o....g.$.e..l...L..a..g....h../.6.D=1e.jA.4...w..c.n8*..pY..`;.[9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510012v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3884
          Entropy (8bit):7.957298252523154
          Encrypted:false
          SSDEEP:
          MD5:6D686EA0015AD56736D045C58D0C8EF3
          SHA1:219E3C348DF0CA062B81A65D3C36082F6E030D89
          SHA-256:A921B664162E40327E0EAD6BE6A87B21D06E9CC8B2BEDBC2C249E54CCF7A7BFE
          SHA-512:6E302962EB6EF7719C6481148EF037CE60ED8D1CBDCF2B7F99969550507E759A23868A15CA5532A360FD4A5FDAC12A920D3D54F8BEF35A3BC66BE3B69C25DD74
          Malicious:false
          Reputation:unknown
          Preview:<?xml.".u.xt(.Q.`N..'][.|).g...wg. .p.../.Ou|....v.....^..X7...T.u.]...~.....E.?...a..9..........K....].vj...._*..\.l...[..z..n.J..S...(.y:.H.X..=..O.....gj...6.b..-.I]Mt....M.).K3...&y..!*.Y.......}.43V...\Zh%K....Gxx`U...3...F..k.9...,e.V.......P........B..D..L.,........H..Fq..9.J.'(..^6.....s,h.W/..F...S....!.n.....F...S...?......#..j...qZz...6......Q>~B.&..P.....R.;.P.*.Y....8\!........H.>.5LI.aK......".......w.?../.|2J.%.1<5...bz.=Za...t...$I.~.....5O....c....=..K.mv...{.<Ae...x.....VFZ\.....U<..5.d1YG.!..."...Q[.....Yqg7:.&..{.<?.C.....k...f.7...?+.V W_.Y.Ltw,}..D@8......Q...&..$./.....-..vsW..g:....{........>k..S...-.._.*...~w.....hgy1I?X.b...x.....#.R."...J..Y-...d.....o.......cN........]....dr5z.G...{..../(.w.]~...4...c.....rf...8.>{....L....0....;..#...br...P....SK..f...Tu...r...(.A.u.=.s.h.z=..G|...g.H.XxR......3......&.......m2.4.}..Z...G...@..N-....^.0...ykV.D..;c.7...(&.T.dm8...7.;.h.......+..1.U.AXR;v`...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510015v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):790
          Entropy (8bit):7.7394897969283605
          Encrypted:false
          SSDEEP:
          MD5:63EFBC13019087DCC0A6C6586318832D
          SHA1:76AFF54AE83F78B568F6FDD42E4CCCDBEA6E568C
          SHA-256:A56E5FCCEDDDA1076B340CB6EF2F78255ED75832142207ADC8A8D9F6B27301EA
          SHA-512:C07BE47DC8FF735D53DD5BF5200BCF05D36B651F6B669AE26E643F0BA926A97F2A742B3F56EDBFC6774D1AD647192620FBF7CF5FACEBF3255730AAC266187C32
          Malicious:false
          Reputation:unknown
          Preview:<?xml'"Lw+...#.]EcKL.0._M.S...~."..].x.k._.!..vf;..y.J.:..M...$']1.EAl.....^..B...c....w..Z.L.Y...`....J...B@9...}PC......kB...+!.n.....nm.e...w...m...n..$...Z.S...>..dt......*.......X...%.y...o.../....}u.~.. 4...I...........,L5..3U..6....+..f..\....g[.U...~^.FM..G.......5...R.....(...*\.......^P...I..y..K.YG}T:zX.h....,<>...\.5.$...`..|..........za..~....%.........T.h...M.0.M....B.1<.|....J.T....(..g.^u.d V$.D.h..T..2...ES...0....hE."O.....LyPr.uC.{...%.>.l..c..T.(Y"f.:..y...o....+..U.g..L.M.....=.(QO..gh..n3..)..;....c.h..../.@...2<n.`GA.K...<.sxM.h..?:.._.Q&.v.w..8a.b...U... I..n,....&.D......w.Z....P_6.......NO...M........W4..f.HF.%.L.~...;.%{9...G....x..9.q.\0~@.-.J..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510016v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3934
          Entropy (8bit):7.95637583260285
          Encrypted:false
          SSDEEP:
          MD5:75A381E5E4B64A7793DC8FC0B5BE2E98
          SHA1:D0F4012E9BA7FD7A04D81C6D8E197D91768A2607
          SHA-256:CB2256C8107FFBE12AA0863FB2AC0CAEF4FA450C1788AD155564085D03992C1E
          SHA-512:44DFBBC4EF327A7202EC57C2D5ECCD82506AB8FC55A7D91182B720DEA4D533D220CA0BBCC07450C7B3E90A608162EB1347EDC283D520711EA37F75984EDD5E64
          Malicious:false
          Reputation:unknown
          Preview:<?xml..lN.S...?.......K..r...|9.|O#[.b1.>.k(.....5.*....M.L.-.Bj....|..E.n".0.8@2....Dr.*as........1.R@..1...]'...LT~s.M..k.....\52......Z..qs...*.SJ..p'x.....g......h.<m......B.H..XU...._&....d..7^kEJ....d.C....Om..<..9...P...n.....).<..">*2."e..P...x).^..V..k...?....Dy`.B.DU...../qp.i(.{...g...7.*.....U[.r..g+HJ..=......H.)...7#.+6..(....Z.n..Ce..g.=...t.j..%...e.n:..w..2.......t...v....m3...=..{....^dA.1........F.$?.iU.{..@.v..|.f.N...[..@.'{.4....@...Kg*..p.L.K.......E.a.X]...5.........Q.Jqh..+w..2..xw./........$?s`={E....4.9....8C....aj..............\r.:K......"........K.....9TZ.U...a$.}.]=t..[.._.^b{2..y...Z....-..J:.....u..{g).y[.....F.|.R..'.t..3...>.....sd0B._.I....c....w.wg...v.._".>.'..%M@8T..._.|qs...r._...X...H....v..D...[n..=..=..N.u./).6.).l7.H.p.$....0&.5.:c..k}...y..I.U..J#..+......L.hE.\.......6.....M..K....(V....eD..a.....#.s..;8.p...I.Q..}r..Z..k%...^.....[-\`._\E....j...4i/..J%.....Cs..F7.P.m..:I......S`.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510017v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1148
          Entropy (8bit):7.814073434052735
          Encrypted:false
          SSDEEP:
          MD5:C3EAD828B639AB044E75483EDCC96E45
          SHA1:39E47E18056B1E7468A7B4646CB237A669ADDEB0
          SHA-256:B7C0C6D3E6B674E225E1642674A03AABBD8BA9AA40A06A0072CBFE9A787AA18A
          SHA-512:1A13E854DAF85CE8EB2EEFC1693FBD89B83BF8F06447BAD2A5B6B76658B00C604948FE2BD0D6D3EEAE81856402FB139CFD7F74E775BD90F9B6E36A354A87CBCC
          Malicious:false
          Reputation:unknown
          Preview:<?xmlM..S%eg7...'.5.........QGU.j.^..~.eg]...y`...~2,.U.g./71Vk.c...gJ..l...(.54l......P....._...9J....<...T..{T...?..4..s....Y.R..<>SM..$o..l}.*...He}..9.......o*Jy.........g....![....R..t..>G.j.<.D.>.....0..... ..1<.u.....T%.Ke^]....q...dt..m...S&=..3....I.s..,.&o.*..[..J+...N_.!.%..w.WM.):.t.`......*.........F&..../..$...._....0~.9.]VU...\.o.=.......P.J=.\p..N....1e..g.pI...yB2.L.z.B.(....S.M..u..A)..Qz...'..0fl].M....&....h.IT..Nw*.....`c..J4*....l......>..n.T..T.>..?o9(%.+.Y........-...`.v....j[.....8xtt..B..fh...9......,.\U.m...p..?..y.Nb._A..nBAn-..#.b...%...k.q....:.W.nI...Ww}"...-.O...l..UY.r.....|.".e.X..J.........mq..b.z.?..{.3...L...Pv.q<%..T.......].\r......a.g1.....}....h.....k..}=).vk...OO..8$....*..;52,....R...#g....YU....A...j.....=.rdf4.J.UDx....Q.e*.3KP;h.0 .D......y;.D.J....-....Sp....E[.9.?..3Y.B....M.G.g.G...W...h;.p.....q..H..-k7......e.y.....A.-...8...ZYK.>..qn"..s.1.....=R.`...D..`.l.AH....X....ib..28Q......9.3t

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510018v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1782
          Entropy (8bit):7.873945762222614
          Encrypted:false
          SSDEEP:
          MD5:38E11C84BAEC9E24AFB49FBCA5DBCF7F
          SHA1:1E37A04AE2FA18BBD2606F711E7451BE8CBA63DE
          SHA-256:17E56DA34E3D988E62353E8DF56B75E4052A62D2FAC7BE58C8FB8C6485FAAB19
          SHA-512:E6968FBB6E4985EC4C568A761F50820070BCD2F482BC1E80E2DC545282187F53C1B9FFDCFC64ADA29BD189C1905CC8324CD385EBA0F7FB0C86E7C676EDE4B6A3
          Malicious:false
          Reputation:unknown
          Preview:<?xml_..".7l.....a0...w+...W....k...3w!...........C.;..y.r.W'.V..-...?..n.,..+.)........c.f..o....R>R....T..l.@1..{k..c..3K.-^W...X..P.C.r|NH..9..DK.\.....h..].R.B..f..W........(}..f.....?.Cb.w@3.J.z..'..M.....P..[..5...K.f....4......u'.+._1.C....Nv'4.N@.>.:..m.$..<3..q......o..........U.....j.UD..tt.S.cr?.N`j.......K.F!...7x?.j.g{@a.}.....k......_....+...Q.L...S+..g'..`.C.-.......b,]..2xO.G.?..8.<:.......W..1{.m.tv.$q.D.x/R..b3......n.y....f...^.5fJK.`.`.0..`....N...i....8....o....Ng...t..b....i.$.$..v.?Z.,._..,O.._Y.MI.....y..Ii.P=..P_...q..mys.$..f....K....M.5.7.....t.=..E-..wb[I.-.hF=......:.l.A.t..p....,J..PBb..N...*l.S....(e.+..2{n}e..........]Nm>3.~....v.q.1..x....t..k..'#.H..d.7cZ.YR.b..o...8j..5. O.X... ..Q.}@.$)..@.._yDU..?.a.@U.yt.F.p.[.Jk. d.Sx...{(..@.[...lf\Y.T....L..=.P>A......7^p.N.$N.s..Bc..l.BWQLE......0....<%T......$V.w~b..m3...E.[.;.^.#.g....@.?..5..Q..:.S.}.x.Te2.._..N.v.y.8.~.]$ .]..2.V.^e.Xq..[`.M.Q.(.....$m.B%...4......e..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510046v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):791
          Entropy (8bit):7.731131680787422
          Encrypted:false
          SSDEEP:
          MD5:79DF660EE6FEA99063C850262CBEF0DA
          SHA1:464CF05115911D794F095B276FF7E79CDA1FB125
          SHA-256:BF365DAD7A79A05B004ADBAE814206098683816EC9792656778D7FA35406EED3
          SHA-512:616F2475159DFA3A429DFB7BD527A2578641A18F47358D74B97F8869203FECDBBDDFD0DB1C257F105B274D3204B79274C03D4EFC87FC603724B7E3FA0803B990
          Malicious:false
          Reputation:unknown
          Preview:<?xmli.. ........!..b]v...{.}J.^t.{.'{....O..^..r..}B&W. ......y.G._....._....G.0.G...'.q..p.f..s.e.u.2T.. .n@..4|...m.6/.p*B..7...Pl.W.&.L.Fd.?~.\.N^.....9.....1:I.;........W..WNh.=.^...3..B~N.N.U.s...9.e..`/O.?..Y{..C..P..lx?.Q....o.F:b=.[..wg `.Ln....}M#..phR..1..,D.u.7k..].I8..%... .....j7w.^.3Z...(,.V....)..H.Hj..5....|..U.Y.# ..<...2.C.....K..7.$..].6....E}./.GG.e.r..z_...9..p+.......m.u...$..7.f.O;.....Sv....Y..}...y.6\k.8..}7W..?..HV..#P..I.jr....B..*...U(.U..m..R.._.Y..Y...b...../].........a....e._..w..-..u..(...?_MuY.....33..]...A.!.V..8aB.].b{.....2....@3.....4.D..grrK...i......B#e.$.;(>T]...4....xu.sX$...{Oy%.<.<a...d..&r.|zy*...y....jX....>.a.......U1..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510047v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1082
          Entropy (8bit):7.792348289216557
          Encrypted:false
          SSDEEP:
          MD5:807FF213936B5CC2CB4B316ACEBAD8FA
          SHA1:9F9E12F3250B2688B0305F1596CCD2B3DB5F3A68
          SHA-256:CF5B5EA338C198CB6B4B1A9B974F5364E0622248692266AFB933A6047E7C7781
          SHA-512:68B99521B38F6A8404F4613840F73747D0EC3034877CEA2DF7FCC08D48D34FCBF20626FEACD311A9549757351F1C7968E8A2C95ABDA80C12FBC2D9E0E21477DB
          Malicious:false
          Reputation:unknown
          Preview:<?xml........1...j....m.\..2....La..'_......x..<.S...I].... !...H.e.3.@CVT..:g..f._..t.3l1..... .9.MH..o.6...h..~......iNYDE4......NS...n_-.?C..=."-....0.[...m.Cry7`W]=..g..%zN...Ou..Pxc..ZK.+.O..y .|Dr.^.*.MV.m^.O..wR.9L3....).W+Y.....Y..,U..;.,%.....:...EDQ8}Y.%&.s....i....J.w.i.......:7.2......(.....v/2.aVe(X.=.{K.Y.<......yM..5......u.%y...e.pA.bEB..E....-..=.m..((....F.._..j.l9t..j.........A ..#W.3S`..8.0<.._G..Y.Y...s.eI.R.8. T..tG;..6m.N.j%..&..[.=,.pvT.81..b..}o._..Y.G...i.....R4PE.Q...H=r[......kP.H.Y..lI^....#.`.E4,..\....%?U.C~o.tOUoQH..!..PG&...n/^M&...;.......{=..p3.+.......vq.;.Z.C.z..SnX.2.%...>.Q.}...7i.M..}.@.-.......s{....`.p2..Y;.^.+a...f..o..N.`.{........|.....o........{.`.p....wo.!Q5../.9......H>.>. ..PC\.*..J..y'.k. ..4.._.0....L...B..|1....>......q...p...j...etV....v......&.U.`.n.G...R.....9........I.1......M'...]....6.....X...O~,...6O...U...&...S\...i........s.$.j.gYK#.=c$M.Q.AJ..n.9v.........)..!Q..0.4....8.g...r....#`..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510062v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1061
          Entropy (8bit):7.851991195784501
          Encrypted:false
          SSDEEP:
          MD5:4B31E1BC42272E0760FFF3BE575A0094
          SHA1:F1F14C53185A1EC2F46098BF772D9E9343666E8C
          SHA-256:96EC66BB3072A33A3C45D15CC8E314D9159A45BB106E7FC535ED47C804D14952
          SHA-512:592A6EC8ACEFA79A898EE4D402F412CB08F91746DEA117DCC9073EF9EDCF7D58B2CF7D7A5CD3A0EF7823978CC59C833D0CDFD51787DEE9466FCD51E1034F36B3
          Malicious:false
          Reputation:unknown
          Preview:<?xml..tf.0.....u2.[....;R..)..4..\..p...\.......(...$.6....X...V.c.cmX.....2.f%..8..V..o.....T.4........L....k..<..-.L.&.6.....?1#+..u..;.wVB....,v.L.....yl..O.^..... .^.a^L..Ce.e...\.2.g.&...#.9.'2_>jP.z..m.....,.....?...5(.Sl.W......^h._.P"...!.J..c.....+.".*..F%A..;....".2.QPo{3.....,.l..1Gi...y8:GK,...M..<0.L5....M.....z....y....8ys.../0.`NN..kZ\L..[.P...[.A..@..^..03...|@...B..?c`g"..TC.>....^...m.3.I..E...jGA.../....G.d.zq.8.y.L......>..G:.u5G..a...=..<};.*.K....O..#J..x.(..........]9..|P...W..{s.@..f.........V.3-/.8...z_/l..pU.V....x<......vD..i47.\..V........C...)..z'ReS./.m..#...4...........>...g..V.FT=..+~..g...I...<..>.`;3.#......$Eu.sv"...K..t6|.tJ.6...o..t........|.?.....R.......&Jhqs....Uh.......Y..i+r.R.8.u.....y..^.*l.o1.2.....n..U.b.....z..5K.....vC0.7...&_...V.Mg...<...I'rn)...q...9..jf=.J6..Y.1oQ.3...l.Fl.+.0.d...B...h.y...H.y.}#..!x...!..."..."[....(...+.&..,...z.cVr.,Y.....(.......&.F ...O.D...9pbW1L8qQshua0c0K

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule510063v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):801
          Entropy (8bit):7.733025212419583
          Encrypted:false
          SSDEEP:
          MD5:D187A62AA31E32A0AC86134DE6CD4912
          SHA1:06D9ABA931D1614AD7F3B4A2A70484D69A26AE01
          SHA-256:1276686CC9D873EBE9EB61864900FB48FF73B352D03C877068B9A969ED052F9E
          SHA-512:3D3A3864C65A9877B8BBF06E7BE205CBB66DB2886BD6800909F24BB6463CEC68F353664AA125D14342121B037682A8E56C0FB9D3C28419B9CC0B64E703365541
          Malicious:false
          Reputation:unknown
          Preview:<?xmlwZ..N.......M.Bi.3...i....@..L..(w"...8z... .....1.&...M~#L....8-..@.h...9.wt`...8._YG.+...#.f'.....B..Vu...k....>u....1.y^........m2~7s...~.@Y!........S.N....'.m.../..jW.C.(.....L......g....7.@.ZM.D..5r.LhH.R..."....GZ..*.+..^.,......c.FI.Yj`.....u.-.......yR.kk..]...H..b..c...5....$...+..\..[..H.`.......wE...H.....kI'...U.^c...e.nd.....z[...........7.E..!..p........FR:.udt.G.h.eK...c..Q...D'*.P.J!...{b8.}\.8R...c....?..YA.!.......lM1...o....k..}.DR.+x..a.h...5............#.J~...-....j..M....?.L.*..cWsu...^oIN.........Z<jl.....(...!d@...$.B..m.......;.../...x.a<.........G.'.._.~..4....:.. ..*.r....W2..`.|.d.N>.ks..;..sH..M..7.#.# ...ti...:Y...i`_[.nq..r..).!..P.>..f9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63028v4.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1485
          Entropy (8bit):7.853897530128899
          Encrypted:false
          SSDEEP:
          MD5:81C45AE656C954FBDFD84EB24DBEF2C4
          SHA1:4315214684F5DA9AF211082AED237E42F2A7100F
          SHA-256:8EC39BD5D239D5F007BC8E2D00F098A753B46B400938218A412B2BB741578DE8
          SHA-512:84AC0FC3C7047E33081CBC1F091AAE268831DFE3790790132544537AE1121530A34575BC236B5615088B459978EADFB77DBB34D8B7E5C932647415BC7D49A97F
          Malicious:false
          Reputation:unknown
          Preview:<?xmle.....:...c....B..J&....s..........;-a..g.+..e....S..B..J.*.36...]J|......\.7.@1.f.....2kG..... ..f.4.....)....._(.%.T.$Ic.6.X.....*......o.A8..1j.W....H..R/D..v....v.\2.Z3.......T.<..i.%...v......lqLB..x..2.7..RA}O......3.......4...SB.79|.8.I.Ug........AO...!...].KB..\.1.2.7.....a..gf&H..'D.|.. OV.7......!5/..?.s..........W{B..3..~.?L..\W.;._~......._ZX...^lH.3...H..x..O........5.:U....X..s..,+2...."..]....Ip;.c.}...!.V...kaB..`..e...aa..f.z.N..Z'..@.~.M....Pe{.$...o.?...5."`0....BT_......t..Hv..qT.vn-...h.....-..=j..E<P....NcI{.9S6E...]=4....;..~..MM..IK.Y.;......1G..o......=}..3`...?.5...5....`' #;....9.3)U...I...x|.C#&."A.F.B.j...]......|.....w.|.0..Sw..*.].YR.Sf$!......Q..]..q.....}6.T..z;Qm.s..F..U..q1...e.R.......6.......3P..$i..XKZ...E.rW..W~.O..O.n..Y.8=.=..2$...F..Uh......1H[.h.Yg.N........\..D#....42..../...w.y.v?g.....r....E.@.....|AQ)FC{V.1.Se<...}w..0Kh.=..jD.<$.N..l.@.;8....P&...q...i<.!..z+1...^8=..|-....jh.X.zr...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63030v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1340
          Entropy (8bit):7.847833113424294
          Encrypted:false
          SSDEEP:
          MD5:05489312F0C770A67C8BBBD85D3DA80B
          SHA1:CEF446EAB3941B0C2D28E2BBD3E9831D4F2F8AB1
          SHA-256:A2153A4736C490F7DA644A44DC912664054722DACDD701DF38DC21FB642454AC
          SHA-512:231063A789D3CAE9C33BB119236C9BD8FB6E72CECE764CD6C8FC998EB7498F043BB0A347E6E33B51699B560E6F5787417B500EDC4A42E0A678A0A2A186F8CA0F
          Malicious:false
          Reputation:unknown
          Preview:<?xml..J.c2.Au..0{.H....{pL.Z.xzM.......C.M..p..s.5YP..@.N.....J.U`.ec&..r.O=..3......K..@.*.K...X$........&p.xz.SG......R.....f.'S...W.#0.Y.>.k....zWqc.&..Z#.h....T.jk.3..MV.,..6...>.E'..Yd.j+..h...y..7....6.....\u..T.......0...g|..l.....C...(...]Uo.nr...i*\.i.J.h.-.I..7@.".J.....q.....E<}.fA.u.f....rE%.......R!..."..q";......c,.4..3%.2g.fL...Vp....QKr.H.=...GY.=76..E..:.F..%!.nD....%....X.$]i..2.1.Wmu...<7&....mxU.Um..<.....<.).R.....r.5..,."2S.n......._..@. ..V..CLg....?.'.t.M.;.tq..-.(+....$"..>.c...%.<...^/.Q*.X.=02.1.fF...3......U........yH.N...$(k.>......\..\2.=+...(. ..m......+....zE..*.Q....G.....Ak.{,|.ZC....M.to...w.....Y.L...3.S.....`.{.O......q.@.....9[].Xl7E.q..o..w....#.....~.....9(]..;4..U.%....@e.yR...x...s....>.p+.C..".G2.*..V....F...|...3b........y..#..MP..b..Q....h..-14.. .k{.W....G)T....k....:.c/@$U... N(..&..+...x.`H...(...`.6N^.b...,..7V.....#.q....ap.e.6Ts42.y.Rz.Li............Y.%3.>..,.>c`5..u{M.B2..k...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63038v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1261
          Entropy (8bit):7.821189757445058
          Encrypted:false
          SSDEEP:
          MD5:60F756BDBABC006AD67CDC5E0E95885B
          SHA1:022DCFB90E70FB99607BFCF024C2EE543D7B53C5
          SHA-256:FCC502599BAA59FB1B76FE4095047BAC4BA2D1C3BC38DB63DA46D69154EA5187
          SHA-512:AB681137888B1FFDD4986F728B0C6A420837C6017B217C2B67EDE463BA9C26DC7BB1ABF8120EB98AF292738D234E00A89BA2F1245C5EAC9DB12427733039C511
          Malicious:false
          Reputation:unknown
          Preview:<?xml..W:.e...j..%...%....x...4..].kU(_.~.....G9]C!@..-.....~.qM..qw.....Q.e...}.....O_.%9<#.U..N.....,.e.....t....cN.%~D..-H..I\.)..}K.....\..:....dvwf.....A..o..N.$A...=.+... o.....8..D...U.%.jO.J...r....#.Plm....*.....4.o8.}.....m.%(..m....h.g.....\.u.Htr..s......_qr.&..).r.O.B#..2...}.....'.5...B...!...3......Jl.x1...u.......*....w.B...I.Ze.C...q...$...........4Nq...>.....B.....:....@7{...(6e.+Q.#.1..Uh..*.b.......T.klc...v..ryt,.....Z0..Z@di.7p!..@3.w.#...r...:....d..Ni`<_C.~..C8...1.jg.'Z.....-..........H...0.*u..!)... ......M.d".f.83.a..... ....8....U..n....K..q..c.h.~..x...N.2.c......T..4Jq..d....X.s..{2.yKM..V.}....._l..}.*..I......R...#,.r.p..l....6.Hjb...<f.#......)...../..P..N..U@.....ou"........H).... .zH+.....j.......\~.n.B.5#..r.....q..#Htg^.4...Pz.."...#..bJ..o.}@.%J..A3h.'..........n..T...f./...}..WP8t0UvwG..`.....~.....HP......l.}.8..)..M.s..t.....W|..t....)..{.....U..Z..')......=kb.b'.....{.j5.$N.W.Z=.1.......c0.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63040v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1268
          Entropy (8bit):7.8397604875761076
          Encrypted:false
          SSDEEP:
          MD5:DA0EA20A956B675B295DABD97252795A
          SHA1:9E6F5D277C3BD79406CC991EC642157AFDC163DD
          SHA-256:95228DCE1557900C921FE2CAE79ED50A65B052A72F332A8670E04CD8D6D474DA
          SHA-512:3B004AE7D7C78B6F3EF5CE05EA88C4EB06EB1BAA6DD9DE83E1C0D9717AE518141E4027375536D10A4C8B88B1DF47638592E6630F14C8A0C2CA917AA8669F449B
          Malicious:false
          Reputation:unknown
          Preview:<?xml,j...60.Xw.d:$.....].[...........W.......y..|]B...)mR.....4OG...%F.T.NKvY....m.A....#.....;....M.#..s.u...=u.:9z...X..L5[.q.O..e."..J.B+"...o.X*{....kL.z.3.kiv..[".E......p..B:Q..%..M.w. ..R.A..J..e.}.P.FGG.]...O.....{a.F,..(R..}$@.Y..u.....I#.:M.5g|6.4......%..$.j1.:`.P. .R.1G.j...`.CC.'.R...y......b.Z..F....u>.p....]j...-l K*..^..:o.....g..r...'..X.R]$......9e.....$. \.........c..-...2..}...g......H...y".....$%..^&.l.g....D.......y...oN...h'CO.K.B...p..T...P.....O.\G....Z....K...A....FYd..|.~tR......0.C...v......V....K0!H.4........C...i.K47.3...y..).....r@.X..........,..PWq...~.P.X.y.x4....C......\..\.w.8.,...4.dLw.df.%.....@t&H..B.?Gi..%.:^..y.. ..WG>X....k.8..16..]D....T...I8I.m.m.u.b..q......x..."h.e.~..u..l.{.%)i..Un^..........`.E..0.qi.\d%O[.~0.*3..'&(k|...;..&#.......*.m.k....P@X.BJu.]u..WZ....-qC.;...o..b.....9.......b.`>E..N8...f.".[,r.]2../...7 ..l>.b Z..`3r...tn.>...............:....+.......t...E@. z.k9..........3..=.+...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63041v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1815
          Entropy (8bit):7.893283024227423
          Encrypted:false
          SSDEEP:
          MD5:6566A76CFAA566597B3DAE0EBA0C616E
          SHA1:746E020B754C242B0F0E7300A13A73769FAE8B6B
          SHA-256:7D4D6467B19CC161A95EF760EBE6B450A7B3EF3220974C97CCF76C091D425FAF
          SHA-512:C0824DF40BE261EB91275A9430DF36F1A4C491D16A18EE0C61C0126E6755078F2ADBC954F6EF13C1B3183A135F38B41C289DF03C6E14934ABCB95C89EABA9BC5
          Malicious:false
          Reputation:unknown
          Preview:<?xml..;..V....nw.n.e...............u..0..X.Q.......g..mFoi+.......?....M..Y(..I."Q.2F.s.D(.L4]...Z@.....P..x>w1;....5....;:L...l`.!C..S..a......u{....#...M..e..B...C...>...2A...NEK..5z...o.....D.?o.....a.r...^*.O.....^+iU.r....b..|...=o.v(O...N..]uO%~.`....0.>.Sr......."...m..........L.....#.r..9.....D.U@p..$....Y.I.M_..^.........j=D.85....?c....RQA.....u....1.K.`....../..f.(.i.....r.nyF6.A..!S.I+..P.?.}.XpJ....4b..^.8....5......Rp.D~.%.......z..Y.....|...5t.o..k...m.F.a..'T..a%F)..A~?].#..C..{.........)....RN.l..C{......6.9g..@k.9.N.S7..~.qm.........Sp$..\...... %...f[...[..Ru#*.}.Da.(.-..?....P*...h.Q....H..15..J.]....p..o.....Qs.!.yM...qj.U(x. .*n2:.p.Y/..A..^..UF.`...lP...|$...6..`b...^....U.=$D.dw....y........8d.-..z.c+`....FN3.......1.S.d...i.....{...xq..9.{,....6...X\.r&5....#..rBn.Q9qNk4F...X1..w.X.?.&.. .22.Z......F.....5../..a.....7...^.... T.H.%R.(..;.\........~jQ.....2.....<........~..88......4....F...voi....H....&.8.w0.}T.....p

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63042v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1004
          Entropy (8bit):7.74681871302399
          Encrypted:false
          SSDEEP:
          MD5:391366DCDF91E927A3A7A7A2F3CB7487
          SHA1:83C9605C8327C9D3E82F745F7B28E76C269E2124
          SHA-256:5C9B0B134E9200691C5AC3B11F334512616528015B9F508D72EAD168C07E5146
          SHA-512:C6B706953C1446B5E701892B63C073CCF2062B405C3DE16F7DB5FA97CEBCCF12B6F69C5EF1E9F1B8BF066C84DFBFEFFB9467FA0B8449401D7D43A08EB76F67D9
          Malicious:false
          Reputation:unknown
          Preview:<?xmlq.../.L ....q<Y..BP...6...z..y.....<..w..5.*1..V.c.Y..g.........iQ.I....A.Hq{................Q.8........Yrv..+r.o...N..u-1...a.... ...i..OV.]m..2....+/.a;..bL.1...o.....-v..m.K.{..&~...No...YmC....-f...6"s...k........ .K......D.....X.J..N:$...S.;...-.:y0T..UY=....r....#=c'..c[.....z.aG....CB..a.>......`..{#..4H.1..........SV.a,r........J.^.W...P.........k.....:..Q.ZcL.p;...M...............C..v..;C.....&..8.>1.X.S....?.y[...z6..1.K..p2.*..Qt...82......c.o............N..>..P....P../.1M.+A....2..#-..r....m./.........{...(...A6&...3\...E-..7.#D9.=.H.|....E.....~V/....].u..G.\b.AG.O.."...|!.'..o_. k...e.Rf....U..hUj&.S..m....d...z...=.J.&5F...0.+..\.F.."..P....,..8d.....e/....}.z6..Fe.......w&+...DJ7.%v..t.k\..C....A!..0'...u....h......LjS.0.V.YD..1.T....e..{..Au./@.]..8..l.q.a.....z&....Q...^..X..Z...~.A...8....i.Cu.r1....71..Mu.G.@l.+..hu..e..?.........M..8<.5....'9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63046v10.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1950
          Entropy (8bit):7.878314903900211
          Encrypted:false
          SSDEEP:
          MD5:631E07AD348F0757ACFB14BFF7BEB3F3
          SHA1:E33CC6406924E646C489AF38B1C98F766CCFA803
          SHA-256:4AE5F2E7007C3041CD6F5FD21E03FD32779A34CACD3F7A79BE19C3C775FFBB47
          SHA-512:6E14D4A8962A608EDCDE203D24E4E78FD2B57BEEAE697F566B56E2D4C174B2D20D6D413939F6E3FD453402C919869D5F662BB8AE1FC140FEE75D3FE0A48BFBDC
          Malicious:false
          Reputation:unknown
          Preview:<?xml..ai..S...W.j?R..p.....QtK.g.uM..'...P......n^me.l_x#.kg.)...fvO.....C.9?{..@P..rM.C~.f\n......00.M..\.....v.....-....9j..bk.P..M.....@.1>J#...~Z...7.........$....&...=.o..@.E......|.A....|er...`uS.....!.jq.'/.S..o.:{....o..Ft....x.fqx..T.k\a.H.^....I..9q'.........^l.5.....pq....z^.[J..8....5TZ._.Y`v..U.WGc.kz.6...q.[.`.C*."...Z..&5r._...P..A.....f..m.. 1J..........k.....>,...[.........U.w8S.X.cs.+.bB...l...90f.C..Q2k1@.....D..2..\M..:...........,.......Q.=".*...:+..xXIX....N..VQ.n...L..W@.FU...Gm/..nAu.v..)......./A.<.&.W8.!}..p.2.7.9....YP..C.......t..`A.Q.<V.|......'...[......D...*....A....q.*b... .8.D.j......x.t......Wf-....L|.....YD...r.`.....c"~....U.X..............{.....q_.t..|*.... .eU.{{.D.hE.Ht.....~.A'^X.|.F..y..tq....u..7Q.A..,5.">..J.'...6.I.t..w)[.}!...~..O.^@pl../...K.n/...+.....&...&..ITo."]s9....`..\..G...k....Y....3jY8.....'..P|P;4..c..R.....&.Kh..}..ZXc.........rA..U.....J.A`sR...Y._.p=......6/'..p.s..Qon........y..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63048v6.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4121
          Entropy (8bit):7.951944863406974
          Encrypted:false
          SSDEEP:
          MD5:E244DC1EACD781F81C87F43C66E82A3B
          SHA1:332D71BCA39B7F2BB71307DE478F0734E3A42D60
          SHA-256:61AE2E8337D78B911FC46086879055C08DE78E23665FFA65957893C5185B02B1
          SHA-512:EEBF018E222E125E2F8CEA67B2F7A3E890CC5872BF47962E082A8AC293258D635064FF656CDA4F694B8AE0589F80382D26E78D896F418A2FC77E48F2F1554AB2
          Malicious:false
          Reputation:unknown
          Preview:<?xml3.....Y....S...,kV.U..B...y.gDED.|..........KQZ.......?..'.>.`cu...o2....&.`.7>A*...<.oQ=(.i..!kos.G..g6.d .m>-..f5@..h......Q 3k.J...L....V.$`...z.s.....u)?.`....y..@.....SiZ.m.g..,...CS...a.6.Z...j#..{..'.~\.....`..2..J.]1..a.(.N.J...'...2.h.!.O.,......2`.X....~V].t..[...n...SZ.ai.Q.x.r.....K.N?.J.D...(..!M..m.c....s......&..hN-.t7MJ..B..*Mp..G.'p.$..u-S....5N...j...#U..M.E.?.8...P.......#&...a3.Ec...r..rE.3a.X......Y<...G&....z....t..HGP(..U..-.Q....W..........!.D...7...z%...w<...iv.d.u. ..).....*$"..7.=......@...z2...8.c..A....d......n..%....*.[.]...y.j..nq.\&..<..)V..t..Eb......Po..Oq.i."rg[V.+>.R........:t^vz%......:......O:..H).........(.,O}..N..0....i.*."... ................Q...y...@.3.s..4...!L3.....bm..<...T.../...m5P.....j....M.w.....C.H...$.o4a.^.8A..............|E..~...'..gi8p.|...F...KU...t)D.C..)...$<..y5.U9..&;.f...zy.G+'s..._n.U.2R..AVG.,{.O.V...:.F.<.a.i....y.....mu....9.].....Q.;..Xf..D...>...C*X.q`2...l..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63049v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1585
          Entropy (8bit):7.882358600329102
          Encrypted:false
          SSDEEP:
          MD5:871C70EC11ACA77E14FCBFF53C86D8D8
          SHA1:F20397241E8F9B005CF6C201B3CB52F4529DA01E
          SHA-256:7779D913B905B150D4355D0125B6B4F3D24D1706D62812EC6C02682FE9386972
          SHA-512:A8E5C58288FAA3E0C18FD807386C32D8B1BC66A9EBFD53A2BF56E2FABCD2CDF4656313DFC9C98F7D3582A5DD3F26B9A0B2AC1F783CAE01869CD2A4A925BB783A
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....89.._.\.So.Dh...........m..mU...g..~..K3. }!.;.Q.....a.]v}....R......oz......5..H..`..@K.)j....LQ).A..........[D.-.bN..'zl..FdF.......~`4...y..o....n.y!......kE..^.F...X....X.... .H...~.$..rG.*.....F.8_. W#._0.C...5lBU.US.b.....}..a7....C.c...{...*...!9.:.N.e...Z.........S./.J..a....E..%!.>k..T<."6.@...%D.<...B...a..F....#hz...fJ%..8.........C{t..T.,..Y..mQK..Q..#...e.if;..t.-.....@....oz.9.....@~.m.....Kr...^..J#m.X.h=.z..FiN..E..8........}....(e....(.~R._.[.ip..`.L$..35..L..%....G.....~...q4~{L..!.K]m\V..;3.+..Sb..?...xw.....Dx....*..qW....jj/...6G.4.X1u'.ge!/|C...j7....Z....o......./.q.....m....t/...1....f.....pUM..D.A..?.6..1R.... W~.!2*di...h..Go.)ne.9|...n....:.ji.5...|b.g..R.A...qW........8^..$.I...........SO.n..1.Fs...]...." .o:.5...z-.......X..LT.v.y.rp...}.}..1.V.g.=v.V|...6............Q..p..RDH..%....`..Hf .(D&...0.{K....t....b...*.ha....t.BS]]i.7"2.<.....S..z&........U.R..y..}N.*..._G.X=C3..j.....~Lq...ke.n.B.?Q!.(0..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63051v5.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1939
          Entropy (8bit):7.91111959553346
          Encrypted:false
          SSDEEP:
          MD5:0EA01AF8403580BAA3E5178DE03A7234
          SHA1:4383BCD13D664003C6C6105AC1EF3C62917B5434
          SHA-256:93FD58B552D0CFC928A86B91C0ADA1CD290D8254B2B903CB10FB35255F05836F
          SHA-512:6B8C49BD1E1A5636100638552C146190F34C039266729A437D87132DC5E6912B784BB74CE4DD4984942DBD1596289B4E72D5C6CC65114B2E1ACE34C72C2A80C1
          Malicious:false
          Reputation:unknown
          Preview:<?xmlM.S1o...v......\....d*-%5G.E^..S\.axVh..lw.....U.....o.*Xf>...h..Tk.L|o..>[...I~...."..O..B..q9>c...p.;.p)Br..#p$m&...E.C:....c.G#.f..i.c...D...."/...v'7._Z^...2;....Gp.v..u...;n.......a3.z.S.....b.\..w.E'[A.........,._~i...sU..08.H.}.a\2XSU......W....6..b...)..i.."'....b.B(URF&...C"..............BcT.;..<GB.....RJ....S....?x6....s........}......r..D4...W.1..?R.i...?/.P......a&^.RM...F..3-..D,....*~:.Bb.k.EZX...fbQ....*Af..D..o..@.=....).1..'...X.......e......zs..?.....<."...m.-}.S........|..............0.]..)~..W...^>.#k..3....k..b..L.4K...`....t.....@..0....N.v.v....]..K..M.U....$..bm..s...o.U....|l....B.P..9.De..3d.c..Z.A)....:.v.W;Y...|.s.lyi.P.fK.W!s.G6.../.Y?...W.q?...q.,LRJ..$n..h..._.T.."y.(...8.{....+.\A..K$...*DF.W...X.X...D_;&&.U...xm..!.&...;.\..w..xPn.F.......x...a/.2.Jp.2...k;.2..ACI....gQ.@p5......|...M.Dx..Jcb.ReD..`.f..A. .g.}RxELO.RK.\#/b.....c6..j"V..........~....L...[....'....f&...-..s}.{z....\}..x.N.N..)

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63052v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3091
          Entropy (8bit):7.936972523462591
          Encrypted:false
          SSDEEP:
          MD5:F4EE43539394672B90D7ED3273054BE2
          SHA1:FC9CDADC02F8A97A5E358900C967FED6BEDB150B
          SHA-256:BC991C4245B1B83C11C6D1D9AD308B761DF46BCABF6F075BDE71D8D8A59C7A68
          SHA-512:C07D1E5851F445E7E8B7429F50C1FA9DA60C4E0FE44BE5F279C8CBD59F22501D713620009FC289815DD8718B78FFF488923AE76913AF1C9547151FF5211CB73A
          Malicious:false
          Reputation:unknown
          Preview:<?xmlu-..5].~..E.f..qi..*.....0....\......v."X..n3'...$..NT.../.o........x...[/.!6"W..C...F|X.G.p./'.......g.s.e......b...>G.N.w`.M....47n h.m......U:....?.@Np"q..sR...B..L..:.'g..{......o....{........=..=g.?.....X.f,...;.p......7).?.[Z.g..m4&....8|...._..U.m....DX..#.@B\.......|....._y.*'..IY?4....E.|.?..m..V.l..$W.....Y..g9...v.F.#..S[....|.qq..>.UQ.........*0.i...v..+..#..6s... n4.|.oW.W..4...p.h...L......2...,.+.L".]...;4."..N...0..Jo..*s.U........t;.hG.f.Y.CI.G,.A.7UI..]......l...[.S....@v..\z.........h..o9..^..eq..~.+...&..,.j..1.T.R...b...~......r.........w&c..qj.6...dSS.z...4.N...@..9b.}."......A...]$8.?.......!._q..(..9....0.....h.T.D.jZ..O.^...~ ..|..U5...258+.....Gj..YzC..R.j.E...#..Z...e.d.B....Z.j..^,Oe..."Z@Jyf`9T.`.&.C..@+T.].........TG&.}.F..p[K..1....}.....c.m....BQ.......:..~.....c....<q...HF.I..X..l5...j.........W5..dp.+.n.a.Xv(...).%.^...$g..G..* o....%...toB..k...._:)z.)o"..c.T&.I...0.x.L,c....k.1+*=..A...-`X.....xH6...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63053v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):980
          Entropy (8bit):7.750101260307742
          Encrypted:false
          SSDEEP:
          MD5:4FC84ED60E947015F1D17B3FF7797B66
          SHA1:FB22420B37CE3DCBE881BB559136894312381B5E
          SHA-256:88264F7F1B01C2E1D747E8E1FFF25AB82D0FCC2E7791C46BEA119A13A12CC3F7
          SHA-512:63E7EBB31733782927DF7835BD4C51273D54BF0FDE228264BED44248C78BA06A4B8245C4A7ACCA469377081534C334D647B2F64A937ED3056D5362F20C30F1A0
          Malicious:false
          Reputation:unknown
          Preview:<?xml.:x.....-.U.....9.......f...MTNtNX.........GM...).........P..,..L<.j..&t.._..4.x..A.....'P.w...z.#...I.....P&.E.Q_E...$..8*X...f.J...F.Y..\,...i..E..x....j...Q.P...L......5g..sL0..p9.{./5.Z.v..7.R'..v...T..h`.:...}..;rj..m-m.....0o...eM..G.1+...+ j....M.S.......I-B....Yk.]Y..Y..Z.<u'0u..$....7.\..&......Q...{...p.....$....'.'..k...9.......o.ZN...'........w...m..Fm.'&Zw..a.4.:u|Q../..r.y.......6b..4..8c.P..4..z..W.....|.E....#j...*&g.S$..h.=.~\xoW|2h...80MKe~..S<...a6.=u.#7.i.u.o.A..+.#..$M..X.uZ........M.&;.U......q:....S...faN..{>._*[r..I(.F...Pm...`j.3F&f~....{..Zpi.7~d......w.0...._(....`...0.Bw..]. L....EJ..'e....-.5d.e............,..O..\..`....K..@<];.q.xZB.......d.L62-5J4 aY..M.P..!X..o,....T.E.i...?i.f.}.m.._w.....XV.J...jR.....d]..Dc.!9`...Tt/.D.&.;.Af.C".@.Z.a#.Hzt....,.V.p.`.USh=_.)..........*@~.._...6M...&V.....9}I..T.....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63054v5.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2404
          Entropy (8bit):7.918174313877068
          Encrypted:false
          SSDEEP:
          MD5:360A2A8E17BE56D9C72702EB6159ED6A
          SHA1:A9723CE5648B66EE38314FC16A33B2062FB37411
          SHA-256:AEFA63CBE7592432C34D9CF8D8C9EC61BCFB9371E61C2B45D18ED434853CFA07
          SHA-512:39F6425A96D0107D7911FA5AB319A5A24769C33BF799721DE2B4D98B6CA82B0EAF9CF042A7519D4528E5C4E686CE4D5B6723FD1CB5ABDAF8EACC751AB7C66D0D
          Malicious:false
          Reputation:unknown
          Preview:<?xml......WM.._....`.}O."ng....N.3.B.{..s.3.1.0v.."d.b...yKyn......d..?..<.._....9..g.S.........F.e.... &...0#...c.5n....V-.?c........l/.\lux.S.]..o:..Pk....V.K...........:...P...5..Oa....6...HG...Dxqn.E.f9..S'e.N.V.U..S'>M.j....R.Y.`.m....~..e..s...(.X g.6..0...iHzt)<...3.s..~.`.....=..O>;..`6n..lQ...e.*f.....]...\....:..........F....P.a......1,B/..=.2.<..4..-....L.Z.....d.Dgh{.=.1!+..f/.+ek5....`_....4,.l#......h.n..9../..#d...;.``.:;.Jv$.'.]....B...g.[.F...Pg.Z..G....i..J(Qt.-......P..L.2....t..3c.*..r-T......j..s..lL...rv^0.........$.|..4..)|...0..U...s.....KC..K{,..2.x.s....0Hvs....j..Ke. .I7.E.".O..m....$....`k&0..L.+KY.>..:...A.m..i........]S..;;^.9...X.o....&.4.3....H&....;,:]...."...4..W.,.G.....(b....{S...R..2..{.Wx..y^.d....*.7..Y.F.......j=I9$.7:.oO..1...?.rn.J.....h.[l.. .)..........8...!.BK<.....N....W.... ....=......T..h....n.U<.p....{...j..u[.e.p...V..'w..F...A,.g.h.K.*.b-.R..4.F... .X,p:.0....X.b...c%Q....Q.4.B)

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63056v9.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3203
          Entropy (8bit):7.944254988416673
          Encrypted:false
          SSDEEP:
          MD5:321ADC8D41CBCA17B87391BA565D61A3
          SHA1:B01A7C2ED7D0AC21552BC7A69A87781E81A044DC
          SHA-256:F0A7E18350DF11F1D391C24569D405B44CE05221055E115D764498B2A1D703FA
          SHA-512:D16381321F9A1DFC85CF04F1EBAA40AF6F23A8DE2C43BFF79E5AF506CBEF3954009BE679C96E61792E7422AD6E80543E537E2C3C997D152EDBB4D0AA35376989
          Malicious:false
          Reputation:unknown
          Preview:<?xmlA6....^4h........-.r.....H..J....zg..4H.3.5.(....n..1.(<....._~tw.x..)..jl.T).!^.P.....d.E..Z.:.;.u.?..n... zk.]...B..]....v..(..dd.\m..zd.-...;Q...=.<b....}.|.W..8#..+.fGQ..$.j.@..../..@.....<..cM.&.t...P.>\..U.....YA.5..{.mos.U...py.'.......i%...8..B...H$...FF....w.;.....9..!A.n@S.Q.....]l}K&....L.E..A#.........#.RH.c...g kb....1.........?.2.G :..._.gb.@.e.+.;...UK........I.=.3xY...G*u63.g....8^}l...DYp...0.R..n.-*.`.....Qf...........OS[8....?.O#A.}n...z1.d9"aG.t...+pS.b:o..[....h.{i$.f.2.<...Qw.....0.....>..pY.p....m...;.:.....*.kD.0..3.{t....et7..u...Q8.1. ..........F...:.7..@..*...u....w......r[....g.+~-...*C..i.......A.=......y..X.eQ.....:...O..5.....(..G..y..h..}0..u...2E.h.F..{...\.....L...^....I..LH.9G.....<.#8.B.<,.5..".My.%...Q.Y.F.z!.DV.T..B......Nd.....J.Eq.rh...X"4...#`..$L..H...U..JaZ.(.?.....>eX...!\..P%D.#.O.N.....pY.(~Y>..L<..*...Q.....u...2..=Q7.........6..\..z..<H..<..B..^....X.z......ao.\.Z>..b.&.~....:...7.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63057v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2512
          Entropy (8bit):7.920074867095729
          Encrypted:false
          SSDEEP:
          MD5:F3D7E8CDF618AD16210EE7DFBE45F6F2
          SHA1:828841403EFB429E53472C49BAD17ACF3205C2FB
          SHA-256:2E6034BA314BFAA91B46B0DAAD3C95125E1D534CD0967B85A4FE0E0B039A766E
          SHA-512:FA87397E0B4DCBA19ACF9B67514769998CC9E2EEE9153937DBBDD08BDE67544171C8A5970FBCF54BB2529A125E8220FE003B262D24B09CAD09E160D0F0D8133B
          Malicious:false
          Reputation:unknown
          Preview:<?xml...C..^p.!..?.......+.=.}QE<..l,....Rj.mc.a.U..5.)WE.....N...e#.X^.],Z...B..d...V\.6.^.fEM....6.......+x.;v@.%...... ..~ ..YBB.$J...l?.i..!..H.f^...5-....fp..Ts.-...D..n..9..O........,z ..o..$5.3..4..D.u...(....Q4.4[..9....i....8.....F....s..K...y%K.A..K. ;..V.W.....q...>..........9@.......U...8.35.....]..Q.@.A.a..04.1.*..;1....B...W._.c..m_........X..3|b...on!9/l....).B.).{.$`H{n8.p..=W5.3..Q..W.X.p1#q..k|Ju%..qa...v..#?^..wK.x[.?u1OW+.9.2.w*k...ltd#..DD....Jp..>.-...x...5AB.b...~..~.}.X...1Z..nZ...B..9.....a......B...}D......$.;.I..d._....V&.U........_...&HVn.I2..5..J.A..r..'..0..}...ST}&.Q..,.F.m..<..6.A.........U;'..%.v~..Ftw.0.L..a*..Mf..l.b...)....ff._.Ga.....<..v.%..`V.z:...*tc..%.&...Y.s....).`..%.......q,C.V...G}....P....C..-........n....|l.N.....c..p.@/.]*.fV.cQ..%....&'{,^.L..<.V.=.S.]aeU....u...\j:.wQC...C...........i..!O9^^.f.%..2.....5...0.'.u..p...s.)...7..r...c./4*5...l~SQ.|q HDq........W.].iE*....t..<.t.%i]..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63058v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1247
          Entropy (8bit):7.85074830213662
          Encrypted:false
          SSDEEP:
          MD5:7FD152929CBE93006FC8D0B62B3BF4BB
          SHA1:16675FFDFAB88DCE95E6508BE9698A7C41138DFD
          SHA-256:F8B295C9FEC3CA63DABC6260736C68F7ED7B0AC3AD4C5FFA2ABC65B82F971233
          SHA-512:CC4CB29C1050F21D95F0077381334D6DD28279E419714D2D0BB835D665799A02BBD05BD554AD5FF4AF0C7541C674EB1CEF3886D88A7368FDE6842281ED79EEA6
          Malicious:false
          Reputation:unknown
          Preview:<?xml..6..NnL%.N..j....HAl.N.k.U%.go..@.}.s..c]..]`..N.Yo.oh.......}.....:.!p.n4b...bR.Bp.?..M.3!7%.)....b..1...j.K0....Z.\T.X...#d...0.....|.....i..../._..tE..}~6...R..=.o..)t.C..V.-..r...1.Z/....@...(..Dmf...`A.W...k`....B..&.g6...[..........E.BU'}6?.>K.?B.X:.3mK..x..?.j......Kp_.8\E...n..^9.....@}..K.58.... ......q..?d..oo)......#."."........">.!...*Z*2.wd./.bB...w....wl..+(........$V........!..ZE....%Qr..X....{...J.>7...C86.^y.@WM.q....3....t ....i\....w.0.&..............-.5.'.+.>/..V..Z.S..X.1z..j.`..`.5....m.c.F..o.^1..T........&.+=.jI...'-..^..........^.tu2..I.w@...(...5.Y@!.I38.%.~....P...\z..;...P&...1..#`.iT..._u.x..m.X&I(....a...r../.o.e.i=..x7].Rk.g.%.K..U....g..]....!.t...?o.`AT......'.<.W....:W...k.j....|..f..'f........'...t7......*....E...RJ.gu...!......V..7.M....7.&..R...Nj..n;..c.gE..<....&=.[..X.Dh...fx2.....T.4....5...UAw....Kg..QP.Y.,g.....2.......<#..{"b..S.:E...,f|c.`..[..[,........*y....L.j....I.6..2S.Ot.[.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63059v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):950
          Entropy (8bit):7.772240901857411
          Encrypted:false
          SSDEEP:
          MD5:0AFFC3B3AC96670ACDDB108496D965D5
          SHA1:AE3279812DA216B02FB40086CE35ECE9CE087DF3
          SHA-256:907B451BFA688AEA61CFD847A42131324F830735FC4529267238F9CED4503F12
          SHA-512:78BFCBB11C351C72B2931A73149BEC8C7891D1D272A5812F1B556A8288BBE75A989AD5333B5157D22C36AF2A5B2F973259D73B91647E04C39DAEC86C13CD8AE6
          Malicious:false
          Reputation:unknown
          Preview:<?xml....0.?......{..=.......7..C.F`M.#.\.0.d..*.5.$.axR8V.].m.-..Y.~).0y...D..=(..$Y.s6#.5.g....@7.%_ux.^*D...{W..2e(\..H.Fe.0....?b.2../p..Vl.(.C...O.._.~.w...X...\s.1H.`.!.....m..~.ed|....Qs...v.C......c$.-89C/.H..'...Rz.k....H.d.&...I....%(.....6L......g./4ZO2.b.p.q..u.r.n..W..%.@.f.:a......U]..dM..y..W..BZ.<..4.|K.56E..v.....jP.......9@6.....* ....{..X6._..........[O...a..$[S..E..c..P..p..J..&?....<........PY.B>..>.Z)..........s.S..H.I..%.t..F=.#<..g.l..3X./...~..X......4D,....C.C.=R.qu..;R....s..f.n|..._..J.........:v.l....$...}..|......}.f....6_..}].f./"..n......z.@... .u..%^...F.....;&....+*........eJ.pz..+.{.O.q...... ?>.......+..x..7C.g....H.g&.NT..k..v%...=.#.^.Bp.....(.j|..Q.u.)...t......W.....q..C..c.O3q^AW.R..=....jl..'_....1..k....B..[z........X.HT..P...b...Ub.A...N....F.ncMrc8.T6.....z...`.OX..V.-....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63063v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1125
          Entropy (8bit):7.8066937133283565
          Encrypted:false
          SSDEEP:
          MD5:B76C451D2E0C733B4B9607C0E227D385
          SHA1:116618983E628E8246FFE551EC1C04156C4ED2AC
          SHA-256:68FE048877CF7021AB54E64FCC410A738D4B537712E8EE5D028BCD86BC0E53EF
          SHA-512:76AD7F71BBF86E98A0D2F788BA1101AE92F39B1CEF988D265040A025AEAADB7E3144394E330061FE2E02D5679A7176448E0D63880EF045D6255F54A980899311
          Malicious:false
          Reputation:unknown
          Preview:<?xml..f...\8.0.@.b5.u.....Z....r.h..Z.7.@.k.v...m...L....."O..C.4.Y.y....K].........,.FO<s%`M.....%..X"v1f;...3.kFCY..9.O..I\ ...<....-..b.C).:P]F+.x9..|,{G....a..)>nt..*.;..y.;.k..$...|W.2...$i...;.....vQ...0V.m.U,S...Y..5...7`.8.l.h...l..0p;..d..0...f..eb...k.=.+zO.....S...>.."W.w.....d...M.,&.}.De.Ca.lMUC >g......@..$.Wd.&..T?.8.1...K.xB.G[3f..8~$0e......9.E.......3-.}.!,...U.J.^..c...En](.^...:.A.H>.K..9..YT.0..<5mz6...D..aM..i..Ao5.\..lo[..]>....a_M.X_......B...Q_N.....-).g0....N..-.....+...@...J'.5...R..^..h....z..............L*b4.S.%E.#.m...@<-.G... .?s^.,r.......8..2.L...*5....R..8.n....yy.CK.mU.#...?.F..s.w...cR......D...~...........T.....9*0.3<..e<.".....\.....ZW.4.X....K"N.....b.-.s...N.......-....#Z.=..d.t.T.~{.p1%aH.jUj....'.....x...Xl...=...G.>.......].f... ..l...N...{....=. 0....4.4...34..B..O.]J&./.:.q3..w...=x..).T4D......].~x)...'/...>K....{..U?.....S..S.k.P(.e..WG.O.w>*Y...@k...........ti)tca..`.....zs.4w7.wvWE....:....,i..C...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63066v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1121
          Entropy (8bit):7.810295955274873
          Encrypted:false
          SSDEEP:
          MD5:085B90B38C8F3B8473069D2A0FAD064B
          SHA1:F2A14F61556018E74490CD83B49BAB094CFC56DA
          SHA-256:CB0B63B0192B3B6B7ED0BCC4EDF5FC166540F3DBDFB62E2311F8DF2175671497
          SHA-512:DC01CAE1895B41C86DDA5A24BC9C4C57FDA31607B946DC2398C06A0E3BC48C478BBCD6FCB00DDF1F2E405B503B50D230EA67F16413DDCAA31B186B54883F94BB
          Malicious:false
          Reputation:unknown
          Preview:<?xml.sRg.....,0...2.M..M.i......y.rUy.z.....XJ!q.............#..](.g.k......R.0...........Y..`..r.N.C.T.........Y....[...W.".I.f.....F......-=..~>...G....S..9.^Bs..Y..a...R.V.K........#.fG.........A.X..w.....].[...g~N.E5."rD...+.^..W..N*S..0...6...Q|....{.cJ.<i..:...!...m....F.'. U.&....p...K.&..uH.`T.0w.XL!........%<.U.CO@.....P&}A..@..mz+-~).....V)o......6.9j..h...].`.U......'..Z}......A.3....|k^...Y...b.j.5V.q....9..H`..JY..O.......R..G.......z9.:z.."...h.k9.....B..5..nd.Mg..2.C'...~..-2".k....?.y....`7....k.).$....Mn.lh..]$.../.V..D...........d.XJ...\....r.....~......... z..29y.X0\Z~...&(6h..#x./.kS......n...K$.{.<\.S9.....].irRo...~.3./..Bsi..\&...-9-.k..)q....p..k..."y.B.......>...}`C...N./Trl.hh.Y..a..X.Oz;...c.UW.&<.....k`.ZNf....$..H..0.0....C.,..O.m......hPT....C.^g..YZ7.<....'....dC....C.veD.......>JG...=.......6r.w....h......{.`...z.o..{...Ie..h..2)....K....=Mj.l.)..!,{.*.6).m%....&h....MpPS.GXU.'^T.......qH).\R..5&Q5PT

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63067v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3109
          Entropy (8bit):7.938896797160521
          Encrypted:false
          SSDEEP:
          MD5:083339794697C84A50A36028CA31D9E7
          SHA1:AB8D9A370E2C22E83A02FDFB757146AE616E2E55
          SHA-256:F2C59CC4DA6338A9F1A50B0BB1896C43C3EF1FA637B0ADEA031025524AF06543
          SHA-512:F87A2D31E4E89F798475835512887C3132F65AD070F05B0B3A630A849019A79A9A0053E3299AB567AD092C0A16066714AD892E52567F51A41F3FA5EAE9B097BC
          Malicious:false
          Reputation:unknown
          Preview:<?xmlY...8onP...yo..b.:8w....y.e.|..U-..u..)t.$..s| k.~..[..8"..X...wtu..9.+).G...b:;...T..)..4I....;.,....MZ........uN...Z'../o?..#.n.0..............1w-......(G.....f.?..U.B'.eT.U.........Z...-..nS...6.e...F....Q..C-..Y.<}..v..cD......b~)..<..w.._zK*....U.K...M...OIrf0.$@s..Y..-v0.R.0C$..i..*.....q.&..`t....9.NU,...e....tS.&.H..y.d.K.-@......|......*...(.t.&.C*...~...(......_.B.#z...8^S.j...k..w...r.2....r.J..uk.I.#.g."ZrB.V..=..h^.*..v.....Mg*p.Z..6..R.k..... D.y..=K..U+... ..I....8....ac..s?......zJ........E...........XK......Bw..rr. =1>...S.w.c..E&...uh.{^......c/...!. .7..d&2.|.=.i.X.......3..F..(..&1&....f:.H'.6>...@.3.P..|LJ...U.3...O...<u..?.xpWo...r.Q.7.m....%&.V...3...(k@B..Z..)Rg..y^.. .8.#.....C..,<...".....F....W...7..F)..wF...ixT........H... ..Uo,].?2.-..!.Z...W.2.r.A*.t...4.l.../.r..+.c}?..+.........M.7.C.{..!..HR.....ge.....08...C./.?oDKq....R.^B.g..*.rW.......b.......g.}.....f-..).^.C.}.aK..k.d~E.I...D.Om.......

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63069v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2126
          Entropy (8bit):7.9091648882894745
          Encrypted:false
          SSDEEP:
          MD5:7D1194EB5B8401D6E60B769D024CD314
          SHA1:9B5DF5C4BF25016234300C68D5BFC3C103ECB0C6
          SHA-256:B82CA921B088FFBD1A0CAD37D9387D37902BAABCDB8B943F6D8E036C99C28C82
          SHA-512:F3C09AA821B669E821A789D74DFDAE546793F8FA8486857DFF76A83A3E3CFD1424BD32046890B408028E0358ABD830DB229AF8D7B9BA72358087B977F6B7451F
          Malicious:false
          Reputation:unknown
          Preview:<?xmla.]t..f....y....Ldu...._..qK..F.T./.Hd.'./..+......ik.......B...D..ys..%^......... ..J..J.@x......6.Q...b?..z8i.Np~...[,G|..z.'...../_...I].r-e..d....'x.)..g.{].9....oWfk.. ..sE..?..K...XEMyX....y....,2:k'..^mh.-..Be......A].t.zL....5.V..g.c>0@..8...@.@_.....>lbI..s'.S.w.F.....H.....x........b...E..j..i...%7...|.....rz.jB..c..&.G,T.....9....4X.....D..........R?....).hYr...........f~......7..~.Zq.J?...S....C.]..*5....(.U.......|.HV...$5..N.c.J.w{2..BB.Er.I.<.V.kV...G{.`......F....<.....X.xr..u.....5..Y.i-..2V..=|.!Wge.-.9.M..?Q.B"[.s>@k..v`.|....{....ui.y....+.i....U...c.R..<...1.....(\2.#e.0..K...fp..<.5.)t.l.,...V....$./L.7|t...T..5.......2...g.*.Q?.Q...S...Ro......a..%.HV.:.?.4-.'...R..qv~.#.....I....."I...4...$N.?..'1...l.!.\....|M..^;....].....y.2..I.f.......K..>.9.<@c..I.8.M....G..J}..e....HkGK{+x....oA.%{6;\...u. ..oW..B....$*.Q".L../..N..+(V.cZ.Q.B..W6.....d...1..^...h....1...;.*..Q}....k.j..........Dc.m7(...rB.v

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63070v5.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1387
          Entropy (8bit):7.861301058019015
          Encrypted:false
          SSDEEP:
          MD5:52E03FA9691B3F000202DF287CD1BF4E
          SHA1:2CF50A45B1D8F49D92B7B8FA3DC0CCC68BCFEB10
          SHA-256:0D14C44354BF3AFA9192AB17D5187FE850C9E49582CD2BDF16A7CFFFE946007D
          SHA-512:C2C21E0102C8DFBA5607EA81E2C83D8DFF425448F0AA18B530FBE98FFF18CB0D1B60BE4A81716E29391161796466D95FAC05E11499A16A40A30D29ACF1A9C1C8
          Malicious:false
          Reputation:unknown
          Preview:<?xmle.J....-0...;nM(u..M...E*.lJJ5.v.a........[....;x..UR~yTf.%.;+..'.=..}q4o....8s[Z5^5...q....E#..4....lO]....w..&b.W.(E.]$.!....l..xc.M9..Y..u.S..p...N..T9.i...V~..~..G5P..I~...#.sA.Sy.m.tOu.L.J....F....=.*^..ReP.a...>..M.|.XO.n..&.Y.!.8....h......b....B.d..%l.po....d*f.f..pE..'\...?.3]....Y,.%........i.I....U..N...._..8......H...l..r8..........f...y.{Ii_....E.Ow.o.......a.D+q...kd..LZ..G.......7j..........".n..=.5St..O..3...g......t..&._...#....`3..H..s............*...AK.....)i....D.....b...PA......8.h.....d.+6\.....T)UM&....ZT.\..3..b...l\.eX.....|.....c'|..|..c.....Pm.Z..c.:.a..}_\yz....o.F............0.....g...$0._...q.A..&7....87...=..D.E@V~..)...P]..._^.W"8..`....7..U.?..gI.:r....#.......@.(y.$.e9].Z.>RQ...^.....a...1...R..u\2."......e.(...........?.[.....l.k...P..3$...f..VR.n.}!N....{.>...5.....L..p_.=#....bVn.Tq.).S.{@A..KM1@.(..\..e.w..A..b`e../...%.....)..'P.y.I...aA3..06@.bP..$........v1z6*.v)oT.k!c...o...K.7.7.w@E...s..J>.-.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63071v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):754
          Entropy (8bit):7.735567179673581
          Encrypted:false
          SSDEEP:
          MD5:063CF815404C4430BC10B80AD28E80D4
          SHA1:FC03499D1423D6DA495A5661C1E0DC038C7AFBD5
          SHA-256:26AF6BB0D7566A33478A3FA9758E1217BCAF10150A0D1F1C1BDBA5E2BB71B1DF
          SHA-512:DB4F364CCFC29231B8BC2C269E588236B9A8836B964AD39147D08C21A30F52FDE27B50B1D0C72B9145DA776ED7761EC5D20731FC9223510BE179A84AD9888F12
          Malicious:false
          Reputation:unknown
          Preview:<?xml.......s.iG.6I..t...po.,.....@.).j....?..K......F..+g.Wmu..............8....j...$."i....B.o...<.....b...R..HO..&_....F.....%k%Z.G.a..*...(.+...v{6A.C9....<J..,bW..#b..2}M....N....F.w..{..[.........{.3s.#.(.2.a..B..@n..Y..-a..z..I....U.-U:....F.T.../.R.{..W.....5.&..}'...O.2`.....%.r...l..q..`X...V..H...~....^,.}..OS..>..2...L5\.|..."B.75}.&...Q.......8&C.....;._..b.d..l...0...Vj+...o"......i-.#...F%.h.(.\=.........;.......@...C..!B...#h...1&'...<..;y..?.1G.Lu].S]........,......*'.Wrw...L."9.A.N..>.....D.+.....Z.M .<../........t0.~.Hgu#Q0....S...B.M...hhn...... ..Q.(.sKi._.Y.."...&...a......j.....d.m.t0..M...5.WQ?........ ..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63077v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1399
          Entropy (8bit):7.872916667871159
          Encrypted:false
          SSDEEP:
          MD5:02AFB8FF13B7390E7266C4EA580928A6
          SHA1:9B9A75E3175AC1F9DDFBF61A8A816A45156BE8DC
          SHA-256:C1BDC79E2336E729B9B8E0B696C21C85F0E58505E9C5DF6A622B9CA5CA23BC77
          SHA-512:E09943A52F979BE4F4345F5B0CA89138DFFC212E152215CC7C5D0A49594487692A429EA4859D80491C762284CECF999784C2B8C194AF13427F908900B4B0CAB2
          Malicious:false
          Reputation:unknown
          Preview:<?xmlH.B@.&.3 .@.A=.'...ex..D8....k.N.:.......;N$@.1...E"`..g......z........P....u.1..YK0].n....,...1.....{.5.(..8.z..<<...7.:.d..t.ulLN..o.P.p........9..L...7rz...,..Q.G8}-.J.W"....c.k..:..>Mjm1=.g...z.y".g#s.k?.n.p......\...o^..I.%(#,....m5..5....n6./.+UC..%F.........rw.`~...$Q.B....?,.....I..R^..9.......f..u........s.1..I..G..O....[...&.`u6EJ...%...z....&{S.k.+R.cwvJ.|..a........&.BG.r..7.. .....fzj.^.x....r..s..W...F.D..P...B.?.c5.g.*...........I...o..".R....l..|...H;....=.@.ER..k....]..w.}....#(....p6.Sm.[....<.93..|e7.8....Y.....s.....+.f...Oq..x.c.....%.yp:2V1/>.......>..................w...b.....Io.F....1...BY..O*...^0.P....[Qw.{..3.r.:./.=..........e.....>==.uWE........U........e.q.X.hp.._.Zb.....i.aY....:*......^D.....{q.M3....".X....\J.......7..o..([&.``1.<....D22......4.u..K..W..v.....c.6.)..h...v..(.z.g....P...W/.I.....MR.E......*.......#A2.0...}.n|9A).....G|.....U.. 285.+.6..F.\aH.~.6..`..,`..0..Yjj..+..)..}3. k+..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule63078v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):708
          Entropy (8bit):7.666394500636161
          Encrypted:false
          SSDEEP:
          MD5:D93BBCAAC196C1CBAB5F5B751BFD28F7
          SHA1:D3347DDE5F21BDA55158EB6DF57ACE6CAFF11EF1
          SHA-256:826A2F10A744CDDAA1517B58232AC9A89E5C1A677139D27980C08BD933FDF230
          SHA-512:69EC022F9BCD5D62639ABAE9E7F07EFF3A93C57688B00B48254F54D6315318FE351B47C333E67538A4046F410B9A300189B31CF22CF3053211EBC65CEBD3884D
          Malicious:false
          Reputation:unknown
          Preview:<?xmlP_.X..5.H...E.>m....r......A.e.<..R..+./f.......8......Q....6...8j....9...7.4~.)-.a.|.`.%..o..RM5.!n........?.Fg..XXN.....cw.kxo`.#.Ap.b..VGF...S.....D.-YB...z.......a8...vl>y...bn.$..n3...-.....x.... `.>...a..y.N..?.$...... .2?./x..VS....f..>....).=.3.,8......T.T3.>M........>.n.....I..a]y...\......<8...#._.gTO..8.Z...vB...D....:.9e^.T.<...._....A......Q.Ab`;...T...E.2.B...ji .8.j.^...lK..O.X<x.....$.pF-W..8.G.4T,.J..u.s...O...}.......iB.4<...q..s0..]..4$M|.BTk......*.8........w....+*.uzy.n...~..I.x$ceu3B.)....=.W.X.2...W>.^..".&8....v..J.:..3..{.w.,J+.|."r....V...D/JUp.......9l...x.=.n...=49pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65136v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1132
          Entropy (8bit):7.812993244362388
          Encrypted:false
          SSDEEP:
          MD5:C27BBD3C24BDB1EF548D949659954BD2
          SHA1:200C491CC36DCAA814E6FA43DE15DBA1291B8FD4
          SHA-256:904769C1CEBB32EAD4B537556DDF3FDE8F510042048DDA6894A87B461402A3FB
          SHA-512:0806CA6A6D59881BDE86ADEC52D167230A6A3D05F658BB9D2FF80A1D36EA782839F2C3CEC4E377AFB2B10D3EA764DD550BA79CB112377D1DA0CC2D72FF904C77
          Malicious:false
          Reputation:unknown
          Preview:<?xmleN..4+a..RJC..+>X0~...YN.....S.y.+......r..r.ax>..C.<.w.g[#.5.\...n...).Hb..../...|.c.$..3..o...L.......1...A.G;.........IH..M.d.>8fu....].]b..K..N.}......L;....91.........+....d&).O...._Q..7.0.].5.....:z...Z..R...W..(..... .k..2n......~76...|*....x>.S2x.J...N....j.]...D.#.N..c.v..`...J.n.;. .d.x.6.`..p.'r.0.h>d..D..~....@+e...N..p.O...A.J...`.K.m.saT...D$.<;.1R..T.\.3.M...c"kvT..`,.......r..y;42:;]gi...C..../.#3..A_s)p..."&..q...8D.3....m.l..zK.;.I......t.B...Fpn.0.$..K....2n....`.*f..]:.$..n^....-'.2.....@.(.f..M#..8.".[.....b,.>(..kM.#i|u7.......2g..}.E.....!.d...(_.......S.<.}...Y...T..3W..5..]..!G..3...Un~..Q].....P.#.SPt.....&..U..t.q.G..Y...EJ...>..p.X...V..{&?..@,fi....*...:..^+.g..O.w F../.#l.......CGt..p... ...|n.....>1Y#.,|..x.,......).;&....N..f.Y*..@y.!........:Q..eA..K7.|X.`..#..t]......q.0..c.wk.{..XFW).64..6......I.LB......^Q.....0.L......Q...+.[{."...g.(.x[..[..@].?..VnUQ~..O..=..,...Ap.5..\HB..^K....J.[..ESR.q..H9YHF

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65137v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):752
          Entropy (8bit):7.676977020875792
          Encrypted:false
          SSDEEP:
          MD5:143644E71593600EA3EF57DD66B1BA61
          SHA1:960FD870849F2DE71735C35533AFAA271D1A5A7B
          SHA-256:C2E866A2E7818899644503C1A7CB3B3CDF959534EA4F8F06144A5676ABD3E0CD
          SHA-512:CD9FF5F39F7C37A15DAD027A1DD35A80B048A2C4A79728A5CCCBB857AD3AD53E878065B37484186FF6D9F56AB30EB4FD05248C6F298780B5EE034FC834196E2A
          Malicious:false
          Reputation:unknown
          Preview:<?xml..Zk....kW..m.z...35.V......%g.}p..T.M4@....)..D).4:Y;|...=..85}.......2.....+zW..tW.c.aHv%>......)A.16.A.."_.%.!..._..{.]h.Y8.I..bv>...h..V.hN.V:...xX)......D=..8........w...vJ....VY......,.....94....-.7....m.."'w..*.>,....*K.<.Z)T..&s_.g..0~o..N.%2...............7.Ol..R........#..;|V......:.zX.CT......'.+.C..F.._...n.....N}.....,D......,.3N...e{.-.p......:..wc..g7..p.!bo.h.[...fE-...l..w.[(7....z..":&...z6...lb....K.....m,..v..i.w..LY.N.....!.!.K..$f.......}\.BC..w.z..m..}J..C.Q..`.~....O$OW2p..u...x......+.P..........n.V..?..8.i....u.gl/^....j..l_XB....R..*.l...Ou...Jevv...Q.li@ .QG).*_Z....0.1.Q.$|...c...g:X}.....A.../.~;9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65138v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1094
          Entropy (8bit):7.796809913463592
          Encrypted:false
          SSDEEP:
          MD5:8DF1325EA82FFF829222F993DF4CCE5F
          SHA1:53609AE496094F7322579AC847EAE9BF7E031D7A
          SHA-256:1FB03E52835EEDB12DC22760BA83369C2A667B6C00204897DCF6769247BDCF9F
          SHA-512:BA30A7CBD6281B288C331E74254C64E5D73A8F7C399DD8A8B20AEFA9B3611187CC6A776E3AB8D88B9FEC989DE98C2D9B0F0C0855DF27DEF468C7719418BCD055
          Malicious:false
          Reputation:unknown
          Preview:<?xml.E...F.[.w..;....U*.nm9..(..-.(.z..g...lAww{...^..,.b..z+q.L..X..o.$..d...J-.o...7...h9.......N$t.^...kzm......)........@...^pB...e..fc.F.xu.a.z....\3.6:..L..by.Gl.9|.bW.........S.^...t..7W..xq...e..F`...o~%...i...y...nA*.......A..|......=4lq.........j........X*O..skx/u....Vi.W.....i..4...o\#......\...Y.A^w.(..af;$4.[]*.wVg%.2.9..._.G.yiJ.a.p.].$..n4.w*m..Asx..M........$.9.v...$O..{.%.....\.....T....L.....t.S.,.!...Ud...<.0..& 5{..sAp.H.e.b..W...n.'..5)....-Q.;..f....B.}H.............X9.b...A]z>.p..u.K.........L...wb...fw50.t.o.....E......@.. ...[t-.k..?.0+.&..X`.N.'...D...mn.....m.........5....m......&......Y....@..?........r.W...].-..}A..s..A......f......./.:}.y.....F..d.......#.J......e.....k..._..v...e.#/.4^...4,.]A.uk..~i..+/-.`.`N...B..!EO... ..........N.......*...f!.......3..?.Q.5'w.pZ$l.....<..RT.*...b....<.A1.y..a....(.....C...Y.Tw........D?.....i..E.m!.........8....B...7..[. J.|.D@..[I0.Uwh.N.BI.I. \(jWC.b.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule65139v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):8095
          Entropy (8bit):7.975864341675645
          Encrypted:false
          SSDEEP:
          MD5:8F946BF931E83F6A3F467618FDE05863
          SHA1:B6D2BB1CB4378D9B668EBE0868E7C959CB697316
          SHA-256:D43E78725CB6C13734EC891F1547D94D1246982C4E38A12D61CBCDDBF14641E2
          SHA-512:A6F0B042CC9E23DBDF3F6A644A38DEA0C243C5A37BEE516031C84C1432BF614E531D084E25E13A32D14B503DFE687F46943CCBE76185E11EBFD35F04C1BAE454
          Malicious:false
          Reputation:unknown
          Preview:<?xml;.T.....&e>..*....ul.G...3..A.|NR..i.!.?n...C...v...nT..|"..h...E5T......Q!p.UZs.f....l..A|7......L...K;5Hc.KV>....(....wK.Tr.@y.v.pn....7%.....k....k..e.'a...1o..;...p. x..d7.5I...;A..c#C..>.6....u../..a...*>..P.....9....^v....&B78...+.....H.{G.*cA>..#U...0...%.....x....u..+..Z....P.$.P.F....../b..$.xmv.3h^.A...5...'...&xS....F.s..0.|..ma.t(R!.Ty...x..B>.zI.};b=..d1%...F8.....5...6..`f....L..[m.NS...W..4......H..E2l...|....G..{.JfGJ.-.#...A.vB.}8V.{......=.....W^.c8I..*......D.7..`..?.s...s.eop.{qTng........yTo..#o/..).e..C0..G.f.....J"..P...7Oo..;.=.....3.B...$.f.0.N......]..t|XN#...1X.G*1k.Q..1P..";....<D..jT.........~........we....|N.A...K..Vw..1.P......n._.....2eU..n..f....p.>.%dA...A.../.*...(....e.....N[./.[U.#9.:.@..N.g../5..P.i.....".J.F..r........E....cd..i.....A.m!.`.+P..B...K.MM.0L........$....z.....J..k...gF.U.BY.i..'.&....MS...t........2...4e..@P..N..b.(4...|i..5...0.)..l)...\....X.Z../...V.fDll<.jl..w...}...o....[..UD.q\h/f.D

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68000v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1047
          Entropy (8bit):7.79389070690581
          Encrypted:false
          SSDEEP:
          MD5:A8306B03D26B09D483083DE34679FC96
          SHA1:722E7E3B2CAA64A6867059BE91A2AEE97A5BD02B
          SHA-256:AB8F50D69E7254A99F969E4A29DDC16A8865C06A3BF171BACA30C0FCAC971F1D
          SHA-512:986B265C2B05A81C46D022A39D1C5719BD1FC064F82760E249EADA3046124E2ECC0D8310AD835324250734F24441E3410C00C73B0C19A19E7AE178231B3ED9A7
          Malicious:false
          Reputation:unknown
          Preview:<?xml....<\X.....E5..X..X.....m_D3.....E.]...Op..g....`...4.?^*.=7.....t.^DSE.k.s...2QwR...q...E)B/o.T..._g......x..1.....3?..V^...I....0*bI............. .cE..ATx.y......e.................g. <.. .......P....j.b..]..@M.2k.]......Do.>:".....I8.......d.>..v..KQ..R2...=m..,..c.u..!up=w.N.b.@g.o.R.D".<..v...q.(.c.w.s..J.=.'eJ....T.x.....$....0..L.p...8}.2?8.m`iNw...u...'.G.;......u..@......1...9.;...>G.s^..N..#[n....5.3.~.*._!L63.....;.1.p..9V..{~.......s.4o`...2..\....<.(.S..P....|J0.^q....V..g...........J.n.&...0...P.e.j.m.k!...!...........|.:S..a4.......X..0R..W.:..^.Q/.9....J"..........^........S..1]...-7H<\)XQ..W....j...J.X.[..;C........Oy....f.v..:......h..-*t{6......._t.)..TG.d`...;..#.K...[..0a.__gH..O.>. .Jn/..&gtIE.^..*....a!.O.R..v.....AG#t.[S.kj.Ul.m.:#@.1.=;y..5.s.....,.:2mX.E.P.41.p....t..u.K+6.L..Hx.E.'O.:.....7!...+......r.Z~..afOZ>.)..|..Zvmt.U.E.l.$....W3B....B.%.....l.....a .?..?A...}.L.....cz.9pbW1L8qQshua0c0KnGl87DEySlTicf

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68001v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1003
          Entropy (8bit):7.791128330919923
          Encrypted:false
          SSDEEP:
          MD5:3B3DFF9CC10915BF3D794B697B3E4931
          SHA1:EE263918F9CFA21CE0F55602764CE853DBEDE8A4
          SHA-256:3A0350AAC493AA281C3A4B2BE9F90272690557FCD8437244FCAB48100D3D67A3
          SHA-512:859B2509DEB13C919C4A29707F63C93C9B0DCFA737049BD06DA8903E0ACBAF95556D853A2D982DAE0650362BA06127F484F84248E8D886FA4BD480E40EDA78F7
          Malicious:false
          Reputation:unknown
          Preview:<?xml...z...x.`..[.9l[...B.G...A..|...W........;.J..L..0.B.Nd..?..%..X.8.,.6z.y_.R.N.z@.....R..W..,.].h.C../.A7|.5..~..N...U....f..2a.IK?h....J....O....`.TH. ..-.J...'.. ..ze..../TB@..._..W.eX..(..~...j.j.V......J..p...S.]J....NT...J....f]k...RX.K...'. ..l.i>*@.A..?......1..w.....O....l..QO@8B...(-....63...r..,K.S.$.Q!.....c..q...h......f.$..etu..,.M7.....<..8+d.f1P.yk..z..9.a.|.H..c.C........vh.$.d..W......t..xo.?b.K...b.wZ:kk....fz_.}.....h..".u..m7...n.v.H[..u.&O4..............>..j...>...TI.Y2Q..Wu.S......X..;...^....nJ..i.A..sI.PI......|.....u......i...e.sU....}.'{.U..W..4)....09..(.......y.C.5....f.b.8o65#s0.."....R,nf..Yx...!...^.....;N.$...#b!.......o3..[.....'f...U6...r3.r.a....G..CP.:...>e..F-....k,%.......:..|7.Z.35I$."...'h.6.._..h.S..+b.]5....:..,....*.oe...r..........$...:*....%.}....|..r..69rx....m..G.%<as.k....u........{9v.....+....0..$g{k.+..p...8.>.r.X......j4.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4D

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68002v11.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2980
          Entropy (8bit):7.937802395346348
          Encrypted:false
          SSDEEP:
          MD5:4B131DEBF52FC50E84884B8014C0C303
          SHA1:4A7916FBD80EA5FC2E1D4A1836E40EE87FAC46F6
          SHA-256:793CD35B3510DC9575CBB7D5B652C9EE0B17E985A0C2A3FE54F97AA9F0BB52A2
          SHA-512:028F490CF6E6EFF8DBDCA9174A17BCAC46D82D7D353DB962B8DC4E6EE24DBE6FF91B492A3B4DFDECC3F573D31BACE3C6172AE2A15B3AEA3F98A75FD6C2BAD802
          Malicious:false
          Reputation:unknown
          Preview:<?xml.LT.".zi.]v..!....../vV.D.A....I..!.........$....$.j...b...BI..R..<..)%.X|...=..[-.q..6G.*Z=.A\...h8.0-|T.8R.S.4..Quu.~..c..3..q..f.q:.K... .C..g...Z=...{..[.....<.ri...y..&...X.k.....3..b...3.......8Y......:z...=.^t..'P..5.4......]......g9.Mb4.[n..8<..u.&.!+.......B."...Z.W......4.n.@W.u}N2.l..f.W]....6.m..8...^.....V..n7.0.h.H.......>>3.....z."m..,..A....[..CQi%.3....L.{.9.G..J.G&kD.......jpx.'...i.wL..2`X.7...d.n}7.e..c.jy.^..{;.ct.k]Y.M.T..>X.....{.......3..T...%\..m.Z0kg....~..z.....G.}[?.\..9.0;;...iY.4...YD....3#S.T/....C(I....$...}fq.M....u....9.<.._.f..z.5.NV....#r.:y.:.E...c..C..S...#+..2Q.0....s.A7..%:..\D...k.... ....D...........k.s,.Q.o~.P.L...2..h52}K...h......OFHY?..b}.....+.t.....lbj....1y8...<.V....~}........})Z..-.@M.DDL..J.p.....E....7.........K....%.... ....&.Ca.U....u..O.0.{.c..lr/.Fm.0H..kS..s....!....:.Ep{._2.."..N,k.GS../.......r.|....].......b...0......WZ|.'...,..../.C....,..F~.|...9.*z...hX......

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68003v12.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2672
          Entropy (8bit):7.932194698049344
          Encrypted:false
          SSDEEP:
          MD5:2FABE1342B90E6F2A949508290F817AE
          SHA1:78D2CF81CF25D9D4651FD7D34BCD2BA5DEB952B6
          SHA-256:DF534D328DDC971EC99A79B4F2B858DB7AF52E6A48579D0E35F2D44DD27A55F4
          SHA-512:0E8B528336AB4A8310CD9A60C64A902D2ECF4D42CCFEFCD6731543A8A607C6E09E5F749B43FB30902BD9B568176077FFBAAB725099EBA41FFE7DC90B4047E3C3
          Malicious:false
          Reputation:unknown
          Preview:<?xml...h.......a....D...]S.\.tM.T..eX.m.....%.0.H..D...(j.`D.5.6PplBzZ9.....Ji.q .[...,..0...*.\....84`...........=.......|...j.i......w.....$E....H/...}.......Yi....REV\.1kc.*.K.%U..n...'.2.w...K.n...^....r..1:...B..3.E......q.+..c...M.]...S.o.V.c.d...6"...`^..SP.....`..W.....g..;8......H.......#..q.A.wX......7s..O...;|..i...i....^...wnI8..Og....e...?..e.b...^......t......TR..x.s..K6.k.a(....a..6l......F~d...3?..L....pe,...d4T..;..O...cQZ..|.u/b.AXr......3..R.U.g...y..4.3Y{..V..J...9........./.._..6+.w.C......y.....M.:.T.CF.[).V|3..f...97..>.B@.c.nD..\..}C..."..2..+....:...Y..R...|.G.....'<...c.Pe:4.-.p.a.....C.K.I.....SM.p.{P...y......j...P.Q.8.`R.nk..!dB0.......{.....|.b.b...L.k-.*R.1n...EF.{f..Ni/........D.AI>..)5...iR/..L!.....Oj...j.....5}.;........y K<......nB.y............."..9..8T.fLa....p%......^~..@.!)...4f..Ko$E..{.....$..9...\|.....B..,./W.....~.7.B..E!r.,V.:C.o..,>-.............I.8.(.FC_.....J......t.4(JmM..w..8...d

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68004v16.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2762
          Entropy (8bit):7.929579215427464
          Encrypted:false
          SSDEEP:
          MD5:FB9960B9B522B6218390D31F14F823E7
          SHA1:21F6051D5B3CED8310DB821F207989F10AEAE458
          SHA-256:774B83A73171A65269FD64195715C018EEC11C14D27D4AAD7F956448C0E3BBA5
          SHA-512:DEE10647F1A453A78822AD3F3C8EFF6192B0982240CF67E0F3FB2E229A7CEF4F268B1134D5ACB0D306E83DDA7CAC0A5816136E9AC2B36C6FA6E514F6B7798217
          Malicious:false
          Reputation:unknown
          Preview:<?xml.N1OoF.;/.....1:......m...[..27.../......r...<.'...X..m......Y@..x%...a..MWH.H.;d{|E..|.....K-.3*.1...^}.l.A.C.2..J..-yC..E\...n. v,.6A..........WDz...X.5b.>..aN&1.-n&..[],..)w.....Pa>|...pe.m..4.O.q..co/>..,.S......d7.(..1KSD......T...\c..sti...*.eS.t.....m.]1..j?.l..V...F..|(jg....'>.D.,./....s.......S.r.\.UN..?....uM..D.Ex...G.n...<.oGZ.7>."...........a.....A_....Y.........Y....oR....P!...P....>n.....<&T......D..p.h. ....!'..Y...I..m.V:.U...ZQ.....?..8.s.I...U........z.......U..:.BW.!.R".Qq...\.....+.. .x.i.0`........K.).3?..Y....t....{....2[.U.lA......d..k.j@.9.roQ.qw/T....x..b...J......{O^).b.y....:v..#.......... >.V.c....9A..."./E..K........q...;....Yz....ey....o.{>...1....(|.x.yFK.oGY....l..Ba../m..k2(5u^lw.9..&.Q..S...{}.lC..._.g.{u.N.....Bm..S*@...-....-...E.....~..&...C.;...K4N...."..R..D......./..x.....=.^.....h?.......c......XyC...t.0.j.I...06t.3.L.p~.|n.......I..@.&..p.....!.....{z.Y_.3....%o.r.T)K.'>.vE......2.Vtj._k.@.L

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68006v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):838
          Entropy (8bit):7.736040976085073
          Encrypted:false
          SSDEEP:
          MD5:1040EEF36996E4BD26A6CA7B47A95D39
          SHA1:49A5ABF0CD79C72F7054DDCA503F03B31670894D
          SHA-256:F99C92F3C6D71504898A8BA0E22766D0E89FA49C08B506DE881DCA5FEAE79705
          SHA-512:7016E6AB805FDDCCD78AC7328AEF6AF78030CC33A4C7BF6D960E5DDC08DDEF0188A840F1D1CBC84A9ED5FCC922B0D973966B14E876B95971C543F574D9708926
          Malicious:false
          Reputation:unknown
          Preview:<?xml.o8.`9..h.O..K...9.}_.....Brb..L/...j..)...y6F...`..._L.N..C.0...@..&.D.t..G|.-74...x.......yza.....I.3K......<.....8@....g"....]...!d...(.Lu.T,...xxU.^3.ri.6..8.f...!...`Y'....=l.....7....d..>x.............}M.62*:...Y..Nkg.X.....:r.<^.).hq0.........X%6.&.|..(C..!X.....j.D.....yH9...K..d..Z..-..sv...R.y...FSD.a.\....%....'...n2}....5...F..\!k....ok..M..Q&..1.i..}......mE%.G.g....-..^2.K.......#G....w.........~>O).....64j..n4 .G.Z..Mmd......=.'o0..<..}3...W...2.:.....i.:S..9...H.3..+RFy...Vx.....k.>.F..w...N.#.m.@z..$.F..&)K.dJ..F......m-.e.L...Z.oK~.^.C7.;..h'"..^^R.R.R.h.3<.~.!. }....V7....;0.?.,..s...:2..tv......x"........,N....b..0...6...P..L..2.....x..d./..Qb.l.+=.y..C.....:..$.F...3....M9..$......].FCjz...79pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68008v4.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1010
          Entropy (8bit):7.811891262331368
          Encrypted:false
          SSDEEP:
          MD5:C36BDBA48A5B95B068E03174D5F009AA
          SHA1:93D62E70A7E5D8488002222C435F5BD43F330748
          SHA-256:BB472418FFAB0B0A5CA7603FB1379947D4C2CA911ECC7712240477806E1B4B7E
          SHA-512:9DBA3D2F5D1F3F7B9126186AD97D5C0A880AD3C285EBE2E6CC72487254E04A8570933194393D407E12D98A623B22CD5C09C5D070587F6941981F4885FE6ECFE3
          Malicious:false
          Reputation:unknown
          Preview:<?xmlep..n.V.o.:R.......`p..dL.?".%.f$....R^...C!...mH..U.......o\....?.Cn.."...'.od...Ry_3.+1...zs.(...m.t@i.,.I..\hD...]..Dy..Q...U...T.q./.JW.....b.U.."..Yi.4.v$.>u..$.#...[.(}.l.0......t.#_.l.y....-..mS..{..rG.E..Q.f.18.....]/n.....=..ESv...S.y..r...A..*..........)^|n.R..:...9..A...P..j@.q..7.U=..Bc.y2+.z..h.m..W....?..k.j..%....0[=<..^..E.<L.d..?K`T......}..g......v+..J....a...?.R2@..pL.7..uM..t......wP...E.DM..k.p}i..H.L16q.bv...v......k......].#.....nE......C7.z.....R...........xPd.d.k.......*..B./.l?.c.2h.z.......@..&7..F....;~......^.z....-........NF..v...|f@F..&.+n.....S.Z...._ .[.]..<|U..-.^...)m.@"V.......s.x....Un>G...)..S. ...k.F......&..I..6.1.L\..O..Q.....=..@..SH.E...D.*..h..#...4.2..'+.^.W.......e.....h.Z.@..`.O....%-..E...}.21y...M.._....DG...}k.....o.;Dk.Gp.7....:.,.l..$O.(#..n[".w..w..9'.C.U.M(./.Y.....f..Oy...g..{.#awe4Z.-,(..a...D.3.;...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68009v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1380
          Entropy (8bit):7.848635287373611
          Encrypted:false
          SSDEEP:
          MD5:5F8AE82D483F9F38A57AEC3F0389AAEF
          SHA1:9EF51FE69F9A12B3FCC29224BAD8809FA3E55735
          SHA-256:6F2D7D54672E5A78E1371AA44A15892CFB137BFE36DDD464F10C11924B169EC7
          SHA-512:B2525D2B993D8504BD50BB4ECDF034BD2ACD86933F490817028B4A59F0E131145F2C95D81F2E4165A89ABC4123197260D47E590CBC103F0FCB61C875504AB9A8
          Malicious:false
          Reputation:unknown
          Preview:<?xml!.x.DS.w9.Kh'u,V.l.........G...)Y.....7......EM..~..Y.......l..8m..|..{5....N.S,....:..B...C...$.H..U...l.......EN...V...=......Q.V.q.L..-.&.U.CWD..."T8#s(.Q...Y4ke.G1..U.....&.......N.<...9....-.........!.1x..?5c.a.K..|Z.^~.o.......5[.2.{).....Tp.c..LfE.M.....?=...R.QD...8.8.Z...}.%..4%..[.......L..*/2..*..a.D...;Y.\.z.5.......eK-..4!{..P[...;Y..`y.....'..h..T.]..]...V....?.^.g..D..)R[P.`[F....W.Hl3.....k...3r=jxu...$".4.hC..<d.ZV..3."..G..x..<J.7......5........\.`J...y..E~.W.hV....5.q..F.| ...C......e...+..=...}..l:by0.Q.^.Z3..9..lf~.e...y...>1v.b.r..f.1~2.f>.<.3..c.A.`........*...%..)E...q}..I4..7.59.>}5.6B...7B......i.q..G..&L ...u....x$...J.....\N..Q....E....J......GN;......,~..4..+...N@....Kz...n.,.}t..|E...W?..b.99\...&..a.x&....l".!.Ye.IPl.;.....bfz.W.T....{.6..J....o..m..7...-g....4.7C..q>...aR...}h|xL.k...$t../.?...T_.JZd.. ......G.N.B.........[......u<..fWe.,..l..}.\/.3.....J.'..*..k/.~S..:?`..T\S.G........4. ....j....E...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68010v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1614
          Entropy (8bit):7.871463763474682
          Encrypted:false
          SSDEEP:
          MD5:F8AF15994B2345CB88950639440F6605
          SHA1:B65FA6E20A6CFE23B0EB46B729BFB7C34AFC1D6B
          SHA-256:F08DB479E465E45123F0F6ED139EC90DA355C064A47EC20CB2B0E75924DD369A
          SHA-512:8449BA2C749DE806CCDD6B87580618FCD71F2EEAD2217A8E7DD58D76519C43FDB0839A221CE798530E257727BAC704F21AD0D07301E14DDC499238FB3F3BC08F
          Malicious:false
          Reputation:unknown
          Preview:<?xml..@....|A...%..o6m:.8...5...........*...N8N^\.U..(.>..!.$..../.8"(....G.a..0...*..T.;.{.r.a.GTE..2...jH.. .8:7fL..+Iu.......OjO.*^.....Y......lb,....dK..>...>Me...#....7'..?.v...Z...........:.-;.d...7.&..s...R.}.....}9G...D.$..?..*O.J6Rs.....'...N..y.....Lb..m8..v.....TV..S....t.....k....y.p.~.F{.'...@m?....!...#I:.......9....6.fi+.3 x54.t...q. `..e(FY.".a%q#5...k_.6..g%;T...S....h.WZ/.b;...>.k......J..!...zz.S.....W.......C..U.3G...R...9...s...E..*..)-Y.(..jb8%.+?..F..h8.o.<V....A..m..TC..h ....)....!y...Voz.i..a....-..Vh....z0.)57#...m..4v.._x.....*.A.!.f....`..5.M.....y.._$.vrT.Pb/.. .....og..S.U..\.....$......M#.d9....D..n...M....^9!.ia9..o.....I........6...2..<.k....+4...a........_1.Q..@....?k1.x*.L.?.V..t...%.\....0.^A...c...h..X...^Z.fv.0`d.?'.gc..%..$.b".b.....(..S...../...U.d.S.P...]....+.d..@`...*l...y.;c.....:..A.G...0.....PX.e20..M...M-.T.......g.".vyJ.&.&.j.d.6-'@.f.,NtU.Nt!.2....i1......]....?%..qj..-....R`..OGb...m..Zg.R

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68011v4.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2753
          Entropy (8bit):7.9333543024009705
          Encrypted:false
          SSDEEP:
          MD5:D4D9246678F2EFBAE55B1261A0A0FCCD
          SHA1:4288845AD62A71C6CE5FD6F406CD5D69B8EB8AF0
          SHA-256:1860401EDF87A9FB70DEFFCA762D671112FAA4C2AD021BB37A573B25EC1923CC
          SHA-512:6F2A5E309D7464ACC2D2C10857A38349A60C593466F567A5BE76562A8DDB7E685053F459F044186AF4473F42E95AC75A4F3BBCC004B837ED547B8BB68F6D6303
          Malicious:false
          Reputation:unknown
          Preview:<?xmlE.VL/..F........*..P..b.T....a...4/...l..\2.-.Q...e..~..:..q(#.*l..BAK.JtkH.0\5.A*v..t.-.n.......T.<N..-)d<}.(.....O.....S.#.8.*W.8.g.....9.M..`Xi...)......`...f....!.....|.=2.......Z.:....R..7.G(.L$p..V.....>~..../.0..1....M/$#..#..q..>.\.....mc..+.Jo.G....3.D.N.].6U...l...Y......l.oq.8.YD.P.[.x0.K...$35.'.....|.r-'.@...;..#..$.;.r..7..b.sXb..O..A...C.O;.E...<%..(k&)..U.W..|...........|,...;.a._..)......>...r..X{......O.'.q.e.....{.>i......-..8=N^..8~S.F.WrO..?4#".u".....8..{Z.&r..`.(....,.....,....h{...94.$..%.Z.3....;.-.i...@...d..bl..._].oBe....Z?. s.$..\.<.y.}....B."...|o..50.<....,.k.X.S..n.....j.....G.`_.....b.x.>6..>....2'.]......zs...o.......?1...d...L._y8l..Dd.D..t.0.l".N...C..h.$.G(.W...5c.....;`.p.a....R.....Z...#.......y.g.>.2.D..*...)..{...e.6.@.5.[.D..... .W./.f..J...........<.>....s.J.X]...w)6.....qY.1~...=..G..3.d^f..o5.<;...K.q.i.7$r..?.l......U..?.jH.z....Z.[....t./.T.2..{.....r9.BMNg.fk..%..4....X..&.. Q.n..k

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68012v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1558
          Entropy (8bit):7.869850342885452
          Encrypted:false
          SSDEEP:
          MD5:3AA66008B9EBF0EF62077CA2433FF5DC
          SHA1:DFB707A5EADF73ACEC35F0E215C92D904B038B8D
          SHA-256:EA4559FB1D3BA9DE1DEA035109B8AD2DE64CAB17402416C7AEF7CB6EF6C7B8F5
          SHA-512:83A63BFE1BD2F7306CF94AC289E7340711E769CEF6073499F04F76D74991CE9761B33C31F787AD8783E9F4F05CAE5B7FA5E02DBA907066754E710F2145123D61
          Malicious:false
          Reputation:unknown
          Preview:<?xml.LI.;g.v...h....Ts.....N...... .m..\.....%..^.....(.~.T.....64...1.X.%.NZ....()..o..xM2y.?Y.x`5-..8p1....(r....(.....K>....^..l.O.) .....F"..,;e.......[....j.'}.1A.8z..!Z5....ZT...5..?v.....p.....R...R.F.T...V.L..v.M2.J..."...4.........6.5...B...)...iu...&;.T....2T....V.6O.......o1...T....[~I..?.S.e.."7.}n ...]8...:q..8....I.f.`...8.1\.....vO{`)6...C.F.e]..3.M.B...xC...x.u.-.N...![.{..I5.%..f...q-...+\S.&bte!`..][n.H...-'..JhPD..)..PM.z...t(...."...k.Xnl.V.....-m;K9..E.$...c..{w.H..;..Xz.B..j..t......fo.QU.h%..$l0.4....z.t ......Yp\.Z......$.p..Oi..yd..N..q..2>....8*.'..\.X.Z......7Z......h.....D...A[&.G.4..pi.2#%6...k.2u.%C....A.O..+&.B...ie?..+9./..rwU.#....k&.-.E.U:O.7."...]......:`.A......z...Q....^...z....9~.....h.tY....v.N8..h.w7.a|.....W.v........mK'.....sO.6r.t<LH..Q]k....%.v..........^}......-.(......Y.#........yJb...!..^..>G..H..$...GV.....js.4.~D..^...J.G....N.......i.....km......-kB..?.......=.G8P..@.....;

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68013v9.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2251
          Entropy (8bit):7.902615318964756
          Encrypted:false
          SSDEEP:
          MD5:6DB083381ACA775CF46FC611E14E7F43
          SHA1:13432A97948643E6311B7A9C4FB732249E2C597F
          SHA-256:3855F5C4CDBD0CF01675F66F2D9F659EE9321C26E97D56E1C65A67190DDB9EC3
          SHA-512:791EEF162F4900226CC4834C0AB129A59D832DFE04E5DEB7940662A95ECC7DC220A0C9E9B63BEC7FC1563C1B6FB6A2157B37C9CAAF94541E82CFA5A33BC886BD
          Malicious:false
          Reputation:unknown
          Preview:<?xmlO..H...[...P.m.....f6..=-"W..h..@a.a...RV.qW.P.6'....J..{.g..E?...!Wa..9^].c...H............t..?..U....9INnZV.B..q....g.....h.9.DZmC...W{....R..4<...r.6[N0._.d..sL.sL...'.H.OK...ZK....%/.D..S74...9.ZJ......F.....dH%>. ..n...../Xw8Q>d..\W.T2.#.;...}..-..Z*..S.....$n.,20.`e.....R..(.8|......._...BE!....W.E.R.J..=@..........#N.y.|.f.:L^T...m..N[DI.6.W..c.||..L......z......3N%..Q.&V......\...e..l.3.n,!....uZ....,.6....V..R.$.7s........'....B...P.5.GA$3.....K..H..^..g..\.S;..VrJ......&.......Sj(q..S.\kJe....3}.D.....R<.0/M.U..GW0....b....V....gS%...G.q....h.....0S)....Y.C.#\:R..5z.7.']. /...E..c.^.^..U..69T.A..P}U.....b.)....3C. .7..N..[7....]......K...'.&f0.iLKn...E.7.F....'.=p...LI"..H..Wk.Wu...mb._.2...'$q.N..t.wo.R.V6;.....x-.#.?WA.1.....l<..Q..~...IX.4.zU..hC.o6..t..<s. kJ....6.G...R...e.;..Wt...k..I.Cf?\3..*.[e0..r....O.....>P..I;k........c..U.p.1Unh..Bb<........qDr..[.?[EoWMb~j/..1u./>....^......d...#.h..[.o. .C.B<...1=..6.Wh./..a.T

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68014v8.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1826
          Entropy (8bit):7.913024065490118
          Encrypted:false
          SSDEEP:
          MD5:0B6B907E909290BD54FCE0C2B25C917C
          SHA1:B8374BBF0428C728037E44F8F36BB525A20A5D14
          SHA-256:91CBE9AD4DAE5B94354E0BB296520EDD389365952764CC59EBD7A557CE8C91FB
          SHA-512:0346751C7943317253BC2E461FFBCA04707F8AAC27BFCF4CDC5826110ECC8F7BF99764362CF2A207E64075C57CA4BAACB2372C702E5AACFD44B830BDA6D42DE9
          Malicious:false
          Reputation:unknown
          Preview:<?xml..oF....0....@6..........Q.V.R.1P....:...5.....c.8s.KH...H....^.Lp.^.....2....=....P.74N.e?..fT~(...".fr..@........7...5.q.E..n<.g.9..(.&.M.4#...."Y.N<D .O.zL...Z.j..4....m..>x..V.A.aP.K.P..9...x.-j%....:....^....g...f%.(~.!.5,`..H[.....p].'-.c....]....^....W.........Z.b... .?.L.H.3.....,...O..0.Bo.g....1.d.#"/....S...!g..R..K.\.. .9....iM....~..X..Ty*....aQK..[...= zR...Y0.s.]F/.......`.~fA...bs.?..*Or)fv.......Y..xS!.<e......I.qh-k;..}....0c.T.....D.4.Z<..5GVW.a.*.l.h+.;c...lX...".nR.{.....]..{.C....y... KW...]...-t...l.................h..=.5...K.2.0.V...+...a%.&.r-........D.Z......}..D......s .&<[..,...^.Z.;4<l.vM2..{=.H..[........-...b.@F5~f..L.nU.WQ.H..}..R.w_......y...?.._..DS....-.C.....Z.^.=o.g.9..[.....|N...@....9#............ ..z...E.2?.Q..._9.V..............(.n..b..m..ek..$...u.u.<]l..h..... ....k.....H.T....|......b.. ........&.s..c...D.9;.G.D.,.J......<K8y.F.=.o.'.....l.f.G...y.7.G......2%./][..,<.m.i.lf.:!...4..........

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68015v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1197
          Entropy (8bit):7.831368646250202
          Encrypted:false
          SSDEEP:
          MD5:2C579515E734A4F797670312E0884085
          SHA1:62158217BB312C64D527A9CCECEBC68A5F4B4E0C
          SHA-256:D2462C38A5D31F9E02139798FDEA4268C275886C6EA997CABA03D0ED337B2707
          SHA-512:178EC4B89E813A254A0CB092443357AD69F44BFE84AE97179A5EC718AE6FFA2099A392E4FC81BA0B157456623100612960D9E045CF8B2B7F4B39DBC906A0A5C2
          Malicious:false
          Reputation:unknown
          Preview:<?xml.!._.......WB.M..R.!.%....ji...}...+.L..O...,z.Y.J....{.?....T.;I.ZW)2......nC....;c...R.is.......*.k$.;..!.$>...J.....s..A....r.4.q...gP.tD<._X2..p.V.N...".....&y....4.^\_3NR..B.p<+..y... w..W.$A.WI.p...Z..n...!.h....N.....S....($..;..x.r..!.qK.......2L...?..E.U.....{F9P..6Y...\3i.f.w}#iM.7...m...$..N.{.*...M......wP.A.(L*.....N.H...d/..\. .F;.................+?.obo...2;.qe......d...U!.R#....1....l.x.j_8abJ..%'...[7.K6..yt.......z.Tp0.4.9x....Cr.M+.?....H..9;..7R.:.......b.......1.....|?.t..[[..@....~......(.=...'......z........EPd4.7.$..vo....X*.7.&D,.r.(w..$.&C...,.d..K....n"..#..S.'........qf..}..m....X..".O.a..5I.E;..,x....y..8.......[!y..cz..9uW....f......h......E.G..p0..%..6.5..#.r..yf...p.?QVT)..?Do*cl.b.{..#.tKx.Z..>.N.a..l.K.h.`..[.G.I...a.U[...`_.....6......j...M..@..6>.2.9.1./.._6Waj..2.tW3..!@...l..X.>&Z.%97R.....Z...7HZMX.2.X'......8..T..........`...T....i..].....~..D~B]|.$b1.......+...4w._...bx\...........J..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68016v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1004
          Entropy (8bit):7.764513987147222
          Encrypted:false
          SSDEEP:
          MD5:44C767BB69402A3C3DF5FAFBD5DAFB99
          SHA1:395B9FBB9E5D2FE7BDE4C5B444C5B3995B58177C
          SHA-256:D813E2C94C6304B3AEC9474238EADADBDE85F9FADF555AA83907A2799BC8AC42
          SHA-512:1B63124B796F3BC556A487AA7290AE877C0A23E73194F8F46B32CCD3479B65C24DE8E64804D82F2DF1C6CAD26262365E124D1341BA443A0442816F9614BFAFF6
          Malicious:false
          Reputation:unknown
          Preview:<?xmlM.*&..az.e...l../.c..{.<5..~1x....Vf.|)...}\E.:........._.S...>.2cRb...,e.+.o..x ...u...,...}.!...n......#.x.I...\.Y.v.@..q+;.u.@.?..u.......8v..N.3:..9.....2......I...p...!.\.......C..*.$ .S....b.OQ.-$..qid_.z..i...N=.......6.+......E.j.PiL.Y6...s......o.9..\..p~...pNH.w+h...U...;....;..dK.P...?....Kin..I...'p..T0.^...4.....{....<p&4:.........^....;.b.g.L.o_BRN?b.K.ci*..s6_3}Z..*..M<U]U.Xz-.QlB.B7..q..A.Z.......v..W.h.oP.l..k.1...K.;....t.z.....jO.....p..-.e...G..d.(.B...U.wknX.4...5..Li.y....../y.\MS.+x..F].........Z..a}.Z/XG\.6h...n@...q.g.q.........3..'..[..@.0G{........0.dm.N{....@..y.F..-..W...ESxEo.....N".....2N..6.%..Y.db.W...V.a<S..Y.7.oj_.:??P.M..5Yx...........U..+...H..J.CV..$..3i(..4 X....5.......k/.)..e......m`.e.u......p.*T..-dB...+......].n....(.0yd.+.h.iRr/...9.e-.J..z....v%.(.u..........Pha .J...UU....M.p....F.t.(...4......^.B.i`...1...Q...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68017v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1186
          Entropy (8bit):7.8312852116429665
          Encrypted:false
          SSDEEP:
          MD5:B436E42F00A2DD2B70E044170AC94739
          SHA1:95465F46871514016980FB2AC4179CF0588732C2
          SHA-256:FF13709F213E3ACB16A0EDDDE68AEC0495B70035FBD8592D6FDD0B1ABBF4D46F
          SHA-512:20C9EBE1EE2BE33D72CC4A891A6C3EC0FC27F260AA77BDF6B9622AA79232E71799A7218388872EC877A4BDDC5EA9BBB4DE92C463679E86BE5F23A1BB47D62B67
          Malicious:false
          Reputation:unknown
          Preview:<?xmlN0.P....s..tTN.....X....4.u...M...L@....\...i\........q..:....vp....g.E... x.......@Q@...J....>*j.}.c..ZTj.........)a9.:.j.....T..M.....kP....f.R.V*.i.vX...`.M....B..F{vQ..#.>T=.a.T.3.Y:..YH...d....j.W.<&!.1{.N..........d.~...O+.....#,1G.N.@.z.......C^.D..6.V.D. .....[C.6e.t:..../..-W...F.......A.b..o.u..4../.@1v@.2.....<wIS..>..v?.U..Z.Y. RI. ....f.|.5............jt)..y.a..{V..LS.fQ.~$..9.<=..waP29k......II..i..{.{V.a"....8.y.AL.......Z..Y....v.).."..H....X....gF...~x..s%.W.m..`.^.......{.;q.kl...).x.:!C.m...5..JC.i.C...u..cd.......2Wd\...`7*..Z.w....aF..d[..{.;Z42...x-...2.........q0Y.:.U....k././..j..on..h..J....V.B.6.......w.i....~.....4pbj].ts$H...[f.#R.3.uJTZd3.........g.....{..{m&....^.......*~%...E.m(Q<.o(........c! ..Y....gM.u..F..HC*35.51\...}@3..........y...H4QY.#L...s.3.ZD`J=...EG\.^..I...8.uIoC]....<r....>...z..x.Y.06g..k.y1kh.r.{.......|j.]... ..W.=...Y.h.;.G..V.......w\......E....((>.H....4...e..E.X....n=.O..._.H.v...JX8@r72\.U....:%8d0....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68018v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1291
          Entropy (8bit):7.841883983971894
          Encrypted:false
          SSDEEP:
          MD5:2419743ED0A7FBA276BCF13870DE66DC
          SHA1:BE925D8AA71F2778D299730096B801C8114C7407
          SHA-256:9112281C33EDFBEEDB741DC16D824F6A919BA31CE0CD2C83403483904B9687FC
          SHA-512:7FE302EA6D38FEEE7AFED63F16C3D35147A89BD4AAC84DEFAB1411086C5686E99EFDE52D39104011C916E0B2597EC57DFEF492F4524712EE3BAFBCC78C0F7D6E
          Malicious:false
          Reputation:unknown
          Preview:<?xml".?.G./...-v.C..W.M.t.Du...:.E*..x8R..P.6..r....\...d...{..\t...v.....[n.BH.,Z.c<.N.$..i..C..F...=ka.7.m/i..-....Y....:F...(.r....j...Z.%..X...o.......e#d....(..C.... $bbd...(..n.!l|...d..U.w.mLia...AN> .B..H:......e..AV...^F..#.k.y..H.....7e....8.n.b...TC.3...rh.O/..2;..3O..r..p.~..8z...........ge...M,g....... .a..?4|E...*Zv.z...3..P.M_.*.>..{...3.Q..p5."(uPbJ.5.R$.,#.;A..!.y.S.p..VTr5?.^n,..O.a....r/2N..<..W...bwp..\qZ....Q...s....|.].X.O9[j.w.`..............gP..u..7...s.i./!.;............:..:CVc.2vRu.=@;co..gH..........=.y.z...rG.#....'........*.yMF.........y.Q,0*."..p.i7.......+O./.2.~.....yl.VM.Y........K...m.Q/."...v.$0:.O".*.@S..%..lz...-s@./W..~.pX.4.0:H..`E...tt.~..w........._......F.j`.y...p<j1w.3.CE.J\{..S..j..>.9D..X/.{EP.....}.+!;..(,..emn..$J'xk.aB..|...........V...b.'.....1..>.......68.[..Q.....Th.lY.W..+.h...v. I.u'...?...z.....;.c....s..|b...u^?......$..."1{.;$.D...O..TV....T...L..1S.N#7..........5..jW^.p..e...q.A....r......+.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68019v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1737
          Entropy (8bit):7.879389230284715
          Encrypted:false
          SSDEEP:
          MD5:C92CEA5CED45F6B1273B340BE30A6B52
          SHA1:1CCCD7D0350A511691D52A936588ABFB3B1C88E0
          SHA-256:8AAEC4BCA73FBE7C510A34F23316A54344B5C6F18B4DDB24FEB1FAA6CA89DAFB
          SHA-512:840C588EDDF1723D5A18A653C2499ECB42B3E3167AA84FFA4519EF7B09F8B3542E2DC7078F3496325BBB1388A885DAE81C9D3FDDEA4CEDCD4AB97F1B86176DF4
          Malicious:false
          Reputation:unknown
          Preview:<?xml.a..$.^n....pHI.........P....zo.]..M.U.Z.Ln.BH..."..'...]....(..<t...g.{4.....z...o8....S.N.g?.....$2S..&.Q..w.a16....:..'.9.....nm3.;....15.t.z.=.Ik.[...7.7.M.......sB^.?8+]....E.;;.&.<...h.<.7..".p..m.x.u..Q...R.4..b..D.X.......x..gZ9..!.HWU..<3EC=k+'.N\..i......'.../.....'^........b..Z..f......wlpwP.>..`...7....d.e.IG*..w.P.r.b..~D.y'...rBRDWy.Q.'(d.92...0./r..w.~ Qa.0.V.&.s.v......K..E$KJ.}...J..cO..+...:.V.Quj.0.`.S.b.*..$...d.........ok.i.j.<KD?..q?..(.r.........J..:.9m.P.o.P..H^...?.......B...9].<...x.].4B.}|...I.AG..\...*..\.>q....Kh...p..4...p]...`....9.xF-.}..b.......S.........%a*....R9^M8...:..x...*sn6.h.?.8..I..m ..tf.....SFQ.Tz,8eY.Ev.7.......\...].Y-..zq..65..R9..c|.jk..q&s..$.dP..b.5..>......)...*S. >..G...:.f.B4..#...........U.oJ.)+E<.i....&....:.qC.....o.^..&>.i...Vu.].B..z....Z....|.n.+.my\q...R.a..E.m..+....C.m....!.S..l_C........~L..m@.{.6xou....7....W.r(.......A.]..%.....q..'..x.....*....Dr..N+r.>d.&@..u.3...%.....g'].p

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68020v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1354
          Entropy (8bit):7.854328952423181
          Encrypted:false
          SSDEEP:
          MD5:B8178EBA869665D377F4E9A1BEEBF578
          SHA1:E0CB24B26578CA935C6A0179E1822C1024FCBB41
          SHA-256:B3536F74F53A0419354798859D114F4096935A3C5B8BD0FCEFDE925788C56444
          SHA-512:A1E1EA88243DDD652EE7C9269D31559732B998C7A9AA54528A62C078698B93AA5D39E520F54433F5AB2F19319792D937EB5FDDB336E552101019A2032E87D12F
          Malicious:false
          Reputation:unknown
          Preview:<?xml...*.m...)zK\.........)...........i..9...1B\..Z...QI..+..aRH....<....Ll..I..U.$.sZ....(.)...5........... >..0..........(6 z.?.D.+T.#.>~..../.9..|..?7..7.=.C...3...........E...f.(n.4.`....0.G.<j.!SM..s.h..4..Ul..4..>@.....;f...{...0.....^<t*5.$......#.....v........&^...._.AJ..P.1...Lr..44h84.....\..z9L...".2M.v..Z.......Zd.e$.k...B.&.'.r..O.....3.UT.X../......!..&.E.E.[.........{..}p.#.F/..e..}....#.!..N.|...i?....$....F#.g.d%..wC..|I..L..............u....B.W....T..&d...\.b..o84C(*..l...4.t.p.....c.W.6.p..zw....1..L>..+.8......W0TNf..F(;.e.5^(........|G....x@l0...HL....2.8>..&..ga.......r.......g...[T..f@k....6..=..Sy.be...k.K..j..e(.x..w.'.qp..=..g..v.M....I4...n.!...oT..T...v.ZXO....67.^..B.././7.)|....S.(E..Vz.....l..9.<..sIy.u....nL.L!FqH.....Bw...8..Y..Z.....NQ...^I.....6.../..,4...Zi.x^...p.....NE+.......(.K.pmU...........*.....j.6x.Q..8.e\.,...AX.V0.=qD2L...OS..M.Y. |^..}.g...[;.....f..q...]..q[....O@..(RD.q1..HvA..KT..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68022v8.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1864
          Entropy (8bit):7.9021695307200295
          Encrypted:false
          SSDEEP:
          MD5:88A89A94604A29100FB7CB8969F28872
          SHA1:15C1B019205AFC3B618A3778BB7C5579E68D467F
          SHA-256:5B5B2031A243021BEB5E5F3EA87017F3C2E1CA23757A3FD0D64F8EF3B5F1EA01
          SHA-512:E227A7BC38883D0356182753F150C5ED9E18ABE1F3EB33CE793022563F4C24D93C7122F6B658E6064AC2E55605ACD1850CC2DA109208689A8F17BC4735610333
          Malicious:false
          Reputation:unknown
          Preview:<?xml.......sG.>.q.......4(j8q`L'AX.I...n.GGv..~H....eenq...S.b.5...m.4..j.F.[n8D...n.NS.(*..j..f.0/+.6.?.A8.....Q.3d..y......3uo;.D.....cH.f>D....@...\.mQ,Q.731g...G....R(@.KL[..z....2k..G2.....:.D{K..e......(.w..]79.~.@.4..2.......-.-..,..q.W..$....oG,g....Tz..d.....L..b...&.....g..]:.|..*.{..S4z.....y.-.u.4K.....V...L?.s..:...p6...Y.&.&..u./....*`.O...gZ.Xa\..(.R...]&...qj,...Cs..:..>xp1..2f.V}.6G:4..R)......J.......V.....\.J........1.".....e.Y&..c....4....Pl.G=.q;..^...A*..h.3.U..c-.}/..\.P......D~.....R..Z.G.I....3.f.>.Q.]./...........j.51..;.@..;.z...ai. .u....joF;9...,.##.F._.=...R.12.>&..sO..O .&S.4..*..K.....:.iO.LP.1.s.n##%P.{.[U..^..dAH..4..3.:GT.\8U_.6.r..9......S..z.).U!..E..U.I.....v.....t.....7].n.d;$......\5....iP...S......W7.............W?.j..s.l..c.....u.H7..[..x....b$...i...S...A.Y.4..O[.H...%+..o-..5.4)...bA...?.y+.....hT..Uv15..M.:...U{Av..{ #.....W..}...B..-s..).y...m.9y.*y..a..D............._g\..O..M.s....;..l[

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68023v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1509
          Entropy (8bit):7.8601862917120915
          Encrypted:false
          SSDEEP:
          MD5:44AA8A82C38F0CAD6E2E40C01A98C9DD
          SHA1:4477BCAFAA7535EB08E250E1CDD496717E4EC92E
          SHA-256:DBF4EB5402B272E87089F049016CEBA230A5EF5A215BEA2C9694B198108B3E74
          SHA-512:CDE4BC4FD8489E4421C9CD78F5CE3FFB6A7277FA3C33BD31CE13923AE0E70BEDB68EB87B7A0345334F4D7467FB5333C22AB57030B37C5458A8E44B42378A9785
          Malicious:false
          Reputation:unknown
          Preview:<?xml..^....Z.m..w........%J....=n.mn2...<.-...f.>.A...%...BS..a..P..dR......HS...z.)YZ..pL......-5..-Z.q.W.:".....E.....im..`kk..-....h.EC..@c0R..N....?\.F...Q...*....l3..............m..e...y.."Z...0.J......%.,....n5.6...J.z..FA..NO".......1...DLOC*..USS..J....P{...E....C.6C.......w.d.@...Z..a.W;.2.sU..]+...c.o..r$..'.:....L.t.....;:.........AG!.%....o...RZ=Kzw./.=..0....pL.`5.3.n.O.K..9..V...Q..#.'.:b.....r.m..OvN$...*R3.zV.H.%.:/..K.H...$.....k.&r....BpK+...`..x.[...2......&E.M..d.&y.B~pL,{.0...$r:uw5P.)...</..E.i.L.|...f*.3..I..f.@{.._.[../@u*:|.P\...oq....0.`..8.t.V.(O.e(}..J....N....[.6v...z..0....|.2.7...'......x.]!..}..3w...vI.)...x....<...l+..sO....K...I.S.K..`.v...n..4.....v.;$.5...C..j4...S.3...J...CbO'.Y~.,A7"]../sN&..t..W...;..p`l+.Q.....T....1.J..*._..8.v....)P...._...U.Y...........Yra+.z....E...........]..0..Bpi`...-Ctr.....*2.:<i..=...3G.....e.Q|....0p.S...........=..X.eQ.&.-......f....i.>.G.}?j.*.xmR.q..h~

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule68024v2.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2007
          Entropy (8bit):7.903540058300934
          Encrypted:false
          SSDEEP:
          MD5:1DFD270601E8D7380F5623E43EBA281C
          SHA1:FDB556B0BFD54BD151B5E542223FAEE2C2D0272F
          SHA-256:55559B5C4AB8DA235577D8FE27F6D825709AC0ACE713411DD849FF6725F20733
          SHA-512:85F76484317EC00A5C7717F8D2A20B01F283437800DC7A12840888EC2510EE8A140B529A1F0798E58353C68C3BDEF02D59D0336FC9D5908C7B7E3915DEA00AEC
          Malicious:false
          Reputation:unknown
          Preview:<?xml...l. \.;.i;.k..}..W-.|.K.............@.5..=.9x....Z.D.......).x...s..g......y.|O...]2F(.9.JT.9.~........s.*......0.../..z..5.....q.E.1@m..h...]f..3.I.[...~.s.z,p.....].r....=i....l..P6......7+-hJ..Th.|T..S-..~....n.....]w...Qt/.g..j^!.P..=...%...#]....3.....;2...XQ.......r.%.A..M.....$).{..z.....X.........c..D..b.3.".R.,.G..*..[..y..,...5..^.z.=^..(....i.MFF...jQ..1F%....G(T...[.5.{......%.l-.p.x.I..=8@..........U]]...R.(....i.u4.h.&...=.A*!..1.&.".{s..[..6a....S=......O........g.t.. #!..<...j..Y.EL..K...WM..#.\.:KX..:..;..;Ua.z.=...Cy.*N.w..2+.C...B.0{.c9..z.......]...u.n.&..t...0.t..k...</..vC....j"..Z.^.....G8..z..........U...]...`...] .8y.G..n...n....2....+..7Zl<."e<.D..g.....1..h6.h.I.2.."L..c...4....D.$l`.....H=.H4#.ysG.zL.i..ER9.\.j."n..U>nr..'..c.7J.....N...O.]..D.rM.).w*Z..8.\i.K....q.!Y..g.YDq...z.N....'.I.0[.....C.0.2..ND....._=.>%s1.2....#...!:.5.......j..G..7.......J...\O'..Y....c..O9...g......)o0.5M.....Y...t..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules\rule69600v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1376
          Entropy (8bit):7.871785174862253
          Encrypted:false
          SSDEEP:
          MD5:904F4F8BC85A83BEFECD3AA8BD7F232F
          SHA1:6217E5131E1EA4E12901A9AF49B3CC2C95D98F2C
          SHA-256:0601F7831E9EF83E744BA902A9817AC4DCD70B1D46E5195B30226A52AF675171
          SHA-512:CC05AF12CF00E46F10240167BEA8C97B355FEB4CA9686699B2F872BF2777E71F795D3632A9ABEDE261B4072F6378A3F5D2E5170AE1EEAF47B1D9D26BA35702D3
          Malicious:false
          Reputation:unknown
          Preview:<?xml8PP...|n.8.Q.;.W.H..5.....Y.dy..B@.6....=...Q....6...h G..4!3T......@. ..j..v.....k.....C.......V.....tC.>\.#.P ..>H.mA..-`}..g...T%....y..%`.=......@:...~.g.^.?.j..C..CR...za.......9...c0M.....~.9.......s...n+z....H..W.%.W>.8.jY.j\...b.oUJ..,...b.....m'K...L..Y...)C..Ij.Yu...;]..f9[....-&....."....M.QuO#n..(b.F.l....v....0-..EiR.f.......#p:.. ....Wm..zT....+.c!.2b.#.3x.....}...ET.....O..tsk..0IN...n..~...y..:.l...g6..._...../."..!....f].,.`..o..a..T..Yp....q.e..Nd.!U.a...X......]j[.M.j....t.(.......Q.4)..AV .XC[(..U.AFL..~...MPv...`.-......r....C.2...[J"s+..1.Zkk..u......N..il...*.L.[./.,....].*E..... ...W..!|.eQ.*9%k.%.^;*.4.Z.._......r.F.VqX...b......g.s7oB(.|...)j3....^[yP....vv..8<f.cu..n>...d...J.k..L.]2..P.[r..>Nhh......"..3...*...?~.5.u.p..U...]S.6.-...P'......$.R...!..W~{7.R.."/C..,.'+....)....Ll.F....t.......H..<].._>.l...J.Q.)6j.....Y(..R..i....r...8.*..zei=....^AN.E.'.....=Z.1.t....=.+&...,.$...9.~%......O..Nw..zo...;..m

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):361051
          Entropy (8bit):6.514889212920468
          Encrypted:false
          SSDEEP:
          MD5:5C11E80EC8F979E00AD88BA9D8B44118
          SHA1:F2A5BFC672A620DA6E1A6F1987293A9F983BEA98
          SHA-256:3D938D0B43E18FDB789E73104E952889ABF47A9D1CB8357F246F0FFE4E77A1DA
          SHA-512:B527139C329EA70E2E36DA002432C0FC70695ABF8815074F3FF27B36B82C706A594ACAA3E93DD59EC267B529048713B5ED3EA0DFD093B0AAC13776170FD084F4
          Malicious:false
          Reputation:unknown
          Preview:<Rule..(.."G.Y..n....H..q.y1.a~PZ.+.A.}....EcbCKwl...l..wU.q...%j#..z..G.6"p...).?S./Z. Apa.`.f.).h....l.{..'v.Z....0...'......^......js\.(.kjx.....).h......!x......f..<.....Dq9{-..P.s.tc9.I..k...w9G.~..w...5....g../..R...i.b...7....s.-a...&\.9}0....oz..3....Hp`X{.....P`..*;uI.:{..[Z.;...-.O.\?...,7.$.zM~...lp.c{F../.q-..n.....nj.7W.|PB.l.O.X.s..)........>.v.b5...!.2...q.....S.u....{g<......k.wH......:+$._T.`!...A...8uX... ..zx..l.r...E..5\...dw...R..+{:.!..B.........c.L2.x..B....-.bp.f.5..,...(.[.#...#.9..B...^,a.n...$._.y..>6w[./;...N..]....fc..}..v...Ic?.k.%.."H}z.!z?.}..)..9.F).................Ipy...FY...':y....]h.S...V..:&N,......)...b.:(.V{'....W....d....tB]...i....^6&"z...T....~..Wv...r..=..xu.w,....7^..iz..FZ....G......L.9..f.e\.y*u.r.:...`..Y....i._..WD p.5m.p\.........3.G8.........l.+...bG......&V..f.RQ.i....`.5.$.5-..5...nQ....!..;lC.n.x6w.".....P8]"....[W)....R"...\e......9....dqrI.\[.b....E.=..t....Hl....J..I..H.b....+.......j...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700750v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1710
          Entropy (8bit):7.870773548389021
          Encrypted:false
          SSDEEP:
          MD5:CEA8B16E5DD270F2C1CEFF5466130A38
          SHA1:8344F6E8BF9E37CE5AC8305B8B45189AFB5797F3
          SHA-256:89533C317365BFD0A09DACB720500DE05AD0A006C3053631167DF16BB7C133D0
          SHA-512:E168175A9FE89D4099311774A73BD9E02E6C6E91F7852511128AD143FAF4495B3D6ED08AA1FB42520F42726079C7AB1E1100AAAC6D40985816C29FEE5B1AE1BA
          Malicious:false
          Reputation:unknown
          Preview:<?xml...]K....W&x.'..C....Y.4Zf.*J.....4.....f.h..P.0&..,|....U...j..*.1C_..4.`sGq..y;)b....D-O......uf..7.*.*z...{..,...L..'1._..4...D<w.S.+..f.lNqM.|D.T~..^a.L<M.....7.KO...ivQ....ggW.u..Mr..L..t..].*....*........sD...&.[...OB.hxC..X!..J.7...l%v.......,5....".n6.s$b....*"..VY:Z..$;.......D ...hA..Y.../.....Mt....{C...A..)]........[....Z.H.....K".wU........`r.U..O...........6:..^...0....\...H>..5.%.yX...i4.......(V.C.a,d..&t...O.k..:.T'w..E5=.....V.To.a\.L.:jl...3X-..S.X.4q.!.d..}g.M.p...\....O....i.6...#.n7..dz."j.jW..&.E....h.`.i}............-<y..V.ME}!....Z.DF..s.hK......$....[w..p^.O...^.Ve...-.M[W.S2.F8d...J'....@......c;...h.Q.Dl.Cl ...-j.].U(g9{..k.K.+..?.b.sv *........Z...8x..S..:.....;..M..^."...%/.....XT.'.n{....r...(..LL3.n......Ag.U.~=6D....&HfC...)|W..m'S.3.....U.|Z.1...R..|...gH`%B......K...G).d!@....m%...Q.P...W>......0LP.b....Nj..br..(..8.!...H~..C.G....+.).@....44.C..K.W.X+%..m.A.n.>.8..&...s .<...[92.,Z....1\........V....k..D.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700751v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1747
          Entropy (8bit):7.899334444815404
          Encrypted:false
          SSDEEP:
          MD5:37781B50D387B53231CAA15A502C6CEF
          SHA1:C0F8567DFC8A2F9F53F09297B6AC739D40EAB2FA
          SHA-256:10F525D4526322DD0A4CD708CABB04086CC716D462D130359F086C18D651EC4C
          SHA-512:BC1518B9ED8E3152DEB567C2FFBAB2535736CE7194D5909C425CB5596508B4CD8DA607D67A6878E6C5F556824CEDA9545C9031A8C2F7C0025BB0532EFAB5D628
          Malicious:false
          Reputation:unknown
          Preview:<?xml[...g/&'{R... |LET.r2...g.'....jV..S.w......./B....H..r....e...v...{...!.~&._t.....w.^@.B..i...yVj.&t..C.\XmN;..@...kJ...b..;..!.Z...jr5......G.2=....L`F......FJ-.3.+L]D.W...~.W..\.>p....K..d....L...Q..S]!{.{1;.....yg..i_.U...e..+.S.K.F....!.l..OA...[Z.s.#...Pu.8K....{.......50......s...f..~v....ohf.2..V^D=......5.C...sC...n"E.).s.uG.QW......p....N..V..]Y...#\....M.o.....!..G..5f`....~i....`.. L.[.S...1-|S......r...Y......S..V.L=`......../....B.b.~."<.9g|..i4=}....P.sS..:....Y`...:.D.%R..;..L......AG..R>.&p.....g..~...O....@hVPkV...CE...3h..........'8....X..[s.......v.|...<%.M|.a.........!.i...=.Z9.F.G.....Nd.e=.....#c}(.[C.....\..?...B.....5J@HC.:*;m...n>..../W....6.N.Y.Y]....9.i......'...LZ.h.%.}...u.6...0...>*!x.(y)W.y..C..[..pSA.8>u8.c...........X..v...q....!KLG.u..I.ob.dl.V.u`.......r..A.....n.;...dh.?gK..........TlYW..y..0.L^........).......c........VD<.....cO....G...B<.'n..Tu..yf.Z....Q...J%u#..(Te...F#d.$.:tvse.GE...EW..&[.....i.L..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700850v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1711
          Entropy (8bit):7.888688476121107
          Encrypted:false
          SSDEEP:
          MD5:06307562EA9E553A2895A15363114698
          SHA1:6668484AD4C36A7023585AFC7CDD8C82EEE8E851
          SHA-256:0FEBC961D37A4938EEED9FD34D310768FF39EBA14735955D4741AC0A2A40B9FC
          SHA-512:C29163C5998264BB301557A4383AC8C0EC9A72B0AB7035FD0A78F11F81F87B9AD699C7ADFECD49190590808781FFEABAFE6F7C56C9E818D4002EA9D98A7CAC78
          Malicious:false
          Reputation:unknown
          Preview:<?xml.B0./.l....?& ...C.....2.a.n..:qk.g..\.!....f.|..&`.?;....,.aw..54...a..`q..~.^...C..o..+......~X5..G..kD.Q..c%?Y......f\.....m..zh..r.l.`.4........M.&.<.j0?....k.. .,x...S.... ..p.HV.(...N-TA.....$....t...(7...D......U.Bv...)..)h..F.#..Q=.........j#...C....<8.J.3y...2.v._...yLK.....A..Y.8]....x...~}..#"G..... ."7>..8r......Y......U...."..`-....71(.k...i.Q..|.g.h*...@.Y.(iM>..W.f$....NI.5jr....R.A...S~'m<J).v...U........I..ap.B.r.E/....w.....'._=...jd'F.......f........D.....SIh3.E.}.f.\..``.D%.#0.'A..U.J$..?q.0......&.....U.....EP.!. ./.{W.o.. | ..>.....@.......Nd..$.9^M... ....U......1. .yIou.....*.............z.5<BKm/.m.F......B.e.N.c.D...\...~3CX).Z...p..=.X~..Y..X.dt..3.v.9d...=...U-1.....-2v.S.)..q3..;M^....0~u..e.......k....?4Vr....`..W......F.r.....D....B=.KA..#?.r..s.S.V*.H3..../..IF..#....U..2m.D..k4Bg..T.!aC....!.te.?x.....$.[Wu......U,..q.{. .zF.<.H..E..w..N..i!.!..5.FDS@.J..QS.Z.@.5...p.S.,.q..Q..5..a.=...#`.390...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700851v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1748
          Entropy (8bit):7.8921474163804035
          Encrypted:false
          SSDEEP:
          MD5:498065BA673F9EFC4206F65EC2A1691C
          SHA1:FE51DD512BBA199296CE0BB5656A0CA33236554D
          SHA-256:CE2257E58B95B8B08C0146FC03136D621D000772B4A5A949217FF6DC97F67DA3
          SHA-512:6C18484C58190BA0B6449903C212FC1CDF18BE8493EACC5C3FF373AE5B2EC6EC307124DA5F5E0CEF42CEA355CBEBDF3C3E64EA12A00A371901B3966964F37A04
          Malicious:false
          Reputation:unknown
          Preview:<?xml....!=.+....9.....t!FG..|k.>@.}c.d...UV>.7...o..Pv..@..Q.......P..%..5.........~...D6.....Y} ...rMum.s.D:....`......n\...^#.>I.....P...m.:>\.@...Y..1!...Ex.K:KEWC.#`|..(?.a.&:..V.L.._..Xg...k.Y...C...4....X.al...-.n.........eG.q..mI..V..Zi......:Bk0...It,w._~....6zz....Iuje..R.(K`Q...f#..FT".......Ly..[..=.m].>q..ZX..Zcy.g1v....[...`.......a...>(.._Y......1......`j._..s:..+.r..&.Q..&3Wm.....)27s.N<..e_....@!Qn....W.'...^S.a..'W?.../..udHp.....?....3..h..^.(...v....%h{H ...G..jR.n...u.UI..Bd.CEa=e.c.Z8.7.....x....>..8.`}.^.A.0/m.J.~.c..j.A.~.~l..L..@hY.......?...%]..Vl..^.6*....p....Z.;..O...+l..8...c.w.L.Q......Im~.A........"......gC..AWL...jR...Qe.].X.D.U*......Z.........F.....o.{.$..}..U.t.I...v...0..3.4..9.u...p..;)h...".!.&u&..).N..D.|.?.P.Z^..l.h.....@.c0.m0_J.c.doF...V.9..t..V. P;.b4I_@..}.m...x..r.M.c}..)...F.C..#.'.5l....0.S.<....L.,Z....!k....Tz}:....8._.|.Vy^6. .(....W..L_4.|M....t0..Z...Q8.q....*w.V.........q...#W..>...U..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700900v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1704
          Entropy (8bit):7.8799818281334355
          Encrypted:false
          SSDEEP:
          MD5:E4019E7E524B46CC9282F86A6D6DFE60
          SHA1:85082233088AF847BACE18E9A027EEDBC2783EF9
          SHA-256:BF7BF110D3C4D587F7C602D00382A0D8A189DDA4888D5BEE8A760A91951992BD
          SHA-512:990762A04E3484E9C6932022D7F9273EF95DCD6FED4B46A35091BA65329DEB7D21188344F2A516EBF7AEABAA22B0276F7A349AED91DDE5B8AC1AF268FE78933B
          Malicious:false
          Reputation:unknown
          Preview:<?xmln..1..i...0..\..}..o.......3.Z..z.N<.5.....X..vG...a,...3.`&.....V. .q..u..v..E ...I...S.......I.fQ../.../&90}4.5.....%l ..*...(..#...y....%Z..;.!...2F..7.o...ew..@...[.......i.|.1?.....a%Pp...3..O..t....*.s:.6..^..&...|.. {.v...7..i...Z....f.@....7. .e..\.4..P..4w....T..TA..=.,F..o._..0..f(.jL.k.]W..f.R...u..e.....n..'.t.Hy9..=.R.... ...|uf.n..[.ZG.j4.l...~.#,R.nI.z"....D.'P[B..s`...o...).1..!..K..{..T.......Y...F4n..,.j.0..".....%../..NV.+K[i.j<p..@`..5.[........]E.s%O"t,P...Y.<...~.63u....&..n..d..m.....20..OB..$f.....-....c..Nw....U..m..s.l.+o2..[.K).r....#.@I..b..J`...x..k>.=..t..b.....>..1=.Bx.N.vDm..Q.-..1.W...o..ADi5..Cz.3x..]..iK.^-;.".As.....M....W..\......>.....dv..>.&?..xa...r5BJ.. 5Y:p..l|E[bb....+...~....,.+....%.x.....%Kca.<.MGh\[......YN^J.-l..(l..._9Y.G....3.......}b9I.G*..-.D....k.hbk..s[.A.o.^.v...-.S...:.m..2.I.d...e.W.....T...rp:ZV....z.V.d-g..{.].j..bl.1xg\'u...m.._{.g1{.>G`...i.....L.......Z.....j8

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700901v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1741
          Entropy (8bit):7.877248959749562
          Encrypted:false
          SSDEEP:
          MD5:6B7D514B5B63D63E151E3D9304B73BB9
          SHA1:8296142B80236E5309989966C33F0FDD7F9AF857
          SHA-256:D01D562A4872C97D9EF03980844348ECD84326085686F3761F2C7A96A0F134B7
          SHA-512:DE3F854B2DA86E6A424D82A822945C25648DAC21995CB1614C40E09989CEC13B19BA3825815F7CA6B813C349AD32B52FC7F45040D692DBFC9A707AE9BE53694B
          Malicious:false
          Reputation:unknown
          Preview:<?xml.;.+..R..x.=.}a....N.$.-.E...........8.....0.z0y.....W ......:.t`jk..g........%.;F:D..I..;X..y...$m.c..W.......c@....|...4|W.+.=...8`L.Y...%.{....Xc....n.<u.F.D..'.J...0.1`V?.O..:..N. `X..[...h{..:.BP-g.\.j_.m..8.I..N.5..'....6....WO....?.d..-6D...CO...Y1.....be...hPe.].q.....D..%.I#......!.N.........R.M.|.x.j\.X..=.._1D...x.'...~.T..0.x4..1..Xd.3eI....%Y.#7...X....Wqk.*.....z..Y=1}(.".....M..@O....}../n9.....,..c.....\.Q`9.........4 ...'1.K)...$>....$.5.~.....w...PU.Y..@..P.3...$..a1...'.D.>.eX.._./......k(.......s..E5$".....+...$.....-s.U.._..y).Qn..<..`..4...W...1I1I....{S%.g...#....Vh..7..O.H...?yW........-cE:..../.+.1I_...7.-'......O...a...%.....U[..*.X.$.-.....q.-.]...B..?H.M>L.]..Y......i...H..T._....e/.@..j.lq.....a.,....E~..q..........JX.g.^=U..?.;aQ+#.pZ.......:UW!_.!.Uw.V....Y,..Y.^.tx.....+...o.Y*.....~...../DJ.....0$..V.+..f9...9.......e.).. 8{.......G...........O.....&E.I....{.[.5.[...E..,..s....Z.<..........+.5T:

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700950v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1702
          Entropy (8bit):7.883857995989317
          Encrypted:false
          SSDEEP:
          MD5:4F3B9ADA20F70F6789653A559F0680BC
          SHA1:490FB78669F262F8EC19877B6F52C96C19FD434A
          SHA-256:5C99C70E2A21447537261D194127E47642C36C11F95CD75B3A0F0634A0799E29
          SHA-512:0C117E65F1418879667D27544B78716CF4D09B6FED639E73D68C35E896A6D6DE5BB4B0667F651A7D260B56D60D8718067207EFE3E183DBD254B2D77AED468ED7
          Malicious:false
          Reputation:unknown
          Preview:<?xml....;"... .s.Wp.3n...5Fg.L..:;-..........)....X....m.O`.......rj\....&...|...|..RL../.U.B..dT.... .UH......bQ|..J....sD .H.3:...y`_......A...`G....@.. *rA.#......&.?...M....|oFRZ.g.G+..1/..V...../....<.TcE[K2w..gT....._..&oD...b..so..;9..J...W*.0..../&^r..7M.........To.c.>~1.......:...........K(H..6C...H...<......U@...i.....7Q<..6...S[...c.I....'y.......^86tJn.#,..#7A....3..n..u.g.5@..om..%6........O5..f<k.>.'.$"3...@cL...O..'...K..;..G.)Eu..$.kh...t],.O..)....).Q..l...+..".E.d....D..+..b/.`..d.^Ej."....5D....K..].".2....%.8\.~..-..%w%.s7._8.%.E..w.w....p..x^.....tc..p...`.wgs'.......c...cGP.6....F^..:..e.....5.......>;C.]...P.|R .g......'.......F...1`..6.c...Uq|P.......=...m....n....N.......Mhr....6.r..c.. ..(.....].i>Y.^.}.j_.H_.K.....1g....F...5..OZN.v........aM?..S- .....cD.V..MU.>.....B.!Q..m..f.5.G 3?......?.Vk_....Hl6.!.....+....U.].#..Y;Qw\...K8....f......J....hA...!n...t;..U..;bw...3.IF...&p..j..=.^.....MM@.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700951v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1739
          Entropy (8bit):7.878813987841096
          Encrypted:false
          SSDEEP:
          MD5:93A232E50F99039AC2F4164EAC374473
          SHA1:65827DCACF9BD5106AC3D8FCD34AD92599432A2E
          SHA-256:37E1CEA9C9ADB80DCACF1524C6E3A25D758992A83810234AEC87EDAABC271DE9
          SHA-512:CE774FCB97D57D05A7463CA3EBEEFD2BE3342021585453D5789656C564B76A038734235C3BE74CD5EBED54B2CD099577BE7741E6C14D5BBC69ADF22FCBC8E39F
          Malicious:false
          Reputation:unknown
          Preview:<?xml.+.g"....r:W....`r.q8.k8..!.Z.0:z..u....g.J.M.m.=`.x....ub.....y.Mz....].(>.....p.!-4i..9B.Z'.....u..t.9.8J.Qw.j...c............^?.4k.h..fLO...re......X!>!..(!.$/7.'.\.CM..<..Q......7..t.Q=.1....SL..~l...M>b...'.OKd.w..!...+../.....g...Z.ZDD,O.i.K...4;.....=.A.'C#...$.........}U.. ..PF.\<..5.r...?3=..D7j...H..T..KG=........o.!M..F...6..../@..:]..r.E..X,5......^.J.~Q.b.D`.....d......%...d....6..W}[.4.k.e... ~..9~<CP.f.o.....w...'..=S....D]h......@..[.h.j..pi.F..`S .....7.3t>.G^..4^....:..@..=/t.i..A....OE3....l(!..:...].....XE.!....k.[..#G.|...:.]...........',.q.u.x.r&H.v......3.3h.H.gj..81..0......R.u.a..vP.}.U.`.....Oh...a.....h...?@.E.,(.p.|.0.9....-..Y..Z$C...e..~a.o.0hb.r$...L.^.EV..W..YB...rL...............*q....[].-.u9.W.N.T...OS+Z.?.L....7....$+.^1EX&....].@f_.a.3.......B.<...MPS.x.H....`..1eC.G..y..{.{Z.w.5....6.YD.^.ikp...JI..Q....U.9e........7k}6.j[..B%. y....[#...03...=.............|..X.(._.?U9...6...]r.CN.G....HS...0..=B..T...s..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701050v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1695
          Entropy (8bit):7.884094581563777
          Encrypted:false
          SSDEEP:
          MD5:ED31CBFFF0DCB5C6E8BD4791CF0D904A
          SHA1:DC8E08F9ED6F09AFDED46CB4A0B797410A80A609
          SHA-256:92BA061CAD7E73A0E2FA2B38420308A11600C49BC15528EAD71D03D5A93343AA
          SHA-512:A7F6B64954B4956E6CFE30DC81649549B3CCA5DE90EEC5C33C705F6671D2F344F74D651C06CEED577987C96DCB86E6700E7165C3D7F0C2C9B625CEF17B02F674
          Malicious:false
          Reputation:unknown
          Preview:<?xml..~n.8.w4.\.....Vh.}..;P.._)G..A....T...5.....(.............ZkZw2...n..k|.y.u.v..p.j........5......p..Gt.z.=~..#.RIS=...7.O.@9..(J...l.Q.5).^b.s..t..\..}Y*`.......c.p. ..s.......C.4.-U...Ku}........C1Cm.dY...[...R.}..VMO...\C.l(.odG...!..n.....I...s"c..K.Wn.u.....3.......s.z:....6..D.pf..Ci.h.0...$^Q......;....+G...b.E....&l.3x9......)j..(....G.'..4..-.NW........X.u.#)..9..iyz.8>\A...R.'...hw]|.gN..L..G.)s.>...F...W....T..r.....?..?...}.[.}....ehB..f.l....,.G...p.>..|...{+h;.L%9.{.y..7..IX~f..`...V.u...Y@..)e.G.w.......].E.q#MV...Q.1....X|. ...T.J......A.....=.Wi@...MJ.9.-.+...;..q.._h.]..+@&J.%.n..5..cL..d........m..W)..CA5N........L..&..E.C.."-......9..i.z.|=..5.....:..[...zX.Z!..`...H............GG.......J...#1..fc..?.h.E..(.r~................*.....m..?m.....3d.j!.............i....+.b.....)as.i_4....;...... ......!...=@Ej..L.z.O.R.bf......w|....*..i.0.X..6C....a....x.h..H0.....W$w.p..N..R...t.)..e*Y.].u.+......&.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701051v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1732
          Entropy (8bit):7.879153824171266
          Encrypted:false
          SSDEEP:
          MD5:A3D5BF2B577D8EAB9FDB2E43CF6541D4
          SHA1:9311E34E82CD60ED6CB61719F4662F28B7DF3A5D
          SHA-256:769B32984F0F02B7E0467AC13CD9E3BD8924B1AFB3A5B83C536A99154BA91686
          SHA-512:D6EBD496491474D4406D2E255D2F38C9C3DF04D86F1FB1E837887AA0D631DE7EB573BB0FD281198F78B3759E78FADE888DF763B0DB65173C63F8F831BBCB2990
          Malicious:false
          Reputation:unknown
          Preview:<?xml.6....1...5......{..{.$lG.,b.#D...7..._h.b....PR....p....4.4.....D..CN#&...CT..Jv...;+..7*..WG[.;.o...c.B...8....3..4^..Z..:.oa..L..}..Ly...d...*...D...]....^.Pn..S.Rpg..K..5...[..d....1r.p....'r*...Q.#.ZV..P....._..."?#..g..M.V.A.....B.H.R0p......x....E...7....9d._......I7..Z.q..@..+g&...U....,.H.<3.....%.U.L..)/..)c|g.n..g\'e]A.;0....|..,;M..C..U......L.yl.p.....'r.j..........9.K:....;...NH...%*....v..X..m.2g......>`{..j.ep.^....t...<0.'.P.....,.%..}9......I..?e..CP>.424$j{........g..z.G)....4..6<H>5....'....7.<0*%..,!.A.....B...\=.QS=GT..m6.A.h..."e..dC2.%F..:..l.@..8&O..d.......;..J....l1..<2@}..{....3Q..~8.Nw...,...<.J.I..a..Y[P.K..e#.13&..7..9....S....Hfuc.a.iQc2&.A.z..9Y.F...Xl...=...J..3g#}.`.gD.......n.Ld.`...W#.3...|4..NP..Pm.........>.4X....f...{Wq.....F.G......X.V:.31]...a...y.n..%pd ..H..m.ml.-...G3wZuZ.m/.q.f.pY{<....~q.B...F...<...m.I{.B.Rf.3.;,.....V.......%R.1....".`=..&.t.....;C&w....]..6&q...Qq*.....tc../

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701100v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1707
          Entropy (8bit):7.864351814276474
          Encrypted:false
          SSDEEP:
          MD5:F0EF764E972FE25F1E0237975D9430C3
          SHA1:CC5EA5430A5B477A5D8AFE2700AC6238B0A81EE1
          SHA-256:EEE101FCD85A5D3C7491597B1FB5A463723397FE06413669767186A314ED3F0D
          SHA-512:F10516A22C6216526DAA01A50865805A7E74FBE6BC5933CF586060D32695BA017A7E6853F927465D1E330D5FAC97CEAA702EEACBCA25C3E00F693CA836985B09
          Malicious:false
          Reputation:unknown
          Preview:<?xml_J...@4+....t.>xVT..#...G)..9..@...ya..q..B[9..^sU.......i.%..t.Z.$M{.7.1.R<M.F...5Jm<..... .L.W\/.v....z...bC.E..K.11.w.X.D.x"yf.....N..)..U8j..dHG.....{![.i.s/.@!.eG.@...).0.....AT..:.hi...`..UL.....[..-./.._w1..LU.l..7....y..HU.Z..zRg9...'...'...[H8.:l........v..&=.m ...#o..u.0....M..z.....t.N_=..)....0?L....5.....r..9l.}.....5.l.45..4.J.U0...lM......]_$..{.....E...QQ..i.<.L*.G.!......Qi'.....o..IU{.4B.ts.b...e..[B.t8Z...}.F..7q9....^.c.b.pd..U...%....K9...Yn..G.;.....*.6......<...=.%g.o..1...Hr...z..j...:..v.^.03.l.z.{..1-.+..4'|:{.....y..u...BN...`.....PX9.....j........L...`.OESlz..x...Xy......>I`.I?p.K...1..>.JC....?.....k./.3<..t...A.J.Lr.....%g..}.U.].U..2..U..:..D......<.....p..m.g.*~.~....%z5]...+.A.Ow!...B_....pk(@.J.Q[..H{...?..}&........Hu...2~..e.w....H.......Q.:...w...D.&.....<...B..N.@.1...wE......3...U<.....3.lEvv@.$j...Z;"k..f.Yj-...J-.hI..#.2...h"bQ.e.......#.].!=-....:-KD...cr{.....).....B...heZ6nKx.t.}usI

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701101v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1744
          Entropy (8bit):7.8908745715032005
          Encrypted:false
          SSDEEP:
          MD5:7A75D7E55BBBF9DB03E4E8CED23372FE
          SHA1:098FD4F7553434E0F797161FA13295023CD21C08
          SHA-256:69567CB3678337587FD10E4275D78E54D9648B972A1DDD450881E6ABC2501ED7
          SHA-512:D14B666FAC34B6CDE9F626C8C2F644D383A2DD83DD0E7B804281EF7A9BF5E71531130079803DED8D7690B5D2E2EA77551DA6E9B2F51DD49688FB23E49A10DD9F
          Malicious:false
          Reputation:unknown
          Preview:<?xmlv..k...]!.o.y~..cGm...v.#dn6>.>..Y._AM...u=.{..N~U.....L_.\A'.A..l5..;.N..7,.X.a........W....o..o.PJ..k.q.k-...pH=..O...5.UCl....*P...C.J8..1...R........o...!..s.....`.*.W...fi....a....7..#..K-2..=.J....{8b.h.h_y..m/9..I.6p@...8.?@...(....bR........+Ce".OI.x.......4k..7<.j.ugs..a...~KC!..".E/B'.|}r.!.......Z.i...(...R.........=.........`y.m...e........]*5.e.+.%L..1...}....}.`..cs....b.....6~0t.y9..m?Y.*IeJ..]j..?9J{..Uy...n.^.....<.r.....J...5..@.r...0n.B..;....*!....3<.....i..o.......k:.R.,.u.......=..,~Q./Te...0r...Rx...<.V......r..j..|.Y.~.;'...L]......*&......kb"..KGS..,.D[.(..g......(#^ .W:=..!.S+aA;..L].Lm..{....L..OR6....;.....1K..`g..kI.4!z.xnUT.D..hGb!...6..3.$..=.U[F...^....RM.......XY2_1.!...J..}x)....g..s..{..?.G..1.o..J.a.....t%h....4Z.........`c.....X..=..lW..|F.$.B.}.._s..*.%..?A*..v.....o.y..$.c_o..@..=..xC......t..J>.ty...v.SB...6)R.........u.dw...<C..r.|..-..,W7.....@...s......".x..A..]TG..>.4.5Z......<i...J......s.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701150v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1697
          Entropy (8bit):7.888811918527632
          Encrypted:false
          SSDEEP:
          MD5:69C9BC80BAB4F5A371C3E2AE1FE92516
          SHA1:36836EF61AABDD67F7EB9FD22FF2689D9188BE71
          SHA-256:5275D009A5F9A794241AE4559666C661A2663F2FD68DD1AD8AA58C453BD8E24A
          SHA-512:A93C64202309E0A77E777B50BAA160ECF261D24B45B10508525C72C0DC73A0BF6842288FB124D1C81581B4E2D8BF1F8A833738BFE3A0B228545A1C23F58E5184
          Malicious:false
          Reputation:unknown
          Preview:<?xml^.7Qv....Ej.....e&:..d'?...I..0.|v...t..L.d.....W.Zs..!..W.0;.1f+^I!...m.k.).8!):BZNCO...-.....B..~.B..|..#.#....g..f...."=..@....u..?*.....el.x..W..._2w.L..A...R...B.?&.....r.Y6...,...p4.U<.>>.8......^..M%...c..qS.z.&0.....}B.N....N...CT..?...4Jk.V.\G....E.]T.T...1.xc.f.\..<....f|..u..k.M".h]J_.a.d.|,..H..e.a.....R..k\7..J...a.i...U......?.%.!M.>.(......2i[..r..u^b..C=...$..0....Mr...n.V...,5._.<..>/c|......)Z.UX{g........J.r.n....i..*..G..@a.....F...T..e@.t....y(.y.......7.;.....`...YJ.&.P8|.@4..*...UJ.e..........l..........9.D`...F.0^.........j]. 7.........N.....^}i.Je..n.".....i.C.M.Hl.........n.@q...Q..Ga...&..-...lM?...e.+..`}.x....n.V.A)-.k&.B0.P.\.........x...F.+...V......y.....2Pm...l..V...Bh.......k..L....5...._.@.....).Bi.P......G..g.....!..s..v.....HaI.eT..7..Z`A..l.1o.r.]...W+.m..*.=Fg..{.3....ZL...W1......j9.w...e....=[..*}\2k".....f:.0.8A.._%.%1.Gtk-...Wxdx..n.lB...n7k..Z*$..J.&o..{_H.!....q{0....x..\y.=.[...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701151v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1734
          Entropy (8bit):7.906777686100745
          Encrypted:false
          SSDEEP:
          MD5:6715E7FE8C000B99C09B17C080A4F6AC
          SHA1:8D87CA9EA2605AA6C3BF11A4DDBD7F41EE0814DB
          SHA-256:94043B236434F3C6CCBB38C94537941272ACEA9D598984999BCC8CC5CFA72CFD
          SHA-512:5CCCD18B4CD5B8F31FE8F2D599964D5940ECC8C578DEF41CD543A9EE4951EF45ADFD4532EC9E68BB6C6D1D7C495B76E3BDB2587CA66682E4D54C77C56C55EBF0
          Malicious:false
          Reputation:unknown
          Preview:<?xmlr..6zE..EUe..4..g..F...k.'..P.'...P..W....`4..:.vK.\.%}.E......;X.@.....-...o.L`....q..u.F.m.l.0.u...y.<.....SF.aV&.I.....`..O.p....W.8W.<....NK.C.T..xx.(,v.!%&$T....L.z...@$.......#...eC...@~..K\..............#F9.......+.#.1/..!......Q...........x.L.F.G...+,.+s.........%...0.s.Y................93.s.>..;(>...#.6....L..9..p..D....~A..[..p.s...Mzr..V.a.. ...i.>.i....Y0...RNC4o.../.l..t1...).5.......l...I.8..r.....t......F;&$.r.z..VY.,.P...8x..u."W..D.|..F.n7W...<vBM....C}.....+.k.....^.vN.Js...6...nw...#...b....8.p..a.......<......B=..F.Y....H;..Y.....x..wS.`....W..w.....|p..6EM.=....t....>..Ahe.."7W.dR,}..2..%].....=...(..J...~9C.7...k.Vov.`C.~..[.<.V..|..P.)"....tV....O.6.S......H...K..S.E..}/.o9".JV...?.../N.........[.W.`R.......v.N%....-.t.bP.Ih8'..F3..j{G.q~,<b.....J7.....mQ.|.c+..Hz.Y.'h.v.G.T....X......&.T......_.n.".?..2....g.....r..,.c....3.9.......~.......X.&..U.....P....X...X.4..O7..n.9;.d.....+..-.....k.../.{...?{....'o.^

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701200v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1689
          Entropy (8bit):7.870348487225489
          Encrypted:false
          SSDEEP:
          MD5:E93984716EAA196E0BA4266273C21364
          SHA1:201F176F204BF2A5AD9A8E9903A02BBFC716F51B
          SHA-256:B866D4E84CCA0E339D495EE88CFE1EE0681627EEA7B36A144FAE88B2E7861200
          SHA-512:2CB9119D8C33FC6FA779D5BDA997219F78CD5F6E0C1F3A1CCF94B4C423FBF0C282437DA0F305E1AD7182BCCABBB1A3F0DAB5C010206EBDB942170457DB9932F0
          Malicious:false
          Reputation:unknown
          Preview:<?xml......z..).P.....|\AP..../.\..i...5 cx$f?..].k.w....$.h.5..p.i....../.Osw....7N?y..........y..%E..G|.......U...eO.o#.....$.$..B2...gp......n..s?8t*..dhcL....]..B.......W...*...?.>$.Ak....._S..n............G...M,8.V..c.eA#.......3d.EK.<.....e...q-....k......A...B.....c....R....uu...X.....v>.....b..$...?...%.........1.5..F.A.........!~/8...Zx.C.<../..~..X...t.3...5.d...uxJ.3..c.Yq...S.z..%...0.3.!H.(N..m.0.D...........&...7..&.@@..@...A..=...}O.....".._......"{.Q(O.%.....6...l4z.d@g.<..;I.1..?.i..Tik....\.?...0.....N.]..x31..Fs....._.>mPn./....f.s.<.6_r..d..R;.....0.....Bz...,9[.w......u..j:8..:x...'...@o.e...........[...o2........W..J.B...2.u..[3....moE.:n[G.j... ..aI..K..~......3B..8..am.wz.#..v.8.ph.40.Q..T.......$V.7._".h........J.-....x..1.&e..6...3....8.8]..b.77.........&Q..|-.3Be.Z.........}....1.S>Mt...tU....[.vb...k.g......:.Y.....x..[...pK....sfQ..$..q8(.N...5Z|..s7.w...j=6.|.2:/ A.B..b.......d...p.d.!.4et-.-0.B.]....;O/

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701201v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1726
          Entropy (8bit):7.899714049096857
          Encrypted:false
          SSDEEP:
          MD5:E70F0B9A125694B694B9DA4886047890
          SHA1:A9A311116881BAE8FE451BC1506F4AF9145E81BD
          SHA-256:092A50C4123BFE3B428E73E5C74B2164587038543DE073A00E36C797FF72A116
          SHA-512:81F255C349D9F92D69A2E4E96AA37CE72DAD7F5735A49CC12815A258992013C5520FEEC85102365044076D648F03F8976DAC71026CA7A0867F426D164D1E7FBB
          Malicious:false
          Reputation:unknown
          Preview:<?xmlhsm..1j.Di....?X.....e..aY+.A......s....\g.g.G9k ~.J`+...z)ep.;...AU..wI>!....`.........Z."..2..!6.X.O..[.O$.y).y............4...n..2.O..m=....d.zL..LE..-.~6..M..I...}..V..y_...w.i.H0..].B.....(.O........x...~.)...._.,.4.=-.H...nv...r.r....i...W.P.....}"?.=f.....!..?+ZRZw.....[..<..,..M...%b..q6..#yt..1%X...r....=..$.9>}ZY.jf.ha|...%..$V..w......02.....87.v..>..-.."..G...P....z#...9.d.]#..4(.......r......V}..hK...M..M{.Z.;..#&.....B.0fi....E..0........8)p.:..!..d..!?...#[./...7"z..L.i...M.w..~:&.......%..z....V.......y:...k<$6...HN(n1....LpP.c.......o|..X6h z...0-..Tm...^.GF..0....!.".]iVov..!T....;1...?.:C../....w...-.U.....2.....?.P.1V@ 1.}....Y.....J..#.........MJ6....{..OwD.'...x...C.P....M..4.O...k".,..#.]..g.V....;...Vs..Q.......)b\...\;...x.....f.Z....l.7..=.)[.G.$.....1y^~o.@.8..E...4.{X.......r...bJ(..C .5R..H...n<{ww]%@LK....)....p.w..L.eu...F.WB]...?...T.k.....@.C?;.J.r.$.nO.^Y.y.._.LG........Na.'.c.L..1t.u.~.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701250v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1691
          Entropy (8bit):7.888147398676024
          Encrypted:false
          SSDEEP:
          MD5:304F776EB7EE2B885ADED7BA80D81267
          SHA1:A5A8DC2218ECAA34BE6351706E9947ACA85AAA17
          SHA-256:74AB06352B654C36ECA48409483998E3FE1DEF5AF4A77E41AEAD5981EEAAFCA1
          SHA-512:69A3FA9A7A9C1764DB793F7A08B4EDCD365926E61926A05331CBF4B7D00AFD69C976785BCCB3DA6093D069E1B06901A9DE583B457483D75BAD1C3B215F82E360
          Malicious:false
          Reputation:unknown
          Preview:<?xml..S....Y]-...)m.4......3.......7.M....z.n..=.9.S.X\`.U..E9&3..6.I..(.|..c......Qxt.U...w{...o...R..u|.<....xOQ0.[U...>...N....a...!\.3.+.fqACsa..W^....T.{....(&Dw.f..1....7...x........]pvS....V..9.I.0n..=....y..}..).h.d...(.]h..dR..l.7.Pn-...>..W.H......;.^........{...2....F..-........A`.`a3)..A.s.1@..U..g[..7...Bt...P.J..R.....1..?.y....j.....0]U....z............z`.Q.....N.....e.f..D./.h.....P..F../[.a-.....P.v.$...Q........M....h.... C..3..a.....Qz....;.. .r.&9....T..V.R....|~..|....f.hG..^9..;./.1Z...AA..I...........d..Bn(.v..zO.]..y...G. .e.o.._t..p%I.J...n...y.|....I.$..."*o-.~.....bMQ.....5...X.....+0...P.j....$d.I..E.......-=.....2^s...w>..+>O.....B {.k3..)b..N[.rK.)G.._t.1......dtG.V.s..n...M.\<::.O.$..+....q....yq.a...;.:..(8.../..B..3.a.{...-i!.D%.../Gv.m.B.....6.k.s...i../....J.L}.5...p.R.H..b....i[d..u..O..9......5.8L..ed|M.U....J.!.OjQb.. 3].;k.T...~q...b`q.a...H.\..l....^.*.OCqu...#.<b.-.*.D.r...Far.W|..s......{

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701251v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1728
          Entropy (8bit):7.907794205189534
          Encrypted:false
          SSDEEP:
          MD5:742FD51C23FE89A3679EEF2F18CD072A
          SHA1:189E0215291BA9778BC605203B090F0FD534C017
          SHA-256:46045DEB5459BCBFC30DF8D81A05F3590DE66920CA5765FAFA4F7B5BBB715BE3
          SHA-512:6FE650F536D0B969BBFB0D6E7D43ECF31B72EC055384AFD2790F85C7C5F6A31C56D090F6DA95B3D21C134173CED057658DCC0C6AD14F3C143B848FC976925854
          Malicious:false
          Reputation:unknown
          Preview:<?xml..A....|.B...J....#....Py..u....].....g..b.r.y.%>W..*Y.8..t.'/EB..<].z*.{;=.u...w...8vK1.g..RM..x..N...l.J..a.11A.:.Q.L...(.A...f.W.%....../&.4;..]~T(%.Y.!/.....hE5T....Gr3($.....,gP......SLd......=.Q.......j>qH......_gjX..^.W.O....P....Q!..'.x.Bp..Oh...5q./q....b~|.....~.../y.1....K..U&w.T./.=.......Fn..|...F....;<.>.g.F...._uPc.Tc.Z.s."..D.$+<... j..$..._%..8...9..*.....w.+Pr.....C...CV~.oe...VX.spD.d"....];}..n&..(.N.^.e...x-h..`t.Fv..Y....r.N".6..}...:_..e=...q.9&..&3.a...+........S.M.V(zF.......M.M%....l..L......-.@.....R.X...J..YNY.;..Kd....].. ...U. .$CA0.2...Is.......R#.#^.vd.....Q.Z.p..;.W.k+N`Bvg*.K.v.:o]:##p..2..Mqk....B~......8..e..,..6 k.5...{....2L.......J..E.Ow...._......0*...o..i..Z.v..v7P..'..!.cy"...j.%11P.X..fA.R?J.....P.:.%.EE..]4L..Z&.h.~.{I.6E.\.,nGq.h".LA.)....j....u...&.....s..0..D....R.........q>q{...U.}{...t../.......D...9.2o......04P..8....zB.2p...dZ...Nr.=...S.f).....d;D.H..7.~.(.o.p6N..HI-.......|.L..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701300v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1699
          Entropy (8bit):7.87993626189458
          Encrypted:false
          SSDEEP:
          MD5:EA687F3736DE63202B1D53988B5C999E
          SHA1:907071FCE34CF0C5FB93FB832E5921581BC797F7
          SHA-256:A870AEAC59998734552B17D53CB939B767984EE4B62646ABD5F4BB222440A19E
          SHA-512:703F1A22638F264C8A7E92932551765D8A73116D947DADBBEB2AC2F3E8B682E20CFF8C54F615C38D0EF8B79E8A8CEED75F61DA5522A09EB8DCD912AC582677A6
          Malicious:false
          Reputation:unknown
          Preview:<?xml.t..................y.8.O........p.....,.f..3...t.., .O#.B.Vr...'.....s.)..5_irt&E[...Z?.....P_...]a......?+..fs.....l@...-.n|^.A|...Q..Ua-.z.J'...lQ.."..-.5..`.'...8K.+GJ......gG.=.p...J:0.....HL1.:H...J;4y....(.....Sq[..K..FD.&.[ .K.B0.Q.....&o.L...~.P...YYm.|L?.R.L.#.Z0.X.c/....<.-T.q.dGZ.%h."C..m..:M.....[.Ul.A..w....b{.....a...%wY.d?.+.uHE3.....|...T.b. .....=.<H....Y....pd.k*.?.0.O..H.p....^n9..oe{.W..R.h....q..2...)}?..'....)..B.X...~ L..S..l.rp..[T.[.....K.m}..n.......W...8....O.t.c..B.."...z>...9..5s........1..E.i..?....k.3R...H..F..MF.D..c.. &7.syk....g..;..[.<C...b.,6..%.+......4..73.']&..E..*6.Y.r...{5.EY.9......<3`3...II.U.....N.m1.&....e.L...?.gZ...].l..z....1.y..u.N...=..........D.. ..78hj..@.....l.....3.... .S.a&~E.C[.#V.r.EpDq.h.>.u;W.e....j.....=..%.>~.u...3QE....._... ....j.H]......>=op*R.@....-..Sf'... ...l..u....{8!..@.xMKqX.....y..`[.....".....j...D..r.<.t.....@q.}.y)M.K9..l....%(..N&>A....K..&yrd...G]..$..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701301v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1736
          Entropy (8bit):7.8829269983189505
          Encrypted:false
          SSDEEP:
          MD5:27823D5A9A07E24432424B7F3DCEBA69
          SHA1:5AB8873880A07BB78F1B8A862F2FAD7C71DCD0B2
          SHA-256:EEC5A5D0768C7C3EED4D8EBCD089711D96AE42CE6CD56BEB82472666DEF39F9F
          SHA-512:BD906CF9AB2EA556306F5A4EBDAF7F26C628C3C39B396F513277ED9836726D4EB1F442C05EAE0A9DC86CFA2EF58D83920D9CB40BB97F1E77859D5AFA95656CB8
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....CU.]i..@].......o>.'QJ.{...1.2(./KO.......g#.R..'..!.M..+0".I..Y+).. .$.0..5n5.v]...Vw...v..l)..s...,O5...3...&.@9.zb..nO....c.f..t.d*..vn.....c.k-...=.b.T...Q..N.L..~...6.0.D........*..OZf1.....Rt.....^...`.._..........7..h.M.}...Q...P./.=.cP.I...).......N.&.d.Z'........1....q......Ii'.....<.t...........G...N.`.G}..7..'.R......]..20.I........'.....(..F....`.z<....B.;...s.u..P...Y)....$-.S.}..N...R.Q.=]".T.VY.X...A..Z:Ar.Q.=.`...%.bX..kK.^....X........Gg-..M...uLO..<.Kk....w..1.E...N.f...ao.....c...r..V...9..l}..<..XzB.....XX.H%H3:...c..x.Y.)c60.p..P.....QK........eq......t..Z..54..ab.V.4.0_..u...r.t...|..OF...,y.z.q..f..u.n.H.qK |.YX.M.42.8........c0..@...#.~...7.'.%y..g...=.W.`...3ie..<tx...J...Z...7&-...L....8..so..p.Z`....@'xa...\]*..p...#...........0,.xj..X......k.....G....)L1.L.lu.F.4.C#z......0/.....lf....[..F@p..Jv.h.#..cA...5..3.....3........X...\....%.:.-.>.:.......z.|.?.s..{zY.%N...%.....xb...'.Z.`.....kN,

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701350v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1703
          Entropy (8bit):7.874375634540051
          Encrypted:false
          SSDEEP:
          MD5:5D1E321BA4043618B7E12574DF65A463
          SHA1:70E10C1EAE14F12AA9083247C18D6832AB530A37
          SHA-256:05C9AD80FA0A6987E4DB816481A0E28A5EF63F797C51DB5945D9378098F28E63
          SHA-512:0F0EF230A8D66027DD390FAFAE3395AFC08294993A0B469A5D84030EC579B88A78313BBA45562F1D1DFC25317F857ADFEBA19AF460E31E26850D16B0581576CD
          Malicious:false
          Reputation:unknown
          Preview:<?xml...Y...#u.._..F.p^.x...l..*..-....3Ih...(.;.BgA....aj.}j.v.y.<.*k..FI.....y?ihY6.....d...@...c..r%x.Q.W.....X...P..........9R1.` ....:...h/%..........{(...-...c.U3.4.E..Z.....A..n..9K..w.S.V.G.....e......|...0..$`.....E.Q..p...U......f...D.U"(..K........G|...Ug`80...\.}.GS...d....E.ZvY.O.tzaO..h...m(#..:6.......n.....<.(6Y..R`&.vx.@".z.I....f..[i.w.R.....,...VJ....... C.5o.+..m?.3N..@E.b......[..B.k...m....0w..v...(.f.D.{..k...x\.z.L...eY..z./7m>""[..^...A`#.|.L/f.u..?....q..i.R..7o........_.Z#.;.O.\.r5.....[..|...M]..p.......F.ak....3...*4..>FA...|mKL...QIw.rF..1a...1.`W..E.OHXxm.Z[..36.'q...#...J..W...~...K..8J..V..=..~.1u.1/[~.........{..-. .n...;.'.q.kR....=..lT5.{CZ]q..[.:.|...3.X..RC.Q.(..._.....qI.1{.fO.m...|.wn,L)..}..D..4.TO.......s.y5.}..m.bD.}...a.u|.F}Zg...r...y.&*..Q...X.vsV.L:M.Sp..P..-B......"...^.,..Ug.D...&.G.d...4J.Z....lN....f.bS.VrMh8...O6.F.X...d..r"$.....!.,zU.....".........<..E...At. %uP..e.`.L.{...C...Wh.....=

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701351v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1740
          Entropy (8bit):7.870374386002671
          Encrypted:false
          SSDEEP:
          MD5:E00F93CFEA739109EBFA8B2D90ACA08E
          SHA1:DC6B1E0F26EAA6ED64544A0E049179DF9DCA331C
          SHA-256:1ACEBD2AF9DE42C2B2838486F542CACBFA6683E480DE0E1A110EFCD4877C3FAC
          SHA-512:9D2A3504CC0D7666E9FD579F6AEF1238F6617C529D394DE3FC8F3C6314837E5D092C5D2E495B80AE215BD680AF0015F7FD9C257CAD161E514F1724BE0B8BF0CD
          Malicious:false
          Reputation:unknown
          Preview:<?xmlzTF8..<.d.b.l6...rX.0$....{.U.......'..~[!.<..x.bN...4..B..P..I...|MCx.h..KZ...'@..7.r....6$t.9..Y.....Jj9..........+..j8...*?..l.p!X...c...I.H....,S..F.U....n..cl=yw.!P&..8.K-..:..&"...:mqN.;.+.5...G..TN....].....:..y.'."..(...[.A.4..........%.A....SL#..q...[...m.FBF.u.Hkz...o.............-.2.....'...P..?F.K....v.r...k.x....p.!..2...%."&.%..]s..{r5...a.^]..:.N..W..9.m.h.6.S...].IM....MN..nV.L..S.B......._%ZY ...+pv...m3H..>.w.h.P....:n...T;@k8o7.A.4u...U..0.+..QX+T........H.......CO"..bi.Tg....;..n.......t...K...>9..-.ap..Co..>"...3..^..-.+e.w.dG$kc...y...x..[...O.z:.M....e......C,]w0.(4.|F...5Y}5......'........?...cF.%4..$......=._.@-s{w....c...h.F.N.Yz9.[..^.E.!......P..1..)..........BsNw...n....7...%.+..vzLw[.......@%7)..%..hh..(j[W..6.*g.Vs_F...2. .3...._...%KA``.g.g.DL.........."..p..ID.5....GvLMI.lo....&..."..2..];..a..R..(..p .EyR2j%...z...6c.5....{.&..F....*.......g.:.)..p[.oT..0=..!.K..kX0..9....&.W.*O?.yN.7....W...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701400v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1697
          Entropy (8bit):7.872725879745839
          Encrypted:false
          SSDEEP:
          MD5:D6A45315908D287DD98BEC96BDC095CC
          SHA1:469477C9316B0A2B41E14971E5A7ED2F3741862B
          SHA-256:9EE944142B88674585F1CA2522FA79AD3D0A5EDD1EFF7B42842F659411F2B11E
          SHA-512:9752ACF6E0C07189C4C652C759D9603AA20323CA00AD6607B485429006D50F4CC09DCC0491E6990ED3D3E31F17C8E5508FF5BA9A69AECFF669A015015537AE65
          Malicious:false
          Reputation:unknown
          Preview:<?xml.7..A$1..!.5..._ n.c.........AFa!\..S(2..~2|k.6..zd.n..U..E)...y.M.....r.`..ZRY.&8..S..p......;..!.r...To...XV..(Le .nI$f..?...b8....Y@...ox>...<.....eX.t...m.o[.&..7Cgn...s.....Sj]..-.....v..@7.0.RBm........(u-'.'..;........<f\.p...9;.T..?..M,.O.....F......o...*45vc.v.w.0@.f(.....XBo.\..,...!a....w.u.Ih.x....24....v.1./..........2..?G..8iksv...E.}...C(<. .D...4p.. .9.z.D...U..v9..2Z.1..'...5.O.j....(,.t+f..A];......)y+..J>yQ..F....4.ZAk........9....Anv.qm...y..*...7%.q.C|....!...m.Q.....h.t...8$.......t3.;J.yV..6......)J2..C...G.e!./}]|....0..e...]..E..K.+....4E.V...O k..}..P.Z......-O..[..6=..Q.A3..>.Y..4...H$.CV.VC...c..e..O*\J.....L$.C...}H..*+>xQ>"Rs..x2"T..A...q...@....s.0.s...6.~...Vp.r/T.X..$..JD..Z.....d..b."..f%...S...lS?.HwC..y.Z.R.y.%.:.)..?|Ng.P......l.Z..U.QP1q*9cKe.r...Fe...>.u6,s.w.&K..n...8.....KE.....Y;.(.m....k&.j.4!).(..ctP...R[...n}.[.R.9.R..O.....Tu_[..F.Q.%..=....R?c..\(.=.P..~1Q..:.P.(p.6.fE9.8.|q^?..h.L.I6.y..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701401v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1734
          Entropy (8bit):7.8952148189576965
          Encrypted:false
          SSDEEP:
          MD5:713E711B613F6B37D7F35BD76CA4A165
          SHA1:BA0AC3E6C0CB373401FA60C676C40535B2D65D0B
          SHA-256:B9DECAA86B1BE9BF830EEF20661D53FC4DDF27F8974879B29126587783F1C7FF
          SHA-512:E12B4CDECE9306F28331CD945C90DE547CA28F450726B0AA18584FEA5E798D2233A631196B27CAA238FD6A73C9F99E3F3C688E675AD5902A53CB59F8020F79CD
          Malicious:false
          Reputation:unknown
          Preview:<?xml~_....|...e.Y..>..v.B..\.d4..O...'.!...x...Z."..dc...b&..._......j.@.iw...."..+............K.r.....8}.p.axd..,........z..u#....qH.N...y..F.bE....g..-Z...../Z].....Co..<.&]nNg..F.q..t.KWy$C..j.v".WP.=..P...J^..[hJ@...~QQ..qX,.bOt..6.>T......q..$..W.......VU.{....'....b h.W.Ae.b._R..q...0$8-z..'.%.lD.W..(..sE.wRo@....f..#B.+X...x.v.>a.'......y.....G.9...SzV(..".....o..{!.5A...b.1........A=...^.u.E.BQ.,<N......b...f...u;...A,.I3Kb.._..z....9.Nh.^....&....v. ..x.g...#1,.cG....|..j.0p....E.z...yy..X=...:nG..=..JW...F.sM.e..|.*..A.2:..Nkp...*=....l......RM...|L......V.....T.D.hEM.o.......~.....W.E&>..k.?..e.k.+w.....p...X.".lK.OJ0k:f.dW.#...%..{C.2.%(....f...7~.lE..,.46es..<.%.-..........p.....8..]...jd...GgVA$.G.;C.Y..W.:...|.a...vDe.....{R.z..,..6.....5..*.xtAHZD...&..M)......\.r`.M.8....9j#..b.k..|..[.......~.k(..9.......K.t..?s.........k.....j..@...F.q..HtnH......x<.Zc.y..&.b...`m...7.-@..C.........H..Tr.)!..p...f.k:...)a.-..S...oY....CH.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701500v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1697
          Entropy (8bit):7.883028070531634
          Encrypted:false
          SSDEEP:
          MD5:CB95F82A211BBA1EDEC5BD68B28EE5FD
          SHA1:7D35C1485CA72799C52B620DFA43866E7E4B162A
          SHA-256:80E6E05F3E3D61926F02094AF164FFA47B25C05FF32F0C3FDE8A3CF4E2EC0FD6
          SHA-512:B98463722ABD1EA4896A88D41D3EBA67FA10FD24B274432D96547EBB5571DE8C62D6BE6091A4F2815CC5DB10C9628E73CE99F88199A05619939801243DC88B2D
          Malicious:false
          Reputation:unknown
          Preview:<?xml..=......|.g..~.A.........=S...-....~.Kb#.[j.,.FN......?M.U........L#.....w...._/...,&.../p...._NO.n...f...M...Cfbm.L@\...hV<C}..E. .fk4.Q..a..\..?....N....ik.+..3'..&..A5gT........&!....1.1..#..{..A..^..r.w....y..(i.(d..*]v.|......Z.)....t:............7K.|0Ux..*.3D_].RF...b..!..}.5.9.Q..I(.X....U...m .c~M'.{B1.K...wtK..B......a......N...........R ...JU.&..qZ.j...!...}...H..#...;K..]r27.....O..+.N..XnR.....XF...w....q..}~.5.e.....t...NRD.%..l^.......9..C?...1....L.c.U^.R..Z...0F....1H4;..z.....S..dd.8.A.PI.`#.....r..3V_c..h a..W1.&....kq...F.....(.y.h#..V..6.....'|..^s.jL...)..+....2(.........@,Z".\..6......ar......V.......b.Zw.?:t...a...X.#7.p.?-.W....I..O..............s...d.%..".j..b....^......R:....j..l..8.X2X.E!..M...uk[.4.H5 'x...@x.?.TuC..U.C.d\'.[6._..37...n9.N.Amg...b..."...;^.Rq&A.........x...0aO..."a.....yu.x..`.G..U..o.6...'.T..........g?S.P?.i...;o...{.....wH......4.U./.....N.ROw....]x....2..u.....O....~.0.x&..@}...m..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701501v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1734
          Entropy (8bit):7.88121712787855
          Encrypted:false
          SSDEEP:
          MD5:23E45A17805BD2E874BBA1548EDAF422
          SHA1:F022296DB282E55B0C49918FEB934E6EB54734B8
          SHA-256:21C5AB41C5A7FB8A53858B82F2AE24B4A3D8F3AEF4D819650DCF94B02A196214
          SHA-512:049F6170658B94B6DF6C5BF9360ADD38871A253093F847933B974D815356CAE43B0B9CB85386347F3AA2F3E20EBF06751BFE2754EB540A2D0EDD4A2FAA377A2B
          Malicious:false
          Reputation:unknown
          Preview:<?xmlf...[.w{p...f.?........,.tl.....N...B...n4.ms..k.M%pb..O/C]9.d...~M.*~...<.....yw.eH.c....7b.[.r.Y...d..fMw..Mo......b.R.*...a...hZS*...d..^.j.. ..Z)...?-.6O.....d`..:...AZ.a/u.h........l.........Tn..,.y.UkEP.e.4.."..U.FR...U..Y}.....8.t{..l.F.q..@.b........6..;.......$.....|lE.2....G1.$....:C?..{.#..Ne.e.......]..........k.c.V;.N..S.......8..`....j..?<..............c..J.cu..c.'I.\e/o.+5;e.}.Z.eYv..p+.R...CC.O.6.z...l....{z0Qz.}U...Q..t........^`|xp......D_..H%[.......z*...5.0..}..........J)tS..9v.....d..Pe...w.j ...(yH~h.o.Z..!...!5,.O:?..s.h"c .NaA..+.......E.zL...<.K...h.....<.I.8...>.......)h.FO..y.c...N..I...].P.p......j....C0.r1..*..Xq..~......P..n..j=n....3....2..DP9....M.]l.;Z..C.?v`....<.h.k3.....^.......GY..9......'...&.Lk......_......(..`9.......~...8.@#.K..b..&.....|.z.k......).D....T..c.....\...c.m.......}..5..sy..d...Ca.:.%....*...Jd.^.d.X...jk....%f3nc..'.T.......#..z....qO*..x..^)..N:u.5oz1..}.+;..h.m.. ..........>1h"

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701550v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1701
          Entropy (8bit):7.879295401694599
          Encrypted:false
          SSDEEP:
          MD5:9C19D92F5968886C238F6848CBA85D27
          SHA1:A827BACC081403122E5A307AD2DCEBC0765326F4
          SHA-256:DEE7779F4E55BDB89FBBDA8620FBA0DBDC1288F70200B4EC527674A7336CD84E
          SHA-512:5391D3CC43CFF7530195DF9E1EAD64C2C250B507DBB7ADD4CE0EF47776652E3859D2506AFF2D16D1DDB408BFB241CC8AE01C5FA1F52129EBAA053423F426B495
          Malicious:false
          Reputation:unknown
          Preview:<?xmlqN:.n..M8.Y...A.g....<..{..}.G....R..v. ._....Z...4.[O.Wm.:?.[-....P..Z.Y.i\x..W......u...6.....o.i.+..."p.,\[k...]..;..En.....:......Ct/.j.S.o[..'a.1{ ./.0.H...&b.H/....Q.3..".(....c.K..0.i-G5y;.i...0.w.8HQ.p.c.M@......Dp...`..@.sK.#L.u..v/.:i.=!AT8..N.zM1.]y......S.?B%....C_^.:WpF.9..A.|..s..,...K>`D....N".g..O...B0.4.v.cA..e.k.2.........c6..;S..7......w..cRm..''L53..5..\...&...A..t.=.'S>l...9.2+..T.....U1....e..gN...,;-r.c..h.o.r....Nf4.8....Sur:X.......l..i...4S{............pP...l{y.a...3|...kJG..Q.z.o.0.xT.0..4....OL...07.MsQ..W...}.2...u..A.I.....{..}.../fk'w.Z~...q..N..x..\._...Fz!@..x.R..?.E&.Mp...Z..C..#X?!....E7d..!8......d. .ER1......y...a..d..4c..i.nx....[G....+..{...."Q......Z8......G&.X9.!......B...(.B............5g..p..m......".'Bt....Gl.E.U.6X.[.A}..@)...q.Z.1p..)8..V.j)^K..K...^0.......Z.. .E....\.Y...).<.........r..B>._..R.hl..@!.\...L6...E..j.65$..h..4..dJr.S..N..h...Y&....Me:.i....x;....7C.~....NO...|d

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701551v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1738
          Entropy (8bit):7.894676141475801
          Encrypted:false
          SSDEEP:
          MD5:D1E64A67CE476193E4DE7419E001654D
          SHA1:0B9E63F37416A71AB7F97ED284876C9F26D7003C
          SHA-256:5557440B9E7381598A7ABB6DB10C281C9A2D419711545BA99BC953E0862D1099
          SHA-512:B7861157C660B1C8BACFFAF107DD829CC78CB9D8C681DC8DA1E852677DE1CB86AEB45EB36335A75734E684BF599053518BDCA3EB9369695942B7D30FB110707C
          Malicious:false
          Reputation:unknown
          Preview:<?xml..uwIp1......@...}....44.s. .J....@1nq ..m.y..[P#..-z.m~./...x..h1+"%._4J/..]..L..^7....-tG.,...?:.#.....zA.;.....b.....!_.... p.:./~...7........SO.>...B...)@...#....?...R.~.....H)...T..V....>.-T..7g=.jl.*..or=.{.....E...b...._.....u..i.).....+.`...l..Rp.I....,.f...hq#.r.21..D....3F...?T.l./...h....p.l.0c...=..GUP...t.v8I..DOC.uM.g.b...a.y.S....MB.y...a.f_[.....7..(.EG.yT...*.CxP..A.......T!.>.`...[....j.39.f...]gS.?...<.......h.x5.V....c....J...f.6.....k).m..C.}..C/L.........c..hTQH...E@....f....l.....H'F>.7......j/...!7.{..0:..,oJ.r!N.Y.5%g+..g.. .E....].3..N.s..S...b.y.v}.`Q8.<.$...q..F.b4b..v.O....F..'...N..~.W!./..;....V.-F'Z..b=.H...d.._.l.,..'.??..W..N...^.@k...*.....Q.#f.....W|d}..........ep.Qqs.2urC..<......5.....j.^LfwT.W..[..6.+4..#g.d+...D...V,......".R.....R...bS.9....v+L.I.... \.!.%cdI...).S.g.....xk.....7.`...}&...Bd..r..P......(.#....,........c`@...e........M.E.S.....t......Q..........%..=.....Y.?O..3....VzCL[

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701650v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1705
          Entropy (8bit):7.88438307275033
          Encrypted:false
          SSDEEP:
          MD5:3499383874A263443DA75E984D36EFA5
          SHA1:C5489533AB115A72AFC145C7181D0CDECF58E0A9
          SHA-256:796DA1062981D69BA21541DE8B4B462D56C01007BA6E5DAC73F7B498AE15441F
          SHA-512:6E5CC8F83686EEC564FA65CB607370516AA28F6E328950197447B5C8436CB893FD94DBEDC828B1E4350CAA80BBFA9E4AD4A6493021C80A2102C46DEB65C3703F
          Malicious:false
          Reputation:unknown
          Preview:<?xml...-..... or..c..-AY..B..7.......T.j...#=.\.G.:..[<........E...5.n....S..?.z..F...nN.%i..8..[...3..._*.GfM.K..W.*q.4.M)0.J....s.&.....rDY...?..U...qT/T)50.....`_a1J..k{.`.... .......E..9..nc...b..F|.r%..NO..j.G.Dt,.pn.Ge...F..}..|....(...E_Y...\2&dd..2..P.<_./C8...>..5....MO.I.qS.aza.M.....a..bv.....Pk.......Y.!..b)>..?DG.Lb..n.....#{L,..w.....&.S......,U4A.B..h...9.&....../.]..J.5Q...yRY.t.L.Z....1.!S5.^...W.......&.K....oYf.s...}6D .r{"...k=..6.....*p(U.FX....8..^.....5(z#:o..d.x%$=...e...~7.K.8..9#4...{|.....yL<.....K...j..P."......XE.vu.....h..v......+.l*em.J.>......o.t}...t|........h.-oh6k..... i../+........I,P....E..P...Q..*;U...q..~.L...(J......RV.:.....Q.z.B.........a.8mCE .:.1.w{...r....2.j/..f9Y..y..-...<.f.%....A....DK&..`...-&..0...g.c,+.E..bN...x<.3....o.BD...V5.IS...R.._.......]a..5O.....auG`....J#.P?Axo.[A....3.i.(.K....d!...id...x..5>..t.....QF/lZ.^.'.....g%3V...I.#.FAs.)eG....K..........).q...P.ihs...[O.8>.<Zn.s.._..bY.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701651v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1742
          Entropy (8bit):7.887702889247662
          Encrypted:false
          SSDEEP:
          MD5:3C95D30B31B890CACD7BB32DA08DA0EC
          SHA1:7B398E222BD9C06499B81CD6E2FF8C53505B15CF
          SHA-256:2E31F1B60D1C18D2A98AD30DD5979F16602D6D771DAE45C01ED77E7A77B1D1E4
          SHA-512:C4A5A809D2F99B09762C77E6F4C8B72E88824B67703C459EDE9D7F14458733A6B4A3FBF7606EA292A346374B5DE5DEA36832441FD0F5C73AEEE30C75C246BB48
          Malicious:false
          Reputation:unknown
          Preview:<?xml[8.H..O.E...U.8/....Z..,..@.1..._&|J.s..,K[......._e....{...+..%.....4l.t..c/FX...<.>.u(|T.7..=.u4.zO.N5.{}/.......i!..xY.-.W$..CaH.D.....:.(...4|.[..;.91...-....`x..}.W..._<..NwV..V...i%u.YzkF.....*..>......1|aU.L..vX..V0-J.R.]..9..`V.k...n$.y..:........g.....v.V.K{D..I.....}nPo...+............|q.....q.6...Nc.>..~..;.eA/....J.S?.&......kp..i.'#..2,.[.........iQ......%%c..b.}1I.H..B{.qF.B.=_..9..i..=.*x.m..p.O+l......H.....^j.....[....G...l.{...Kb.1.|H..;.~...~.r...1..i...t...o...`C^n.+y._.....,.x...R....\.q\d... M........}.@.Ge..6.#...\U.!.....*...'7.zs...}-J..[.IR.#"....X.GG.X`.l....4.a..1L*..:H..`.......*t...;.....G.|?..."..d.B....d.......:.q.v.n..X2I..B.#;5..e5......._..\.:Qz.,f8.t../.....O..zn...H.....f.....F.!..P.).......W(....I...@Y.W.B.a...1..Hp..~.s#~........Qvq.P.U6}2...!...s%...sqKS..,.[.".k.+Z.....0T..!...R.....W...E)R=....:.....w..Rla.....o.....b.;=KDt..V\..`{dLP.5..%K..N..u.F.2.....'.w~...>.v..:..=6..J.2R#......lE.C..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701700v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1719
          Entropy (8bit):7.891028976506651
          Encrypted:false
          SSDEEP:
          MD5:1ED50EC7274B21F33F48F96074CDD75D
          SHA1:E01EF04D0F45EF18E3366477C98F0A9CE62A3F4F
          SHA-256:DC495A46769057EE33DD126A3CBAE2FB07525B5A6993E282497FA05FAE5563F4
          SHA-512:6E2C1307594892F7161E4FCE4D540908CC3C63CD3D8EAF896949FFEC24B793D65F4F3DE04DF44F6299EC80833C3167EFB487839094DF3A355BCF58FE3DA9360D
          Malicious:false
          Reputation:unknown
          Preview:<?xml.y?......Q...H._O..S.|w{."1!..N[T...6...%..V_&&W..jsA]..4x.k.r.?.M.:..x......%............\...k..z<lE..+.5B..z.....5.........&..$?k..(...@..:k#...."......QL$[..rG..U......p..6Y{.4,.....f..d.H.[:@0R..%s....q?...)..P.F.y.7.(..:..G-.........c.Ld...=...L....N.......L..G.n`..=......;l.^P......b.......o.b...P.f...N..........U.8.C....c.........C.\.?...++.n..[7....T.e.@.....Q.$."6...^y...2/.n..}...;...\...S..3......O.^!Z.I.....v.z}'.a.I.wj....V\i~C.\.`..ia'.m7*|.. ...L_..2.oNm..B..&..t.iTI..........Pa.GA....G$|q....z.A.).Wb=._.7jT.k.+...}4.J...E....'....S......1;..&....*b..z...P;.s.....x.6..T.E.oG..z...1.......J......P.!k..1'...*.d%e..[,...^[J......1{.......Xd..E...2.......L..+......+..^.....".=...,.>..{.....w<#g....$Q.Wa.U..J....8e..z<R.>*.M>...vw..-.}..r.j.2..^.UR_...1.@c#..Y..F......(.Y9....Z...B^...V........OOf...`.:....1f...?...B.D../...T,...xz...P....t.xT.Q..h.i.........Xu..cC..o.t.Nv...e%....h...hu....B.......RB1...7i.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701701v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1756
          Entropy (8bit):7.8744750388773
          Encrypted:false
          SSDEEP:
          MD5:624DED480AC62CD57C24700C5574C0DC
          SHA1:6DFD45BE5598D43E228522D2489E08092BEB5CCC
          SHA-256:82662751540B7D59B4435F416C7F1C40E2E98EED12860D935BA75ECAC8E287E6
          SHA-512:90034E404FEA7F56DCD7CFE72491BF0606D58199E7367C8DA2BAC422C64AD2DB5347730EA4D5812150812D233900D5968896E84BA512E2222126829C8370BBE3
          Malicious:false
          Reputation:unknown
          Preview:<?xmlYa..(7yYKbrX_)H..j....\..).....T"BtO....x.......$2x_t2...+..v...RP.qE.}...........*.b.P.&.=....#......>-...e#.PJ.eDn..C.0.h0GG1.).bU...>j..|rU.....I.....^..U,..m.IH....C0.>...E_...xD&P...l.f.Zb.ob/....`./.Bo..f[.l.PS...U..;0.f....=.;E:5..8U)...lQ......dhO..b.;.d......a.;j..=...}..]b...ci)7.u.?..-_2..-......./...(.C!.?.....$I....."..F[.w.{.7......g.a$$..2n..g..]........`sn a...$G...$=u.#.m.:....|(W..)bAL39.4o..>.8..f?.G$..O.b..K....T.l.....-3.#v...`...X.t...r...R.BU..P..g.^WV.pb..+..8.....y..<.O..i&^..z.E^t....F...X...V.g+\??1......-....)k..c<...`.6..a..............nZ.^.u...."..TKy5...[......&...3.~9.p=.e..,.....f..j...(..(....4..i.}/B.D.w..y....#..z....k..).R.0...].s ....".h..nF...B.}..j?..TG6.qi+..L......-....C..\.&.;....c.ld...N2.c.T.............7$1i.;.].......O5..X....o.%.r.Ud......C...=....}m...b...gV.Y.{.Je.W_3V.i..._V.2.r....b.V}....^.......O.\.RUg....k..K.hM..y)..Z.n...'#.n.G.&T@..j..t..1 x.#..5.7..[.(T9...Nm.....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701750v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1697
          Entropy (8bit):7.871598324578484
          Encrypted:false
          SSDEEP:
          MD5:911F5FD289290B9E54CF7CED1BAD1D22
          SHA1:554B2E35B3C4E83DC28C35DA7B4290BBB6667B37
          SHA-256:97CFBAD8FDA78C939A338B41B76BDA7C9EA685373A6CB9C08BAED724A7E075F2
          SHA-512:BF1096D2AA7844594704EE892BD8BCA68B6F8BEDF15BC355F5FBD7300FA495F88054FCA1B60A7B23997F3FA5ED1BD57683E19E6F471762B244CC3658935530F5
          Malicious:false
          Reputation:unknown
          Preview:<?xml....=...-.....j..o.)z.p...2...1c.u...W.y.M..lB..S<.1.o,%...D.....p..8(c{.d....\...O1...B...>.Tv......7....@......K.t.M..c...b...V<..z.S...,.E........d...........^.D.9../qYc.^.A..%1..w6.a@.J`h&8c"J...Z.sS"........^.-/k..ok.hj........M.......3."......k.'. .o......}v..2n. ....'c++C:..[....O.4.R9._..tn.@.G...{m0A.y.f@.....2....1yi.B.....x.M..m(......F.#:... ..!gr....p.I......f.3\...$.$.dIai.C.r..Ui.qNxWE.....g.......`...!8.Ag..ww<.A...7.I.$7...%....~.6Q....2....... ...V-z4.e...&....`k..Z.>a..tG.5....4.[au.v.A.e7....:.......T......[..B.....%....xE6.aXy(.ok...$.R'J....s......wnt..a.oC[.z..rL.'.c...S.f..*...r".....^...-..j.._B..W....b..3..6(Vj.F..F.(a.B6.#.....1....!/.........].~+c........r..x.8.&..<..[..@T...r..koO....p.zm%.b^2....4...............F...`.$A.(.~.yb.yP(..MI..].F..C.-..9.g..k.WDF.N..L...~F.<...<..........F...ff.5.t...~K..dr1........b9.;-.1.....b.D$d...0.<<...P.W.mvD|0..^'.QT....D...%..)...[...%=...5...`......#.t..v#R

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701751v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1734
          Entropy (8bit):7.881289676312442
          Encrypted:false
          SSDEEP:
          MD5:9197868DB978F49B217D96054FE58F12
          SHA1:63CE5EA7B04D1090D7C8C16D8B521685BC19334E
          SHA-256:669C93AD02E23611AE2DADF983A2AD92440273885CF9B69EAC42233B562D8991
          SHA-512:8981ACDB63BBC0093C8417873F199E2D9E0CCE0E9F958CC7B3BDB9B4855AE0951FB76530ADFFB68D2F0ED186E06D9528C9F3E1AAD134CD303C85359F26A4FF69
          Malicious:false
          Reputation:unknown
          Preview:<?xml.1..9G.P#.....W(Qb=X2=ET.E.Y....[.".S!.\%CL.c.....m...V..=...w.(.l{.~.MX.......o..0B......#{.;..:.wO}$...I..P.....#....o.,..x....04l.x.i.K;d3..h.?...$.i.Q..f'.....W.f.......W8..u.KC.+........^f..`.F..a..L.1...\r%...!_-../.E9........Z...:[.0..:......]'X...70k....y.....)q(.X.._...{9.r..ZK.v...6.,....ha/z4..Bf....m.[..C7...o....1|..t..m`..oj.i.:...]..1+.<P......lUC....f.......[....W54..o...@...=.gdS.x....6.;J..J..,.3.....g*..V..?.bn...V.0T.u.`.`_.x...|.u..*-m`..rsY%..7.i...|.^y4.L3C...Z>..}..0.y..U..dy..>.%C.....I.c.....-/.1.../\.].Q^a9......i^..-...~.Z.).R...A....../.-/..*cD9h.3. X\.......L.1.0*.!.l....n.e..p.6b.i#....5..g..'........@.....9..............Qt]E.V...]..jG........M....S...A..K.s....7H.]..T.W......:....n..Dd.E.^EHx.j.*.j.Z.....n.W...Wx.'.C.s.e.%...R ......&.0...^..F........;......4..)B.Yd".....D.Z..#P.zAR....I...F...."g..5.h...^..dQ.2.../g....f.,V..lgX8..V..5O.vs@..$\...i.,.Q.W.......[?...2.Za...U.........,-.a{.....r4

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701800v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1699
          Entropy (8bit):7.8911828235825405
          Encrypted:false
          SSDEEP:
          MD5:8EE5F38B12A9721236AD2C6D84005189
          SHA1:1EAC6347BDB9D67487FF703BAA5C22E87B29EC8C
          SHA-256:29ED04C178C4F6DEA28F9D31568849CB4F5AF97ED97C72A5974FD5468F8990EB
          SHA-512:73D0BEB25107C96D804E3B83A0B27E3513F0D8BB87385BC51D4965EC13FA1A7D0162369B53A913390B31D06840F555242B3981340FDA5511C0931255DF4FF84A
          Malicious:false
          Reputation:unknown
          Preview:<?xml...0..l........+.-..*lW.diY.i..._...\.;.=.#D-..B.A.....e'.y.0=....j....."..\g.&.+.8......8.M6a..M....`..K.wX...~a.q.pOlb.?.U.i....G.[m.1a.D.;.^L....'.....*<.P[i5.A.$...t...i..3..R.....?e.t&T.W5{......S...E..+&.o.Y#.!..BL.9.+..!=.yB@.':...{j......%.;W.,`@aX..yH......=..ZP.8O]{r..7]...u.r.... .3.A..(.w.....<_..R.t...K...h.......E.Qri.k[.{.v .....qG.%..W.....`x&1.W1*..D.uj....<.rJ2oN..t.L..l...r.U.:)..*...d..h..(..!.M...3....U../.....}$.....w>.h...i..v.....5\....K.h..Da+.T.D..I.g./....O.....N..nyO.R.@Y..=...N~7..=...?.J.F~....(9....c.....Q.....N..7.......S.&8w4...2.i.W\..dF+......),.4...}.8P$..Z;..h..Xq.A... +&....."...XB>.>KC.....t..^.......T<...Z..+...A>.)Hz........h.t...}N...!M....F...hM..O.S.}.fRO..vkGD1u.,...N.s2d.U.4.....d.,.MXZ...G..^)......<.\.t..O..o...R~'.CLt.8..&....!.......{..u...n.(...2H.6...9...!.}e..c..7e.ozO?.@u..xN. B.$..vXT..R..J.A..~.>....7+W.v.WcdOsm@..@...dN6...j...T....(n.4=E.I...)Cg<..'..............S.....V..c...}i..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701801v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1736
          Entropy (8bit):7.8842991334214085
          Encrypted:false
          SSDEEP:
          MD5:33C0E5B2F5ED7A27BF5D82D2C2DBB1B1
          SHA1:7EFCACFECEED273E6ECFD4E5BBEB9C62F9F2AA61
          SHA-256:B0C41B456066F739355A3DA5B87687B26F695D3C88E3E93B7D146C2ECBD5C39C
          SHA-512:431B280F3E9740A8740D7E4E8C6F32CA504909CAAE00415AACB2A37F4693FFE7070CD422D557067EB336B766BF8829A4B67670B8AE2CD27180A537266E87060F
          Malicious:false
          Reputation:unknown
          Preview:<?xml0..Y.bgBk...;.Q..v/....@.O.."..Mu.U."...;...ja..6..).'.J&....'....x3&......W.mq.......q...P.:.^r......w.^.|*.R+.c@.S.m..h".eX@.i#p...S....?<g..P.p.KB.Q...QC...rN.....,......@...Tu\^.. ..Li..).J."..v.....L...W.+k..UB....]4.5&.sQ2......W..rw.:.......c....&...h.....\.ATE.F..shx..j....2.9...s..D...S.u...(.3.o...d~%...C.I..A&.0.5.&.HX..lc........Ju....f.x5..W[....2..w .p..7q.S..s_.%xf...m.QJi..KvhF3tY)..X.....q........)..^...p|....C.....W%....S...0|.....=.'.../..6&.D. h)5BG.R..J..z...;.....dx.....ae..(....H.tZ.h....I...f..?...8@.....k.....#.i...d. *.|.[!2x.&i.$@y.......2.....1.`....[.Q..(.o=.....LF..r.a.8T....k..../.&.&}8R.Y.Z3(....hZ.AG.1.Q.p..4...f.(K+..~CQ....DJ..r."q..{..q.L.}.clDf..W8.Y............a.?....[..:d.:.x..?..o.....+...>..@.x2......6._.E......P...mbx..\...'[..xMnu..5.5.J..G...RA!=.T...MI........!x.Ek.?.z........z-...K.!.c3...)...N..e/...5..,.Cw~....U.T<|p,.2.....mS.......dJ...G...}.C@./)...\..e.r........"d...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701850v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1704
          Entropy (8bit):7.903275431120352
          Encrypted:false
          SSDEEP:
          MD5:79970012E98E0D267A8179CD9361D015
          SHA1:BC111F163B03047503A5CB0AF9AEC487BA5D86E1
          SHA-256:33BD9E8832341DB6BB711702D6AFFB910A79C9D58D2ED4B6FF5D37DC26B461E4
          SHA-512:1804C96028BB520D4E74F325D1B0AC8A4DB67861C4369FA057A2A33573DC809E23F507464AFB6FEF92B52F8512C19966D58613EEF694B424B84289E13092E360
          Malicious:false
          Reputation:unknown
          Preview:<?xmlh5U.{..f..Yb..9.I.$..:.l..y.zq....z............Qk.39.q..9;...$.|...h.....%7&.R.g..K.rNU.r...Lw.0.0k.j...l@i...h.o"........t........".....Z..hn..8....$b.;.C"..Oq.._.K.&...R.6...Xe5sP.R.....:.x..7V{3"h#}..V\F...].~.1.W.(..;).g..J..&.H............+.....{..L..Y.G..'.......s.%...LG...%.,q#..K.6....E.....%[........{....>.xT.\7..U".."Ph....."..7..md.'. ..T...%X.v..K....uJ..........f.&.w.d.........r...jE....9S..Op}..}^h....d{..7......:3..7.Z..'..'RW..1?S..).Go.!.....x.R....6...>.......c+I..y....]..?.*....b).&.ef..>RvlE.....%....&.;.kC....1.....r...uo...*.....`CbL=._.......SL.......1R<xD.#D'.B...4[.iY.o4+....1...0R..>...Z.{..C;..}...a.M..R..\^.P......!.|...........`.....c.<.H~..q...].V.2.@..Qye..4.L.>6Q..8.s*....h.t}.r..4.t.7)3.r..J.}8H7.'....F.F..c...:.U...(..2..w.....D).p..b..[..?b....,v......G...\.d...v.-iF.f.Z.,$.Z..^.tj00...m..<.O.....h.\b.T.)r.&.l+.?.D.G....I.oB....U...s..QQ.s...,.......e.KJf...%...E.5M.a.......i......0.h.v.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701851v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1741
          Entropy (8bit):7.894149221841676
          Encrypted:false
          SSDEEP:
          MD5:9269C596811533FD543DAFD24CE85E14
          SHA1:FD7D786D0031C0E1C4B11EB9900DDED4BC48276D
          SHA-256:370365A893493B646B2AAD5D96942F562A7221C090AD7FBCFF52ADDD4DC45861
          SHA-512:67C9979585D4B0B323FDDC7AA2D73B61A8DADB97E39B825714B8FD292246E15C614501C2B7AF7CDDC01C460EC055190138B271570FE5B549F9C435BED6FF7277
          Malicious:false
          Reputation:unknown
          Preview:<?xmlQ.U....q..o.......c...d.b...lQ.j..v\.R.J.{Q...Oy..1.k............%..V..I...B.....F....l?`.^...S..#n.^.......Y..b.>.i,..4..3...5.^..m.3.Z.......d.|.-A^d......u..nA.-.P...].p....PT.`~..F.i./...&B.A!.}...Yc....l).q...._7.Tn.._.~...*9\ H.L.....Vz.49o.e.....#...-.*.=x.....,..y].W8....v'..+J5R....QP.Ti..iu..ArX..W..A...u..@.jsF.9M..,....-.8.d...s=...0.../._h......7...y..;....>E...(.!..b..|..Q........3.....f..z...].H.........[{..{J.Z.....``.m...B{.-. ..l.M.cc.k..0...>..Y._.....$.5.9.j.N.n~.?.........).Cx...|D....R...t...'YW.d}..........=(.....se9....):..."....*.y~Y.5..Ry......*...G..9k0].>Q.........l.C....,aL....thi,.!LR...Y.<mHC......?.c.3^.@.\hK.....'p~._...X.$.nmA{sY.z.-.~R..s[.).i...'hE.po.F.. C...H.W.......v..*.G.-'.....j.'dO.r.K.q-C......o<=R...u.M...;3........{.i..oD.0O...SS..]../1.X....;.....Kb..|..?..)q}e..._..J..%.&.H.....w.bH..d$.N.9.,.=.......(....8......Y..].V[.wj..IU......s...m.J..2|...Xrl....N..a.m......4x..E.......>G

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701900v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1703
          Entropy (8bit):7.8786470893256695
          Encrypted:false
          SSDEEP:
          MD5:38B693E9D962DC7D36ED9AE0FA594F65
          SHA1:3D90D655F6E5A120378E3E4940E828EC64487538
          SHA-256:56DDB85E623E02E0B1E1DD73082E26BB52A1302EF6D37DB395DDF2B74FEAB77F
          SHA-512:D8807B44F41BCBB6892E5EDE1367E1240FFF587654AF90B4BD38E7D9D30337BB1141906708A9E140C13D118A6777E82230BA67AC8A181B1CCF45732EA2E09D2E
          Malicious:false
          Reputation:unknown
          Preview:<?xml.......#.J..`...K...?Ah..j..!..d..6.....@.IE.l%'.G.p.?5..:....@..Q` i.}I..6.D.Z:.P..,...).{J...F6.9.*..H.jF....p.+2=$...h.]...a.....2."$...L..OO9P........0g.3..g..q.%..P...fg...~v..c~[....0M5 C...*qk%.EJ..O.p..G(.]......*.:.r.7.ve..R.t&.t4.d.L..e...2..lK.`~....x..`....o....P...}{.....,.P..#.d.q}T..!..j.......>.......1V.N.-H..V..<...*6.+.(k..i.N..P.M...Y....nbG.....#...h5.G3D.H"..[........JU.....;./.O&.}.|..+....E......Oy.:...I..=p.z.X6...0........c sn..z...Q}..V!~=.vS...U[.r.U mef.l...N.C..!At...).,?o..o..S.g.J.O."...........w..=r.......b..!.j..o./...f7vT..=.."U7.....Z......D..+F|H........tFN..."...`..DJ...]g...F..~^?..r9h....h.4d..Z#./K..L...e...i...^.r..O./.....X.'P.}....~"r.........1...e=....z......Ht9.+....Tz.=%..L.QM.[#...h..".rO.Z8...j...r#....Qg...>...%..s..(.....0.^h*...hm..(.k.a..Z.P~E$3#[..}$U..ch..w.u.8_.....,....X..y.Z....-..w).hX...#.oe....zt4......X....f..B....._.%...KQ._.._...k=...._+G8f .N.(.J......x:.M..t....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701901v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1740
          Entropy (8bit):7.889157842134778
          Encrypted:false
          SSDEEP:
          MD5:07E1049D0FDB00500C4F682709AE110F
          SHA1:83D803A4758B1424E217794D1786B2515C24AE69
          SHA-256:AD3FF1FAACC52B5CBC90B61A2921D2F11CC9C53647042A65F4EAD22D456368C5
          SHA-512:C3F941C4BC93A7AD04433E0B1FD31D999DB5F9D083EB55154C3B647FEB011127ED4ACCA6EB31F07DE0ED157BD5CE768E3322875E1AD9FC49A7C8BF05FD1E00EA
          Malicious:false
          Reputation:unknown
          Preview:<?xml."v.l)J.J]..s<.7W.w....@.;Y.C..`....wz..!.<..3...pA..kN*G.n..[w....W.n{..>>e.{.KX2..m .3..^6..!.`.....s.i...........^.vhK..p.H.........W-c...?c..A..y.f....V.<.+..*,... ....N.Bv.e....l..../...fG..C...k...!9.I...h$..P....uG..Cg.....`.....=.;..|B....$.."".<...B........O..@.F.V,H89..M....&..z.........&|..^...\#`....B<1..ft..9...+ZluQ.<,...mr..g%h...xk@;...i...4..q..?@.wdL......c...*..s..C`..4..}........R...=g}Hr.u......6Z.;d..Q~..<....*..4.(=5.:>F7y.*U2?.t<....q.5...1HUZLed.3.?..|@.b...F)...V.....8(..}e.....#9\.....+.lN.9b.V...G..N.}..p..Q..R9.y.:....+....U..:..B..=.....j.g.Vk.~..c).........8....4.}...7..-W!.W....Tt..k.J..{U%..b.z../j.-../i...M..S.m.%..p.pVZB...P..0H...k...-~.%..fw...8}.FdPK>.}I.....D.lc.... .\$00....Z..H.K..+&.m.......P..F<J@.p|.j.........y..a%. ...G...F..X....../......~.....\...E...yG........H....e..n...'.^.6.k:...Ag..k..C.....r.i.m.5B...l.....@.i.?k|.S.y)...............{..R......>>..~..&.p,...)ONcg.$l..THO...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701950v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1713
          Entropy (8bit):7.871838714931478
          Encrypted:false
          SSDEEP:
          MD5:F192287FC343A76CFEC009A3B4C4DCBB
          SHA1:200972BCA6DC82FBF9679B26A9F77AC7E8FD00A4
          SHA-256:7BC52415EB371FBD0F260B82480D04EDCEEB52773705B57F79B178C41603AD45
          SHA-512:D74C7FC27B41CE2B4523B377648F1E60284F97F05C8C7EB9396A01D0081308374708198EA0D723904C7AB63D2B5EA0BADED5E97FAB83A068659D8F5A8A815364
          Malicious:false
          Reputation:unknown
          Preview:<?xml......_.kK.LPN..;W]..A......P.be]..;&.d!Z.v.....-..W......q..'.B...yQ....^..F.2'@....L..d..R1. ..4. ..)'.Z.......o..S...:oi.. ...n.R.......-.....a&....u..e.OA..wR..F.%..7L.|...RI......[n2.. .n..B...$3..4G..>...."..[.K.j...X..Z#.<v.G...R.=..W.<k.N...&p..7f/..sh.AD..$.....q.1.H.o....8..I.."..!..j.ttD.6F.....@.^bQ..>.....2K,.=D..#L.8.Qu.ce.PIL....x9?....!T...lz./........6.'J.6.j>..v.j.7....TYZ...CK.K.g.6..Y..|.O........um.!.e..q...3.E.1..Hg...wA..C..7....{%.O....f.{..<.C.I....\.#K1..R}..IH.M.........\H.m..,W..Z.........i...j.....RF..N..0P.od..{....*../X..x..n...9'.-......1q.O...V;O:..F.T._...,'....08..vO.x.1g.....fvO.....Yq.|.g7.....Y.+].4_j).P0.j....1.......*.x......z...@.3...R._.@x7...-..Q.....g..%..P.|....y. ........N....t..O..f....M&.n.......nF.f...:..R1..m.[..}'orH+.....6.H......(..l..'.D..]...2..g>..)..d.=.. W.M..Od....&OV.....?.@.....c....A.z.Q+R........5...1....5.r..hN.>9...%7....m&l..@A...P.P.....<..!g.....ZIuJ_.N:....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701951v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1750
          Entropy (8bit):7.872986170268976
          Encrypted:false
          SSDEEP:
          MD5:788176A424F7187F8C67AB7C80496E72
          SHA1:DE13E35843F994F16C4E52B8847635D9729E5B78
          SHA-256:0A86A66EC1FF60533227F46B7D81B7F7FE0CA13E8AB5787BF12CF46C3CF34305
          SHA-512:337943702E52DBCD33FD57210EE337B4E28B3AA26E868873CEB0958C8F147544432E3CED32A664AC678911F4B5D60CB583FC7259086D985F96001B8D87D109C3
          Malicious:false
          Reputation:unknown
          Preview:<?xml..y...D...h_T.S_].V......B...Z7.r^ G...]I..Q.2.K..U......x?....;.;.7.,.!v.o.g..j..A.uC..J.`.Z.,........Aq..o.V.....=8+.?.....O..z/E..u.K;.|?.Y...80......)_.7.d.q(.Cw.W..Qv..x.w.....,X+..g..W>.....O..Q.......cX...-........a"5.s..%.....`..h.&..P..'~o.K\.....%.Z_d.4I....r...,<Lw....0.. ..N~RwR.I..f.t..O..........Y..T.....$.....P........d. ..AU9...W..O..lk....v?5w.G.7.N..x........Z..oT!.>.u-0.).<D.[{..B.x...G..L...,7....A<...v..!..)....#..^.Q.......e..j@.)..R.a9.\9...e.r...Ul...S...T...6*.4M.v.4@.ed.V>I.h\.bs.X3....e.0...w...e<.$.... ..3..}.\............".....B<%O..9.U....@.wl......BB.>9{....v..*.2l'%..S.e..8..].A..!.s.-.N....U.?.PE..!.) ....H.F..b.O..k.H..HP.....HK.=m}.....Zt...XV%.e@7....1...0?.....Y..xe...7ip.K.././.8....Y.V.?8+.2@....{3.R.ql;5....m...|/L.,.|.x;..B..J....3%.[...x>.7,....Ij?.Xl.1C..F&."'.Y..2.R?OX~..]J=./.s...!..k.B7.].M~1...k..tR........n.bPC..t.#i...K.{.v. k..!T...+..g......].g...G.8..6.Qq...T.<...%.4p&.....0ZC

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702000v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1693
          Entropy (8bit):7.894415793682494
          Encrypted:false
          SSDEEP:
          MD5:96536CF1DE929C3B2B596E84B201D59F
          SHA1:18F031D7B52375135E9687DD239520F839266882
          SHA-256:8A719A0A2D5D339A39A5267928E5D039911C72F5AE30DEEA761C051D0DD0DC46
          SHA-512:C9E9E1F2BB207F48CB45D987C73B91C186420C5D696069069451FECBC7838B457BCE77EE91F23E207FE8D93BCC51CC96C6D138F2F1E16AA5A7873750D44C9952
          Malicious:false
          Reputation:unknown
          Preview:<?xmlJ.oRs..<G.../....#vQ..+...>....,@.3).aM.NH.`L.)...O</..5.G..]..Y...s.3...9". .....6%?`...!......x...BSZON.q.......a.)...m.".B ..p...4g..n.._N.%.<.....k.iT"...s..]...uw[>e.]...:l6A.......W>X..K4g..d.,....'...`.D7.....V2....!.hJ.5.:...t....>....=6....y.......{.....U.-0..uk!.....q<Zs..s.YSI.....`.......vs...+.;......_.Y...r&N~.{.gw...../.H.;...%...q.C. ..&.......y..H.P......n7\..3Y-.^3.<&...-7X.&.#..]..c.C.2....c......-u.[}..;:.V...Ws#..]@..`@F.f..{n.?.1KZ...?.\..!`.......9&!6.1.....S..4....tT9IS6.....=....-[#.OJ:.a...7.)...Pz}..$Z.A.Z.p?M......-.........2<mm.......i.k7.e....[GI.Vzn..dQ.)..>....[.5.'.9.^.C~....=..W..X9.)..P.. .../..g.`....<Z*..V.C.{.a....K.H?.?....Q....(....i.....Y.e..!.GF.c..F.5.:..T.6.$W..@..Ls..&......V.......$sHV..cY..u....G....3.%hu..<.S.U....+.......0....R......v)+."S.m.-3...........F%.....B..P.?...............:.C..J..W".U..S....i.'..oD.85..PZ!._..Pf|....9......a.......Wl...K._{....'...].*I[..1w.&c...j..;..v..t.t

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702001v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1730
          Entropy (8bit):7.881035708281997
          Encrypted:false
          SSDEEP:
          MD5:CE9A0CE9D7A275588A32A7B267CEB47A
          SHA1:A80A53C7632DE26FF123344C1EEB14B0CAE1DD38
          SHA-256:FAC34924AEB04320633C7957F0077268F55075BBDE5EF7D2935D8FB2DE93B0DF
          SHA-512:7EDDD58D62942830522630DC2B5460EA874CC7BD7167678459F9B3485CE06A99DF85B18CA4C969FE85EC1E0CE56C70E91ACC1179832820B3D1FB45D11D9815D5
          Malicious:false
          Reputation:unknown
          Preview:<?xml&8j.....h.i..).;c.3.k..lx.F.P.y`........m.-..ZJ..B.I~aAO...k.....K.r......*..Lp..f......^.?.W.B.....ei..L.Z.pD|....>..a.!.....-......;b6...v..[+.u.;2.,....5.....>..^*..u%.Sd.oq...`..5.&..-..L....d...0}.....OR.....{..b..K...................i...)..Z..y.'...{.9"Q.s`...Rf...h'FA..G.RW,v.C......}..0....p..d.kZwU-._.P..l.b5...0U..1..m._.oZy...e.1..2^.`....7O.P/.'......?vt.,.(..W.-.Hv.W.Zq*..Z......s2......ans..0....{5..6}.k........)..A.....".2......%Ug...M;..}-......`....._.[.....*L......@...]A?*.&..........P..5..t.$...I}.e.........w.............2Z^...".f.:.vu`_zg.....B.........4'..`.#....../a....C....7..5~.T.=NN.".~. .<iT.#..(..........0..U.i@.9)T.....?...b..f...F...\.{...t......[.^..V`3.:._nwf.{.5....l.{.W..1g'<../..=.n~....M....Lp.,..........M.MRFJ....{s...D.......,.>._..&y._g......>...B.....K../n.[.....VR...]R1".L.....u.'.....^A...d.f.%.;..8..q..Di3..D.NH);....s.....-.o.c.F.9:......Cd.E..(........e../...."\...&.u.~.?{..5.........<

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702050v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1697
          Entropy (8bit):7.8725800431993616
          Encrypted:false
          SSDEEP:
          MD5:358DA858868338CF0C3DB15195CBBD14
          SHA1:A0528744E2FB538C782F4B695122B8FD187FBCD6
          SHA-256:019E7CA44FBD6F048ADB5235D0F2EBA7C74C898C74B4F49B9709BCA1BF4E4BD4
          SHA-512:1F23C85F06CC76D79F50A8B495D4C6D2FAB427C13D43F825374D6B9B371F4302299BFF71235B575B40F69FBACBF360D5D480DD33E78C0C588694B07BC8F67634
          Malicious:false
          Reputation:unknown
          Preview:<?xml6..8.vy..O.g?O.6...Z@.....0...0...3.<./..W3B...'r..z...o2U}..G2.=Kd..u....D..1."...d..er.&.F..v.....>..H.Nq,..'#F.......Qz..w.t..(...d..2.J..E.X.....?J..M.p.l]'kw....[w.0...|.X..D...,...2.GX...n.ij....z....._..'.m.H..V.k"L...#./'..hi..."!.E.= ..+p46..oBw.,..W.r.WF\...... .@HoG).4Oxb.U..AJt.{....\.H.[...l-.X....w...,+......._..Z.4.../X.2p...v.d..d..b....~q.....1.S.KX...>.!..:.]..[g...x.......Idr...|....q1....!..yQ../E..,.......&#J...........t.Q.4l|....;a...3......GN..{....i%..........`i.Z......+..z7.w..Y........&....3..k-Qyc..lu......e.t.~&.-.Y..i....2.4.w......_.An.c.!.O ...K_l....^.....6..Ag..".wl.G....O..@..,V,..mp0.p...&......k..n...NYo3'.}..O9h.5\}.E..p_......n6x...H..*.}......Q...;.f.t8.`......G...q..U.`.T&'..4.n.v.qEX|t ....)..........e?gvu....H....-.....i:5(wFfQ.0"..V.'....lsXzqy...0..a./.Y...r..:4vQ......\I..1.#..q.1e{.....T.K^.&(..,...=.E^...~..2...._7.....7.....,..:......".....v..8..R2.'<I.........:<..,..c.-..X!0.....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702051v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1734
          Entropy (8bit):7.877677292836905
          Encrypted:false
          SSDEEP:
          MD5:5F09A433CB282F0C3095B3F43A365A86
          SHA1:97BD9D4F9688605C156A8A270CF15929149FD5FE
          SHA-256:3224EAE6A3308C745AC9270A2DB9FB4077BE714C7D11B7CB473A56C5CBBDD4B8
          SHA-512:C52EBFC5E20F6DB1207EF8052C8A7131F291FE65864FA225FD02155A9E9E93B347F100FA557E359D5A8521B533209CAC468B5039D131DC04BC93FBFAC3D9FB4E
          Malicious:false
          Reputation:unknown
          Preview:<?xml{..0.}../..F.e...%...b.C...3iDUr.R..... ..9...(_...1#.^...,Du....M3W...t.+!h..&.........W..[.....=..g...!Z.H....!.pY.;..*....vA$..=.GRZ..@.....T$4..,:..Kk.v........k.t)5W..]...............P..J.7X..U.yd..;..#....7Y.#....B..g.~.]...8u.;..w..o91.I.6.......6.4......;..c.p.....M.h......E..8.=.......3.u...}.-hYu.m..js.KS......5.(...&.f.C..r..1Gk|8.&N..pyb.....>.B..nLx..e.f...u.va.G.%...+S)....=RJ..J.W.GB...+......Q!..9..@....ev....Br...>k.2..7Cb}.X~.Z3.A...!..?1+..H.t..9.k....RR.<.9......=uh..g..>.....I1.k..u|..Y.w...[-.R. k.W..JM.B.B....+..qb^0.+.E..c`7.?..]..b\..MW....?wS.&...q.m..S5.w........5u9l.k4Y......8..I7..d.h.l...HaJ.;i.rd.Rm.X...._.b...;n..I.fJ.Q.9....'..q.H/,x..v....n{..I..-".k..]z...2 ..aGuT.....<...H..I.Y.dfV............._.D...e.AmdOo.B..A...4....Jn..,/..a.V.....qFyz.W.*/-^....\.,......c%.....K....<.8....T..*.D...NLC... ...%....d.vL.?..W.8,.'S...0AS.....qy..4s...ljK......F.....i.V...Np.5.."u ..QH..{.....!pcK.^#.U...I0....)...sta..Sz`

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702100v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1704
          Entropy (8bit):7.872957113350848
          Encrypted:false
          SSDEEP:
          MD5:E9D403BB0879EC0C4E62048EEFBC68AB
          SHA1:DD023B51EF2A999B0CEE55AC0B3B713E53A4D11E
          SHA-256:34C978B5DD53E5D27A611339F06F4EA0C0D4FED96FAB73D642481B6E9302197F
          SHA-512:E88F2D6659ACE05A218F1C68357C1685A0B4F507C1A918FF89D46C9321A05D075382C39D72240B9EA894A8F9235AB2B55C3CC92E231C9DAF7B8EA13ADAB6F45C
          Malicious:false
          Reputation:unknown
          Preview:<?xml..T.]..."x....q;.]..=..%..~~..qQ7...L[h...HP.....0x.h.....R..O.........]O.z.%z.k..^....J..I....#|G.D:V..3..9.Z...d...L.H......|..u=.....n....LB...V.p.i#......._.E.>..a...Y8.al.7."..Y.c.dM.. .V.....8.Eh...MZ:X.[...w...P...JG..8...V........Z.._.v-k..x2...........'...E.....F.^U<6#j$qd8.j...?..*..uL...........\.j)K6!5.....;O.@$g.4.CZY..{.lLvXN....?...H...h1...:.Ad.....H.gG....%....K...6..8.z..q...p.)..7A....<A....Jd....C..+.H`.....'LL....<......90.....7.r..-...v..S..F..A..dg.f..Q.rm... .\/Ol.....}..TbG.gjG..5..\.W.B..D*[.qI..=.N.d]Ih..J.?..`.I...IN.Z....].%....>..!..~.8d.......)...5.uz`.Z.... ..l..E..)Y...bBH...)#.7.....yS.n.s_...9"...]..........R..d..!.*....X...l..2s...........{.8o..=..P.."R.......K...qZ<.[e]_..c6]qM"`..nb..<|=&dE...1...,..,8x..N.....Ap4.rE_b.{bVw....Y.x.V#7... Dc.....m/}'r.cq#.\..v(CJSK]..<...'.+........t.O..F.....L!..#.7...SY.$QP-.J.;n4.....Ro:.(3..]....lJ.{:."....R.0.....P.........Sf@.......Lj&.u~.:.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702101v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1741
          Entropy (8bit):7.899696454888778
          Encrypted:false
          SSDEEP:
          MD5:B734516F5C566DC0F530DA9721F1A27E
          SHA1:47E8B54540CCD1E65DB238C6774DD68E27B84FA6
          SHA-256:DDC4B20AFA2915993944407E59B9AC77DE63E65DFFA9EAC457D6A6377A0A8329
          SHA-512:18A778CAA09C7A77AE3AD42BF81C4763D44E57BCCDA25B92813C5609DE5D9403A212CEF4E45C4787EAA41DE8B0E6495037AC322A5A08F34B68A839ECD5B6236E
          Malicious:false
          Reputation:unknown
          Preview:<?xml~.".[3..q.%.`.0 ..$...6S..P....u.{.i\b.$.W....5............h.,.m\....u...5\.\..zN.(..D.V.....I...?.:...)i.....W.j..H.].8.."s..j.9.!...;.u..9`F..V.......8.;fV..s..I.5=`.._.)x..3R..9f../uj_$O.A.n.i].....^BzS8....J..3..P...U....NQ..).q|-._.{......t#e#."$.;...3K..P.&....1..X...../..9....u.%...H>=..d..+<..m....`.....xE~...a.V...=........u.u...>....E.x..C..8....B.45..V....c..O...D..<V..+h.j../+ ...Th...3....-..].....)N..Gd+<N.Z.I.4R..........w..iC.@.d.iv..R.?.R......>:1+.A3....[l.... 4.y..R...#.o.O...5..`...g]...z..9-. .......)..k......QX .h/f.....<),......!.A.p..;.19....;-..Ee.>`...,0..\....Kr...S_....j...#......a...O`...U..Wv..g.!~^.o?[3...yX...v.~...L........A..*|...ZB.5G..8...]..i...c?...'=x6.....y..`wZ.M<..."S!.J.m...]1..w3..T......_Q@.H..U.....Q>.;zd.>{I.w.X*...(.P{.....X/q.F.c .....w.W.T.@n....s ..!..BI....;..P.i.h..e..@........%...7OH.. ..K}:-.....M.~PA.91..5.l5...V.}.Q.f.a^... .. V&....b..J.....@..1...hg.,..M..U.X.U.*.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702150v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1693
          Entropy (8bit):7.8701902114329005
          Encrypted:false
          SSDEEP:
          MD5:E7A0E593630FC5476F4BF1BBBC7E90D7
          SHA1:06EF1851938D0FC51CDDE4E6AE690CC3CFBE2379
          SHA-256:564E9C51DDDAB477225F1AA771CE8F2D2BF9D258231A3FA7251A2BFC8CE860B6
          SHA-512:F911686EF36E0AFE44BDE75EFA92A6BE24D15C195801C2A7D6B2D9D5F10186E94DD187DABD1ED434AC693756193D0AE31957699FCF7A7FD53BE050CA64C1751C
          Malicious:false
          Reputation:unknown
          Preview:<?xml.v.X....D..O..1{d...L.sb..Gk..~{.9;O5....6..>..Hrd~.r...*.W..7....L6W.M..,.C..7.$..2......w9x..PJ...\A. "[....rBK....*.ii.-*{P<f..(...[..a...f{.S...l..U....B..*.WS......p.o......=_2.y....b\......x5L....<......K.u.V.L..|.J'.e\-..rv....5w..l.....;.I.h....C.s..<dG.I..}.n.J.,.]....['..hH...8...~.:...0......Z...+..$-.*u.9t...A.vR...}p..y\...`..v9...&.8..U....S.v...=.KW.p....UC..P.r.......`.M. .q.i.~..vh.-..3.>v..h..R......6.-.T.<..w.TK.P..%'9.j!..\...._...mgYK..|'..P4.i.....Z.....X|..?....z.v{T...}6.K.j.....#N`..P..d..O..dM.+CM...flq.2...+5.@3..Z..<J.Y...wfY..Vb...m."tRd5....Tr...v..a.............s..a.....~e.$.-W...5....A.;"0z...1...^.#)...Z..0.23..oi.SHg...A.Z...9c....!...c...).N`.;l.`K....1.0...up.X.../.b0J....._.h.y..t...\Lz.{..l.z.\>(h.)..5P*...p..K...w.I....["..n.M.J.?..b..",.u.fJ.\.r.....(...z.<..2..9....({.d..mt!#5.==4.0R..>z.v.....^....[..+.....1...-.ts....y)..!O9X..=...L../..".7.LYgD.g1.T..6>..DQp..H.o...........T.9.ed...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702151v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1730
          Entropy (8bit):7.9024557500089205
          Encrypted:false
          SSDEEP:
          MD5:E25FDE97471F275731A5F41BCBA1890F
          SHA1:B84168B5CE7D7482E4D2EF409BFA238F3DB43683
          SHA-256:1D33842455ED6245D13EA55DD502B6C817DF9B54B30628B551527B8E32F43FD9
          SHA-512:2C3AA921F001F5BF66B4387CB608008EC4717D8E6B2C2996A4158D1E8D67505175A78C1D49E5C3AEA5BFC274BCD0B34BF39F80F8109DB6243580817559AEF8A2
          Malicious:false
          Reputation:unknown
          Preview:<?xml$z..B{....L]..Jt........y=..cp..b.!i.....+ ...E`.e]..$.W.b.k.....` 2.)6w2...c..!......7.,.....Ve..p.O.j.Y>.+:............D...\../-I...2........x.....i.....A.&.X@..s)s..U.....JfT;.O..3._....Z...`....-+2.d8.....,.PY:...+.Q..v.O.G.?t..W*..`....R..qGL.liQc....B.s20.....=.u.H\...7mA..f....~..WO..K...t..(.c.:.....b...H.u7..W.B&....Z%.8Q.P...^(,.;...|#...p.L.'..-.-BP&..H.1I.F....4.~.......Q.S y..z.[..73....L.r..^m..hcs^"..@....cs...2.b#.S..^t..k..q?ic.w.w..#...m.$~...,.....I...}.r].....o........x.4/p...P..*....+.:....B.Y.n.I..z.H.-!.,.)....[o..{..[....N.F.......i..0.M....3....v..2...x....I.W.M:6.N-.p.......Iu.......G......`..q%...*K..6...!.X,.3....c4V.*^.@.r..N.t........W\s..?..(..Aap..Q...<.......Q.#W8......$V..5...I......6#_...B.t.wo....g........Yh3.........#....@.Rgx...L.r.m..#P....~....0.,.F.....6F.o..|...............r..`.V.|.`.8M...5..).".s...).l...N..............'....P.C....!..ci.._.aLtF=...T...q|7..,W)..RZ..m.w%. .{..i0...fN...>.e.+?_'.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702200v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1693
          Entropy (8bit):7.876698519160836
          Encrypted:false
          SSDEEP:
          MD5:EBD1D2E26F910FE60720A36528139F41
          SHA1:07AB5F85AEF0A97459260E397F136C889EC1C360
          SHA-256:B3EDD48D3F7B2D832C6BC79E7B75CD6C17648322F8A0753AD3E3B43BF76D1C94
          SHA-512:4828D582C2DF011E6B6E9A54AF06CD16CC4C6CF84FA230199FEB35A8530D12645AEDF8988A44FED388AADB594D232EC208B3277334217EC49CEEFCF5693672F3
          Malicious:false
          Reputation:unknown
          Preview:<?xml..t..Q....XR...............|(....H.qx+...ye..D.up/w&.V..h.i..O..L`....bC.....B..!].....x8........aNB.l.....e..j.w`.3.SK..oU.....s..}..3\X.9..{{.FV.O..I.-.....].3u:..`..".=h....x\.0...p.....f.(R..-.\.......Q2K..u....9w.^.....E..2.N..@...R|...XL.]............PBa.:....~.s..)....(D!..zY.).k^.v...4..r.{..N.....`.......Mci....\.>.2.c...L`_..]..$E.h.........,2h.O.......4#.5D\..)`..~.i...M....O'*........z..k.OY..j.5.f.J.3....$....qL...E.c..........F.i...U..9..M........(B....B.I.....%.8..XV.9./9<l{.(.........*.<.9.o......1..:BF.O?......Fv.....y..S...BN._.a.q.2WD....[%.N..._.. Z...cU.,,....Yc..:....Rv..A.-.m..W.......`iR..........C...D.....=.X.....T[5.....4..},x...d.*.v.e.36..*Yx...\..J(.sS.x.Y..3<...5.8..9...Kh.w..9#.~.....e.*Z.Q.$.M........$.w'..)....b.l._,.%..a7g.S...:..O,....o.9}.+.a......Y_....S...O-.k.8.mrV......G...fo..y%.qcCQ...O'v.R.d.._21..<.8.;..... S.!...(.1B...C~.kM.n..^..l#f..I..i.{.g.0+S..........Bb.Pv.._...70+....]fn..m.A..8`..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702201v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1730
          Entropy (8bit):7.882345705728578
          Encrypted:false
          SSDEEP:
          MD5:0EDE76F1F2CAAF03CEE350805F03EE85
          SHA1:9A5798FEBB5B12A915C4498C30CD7B6C1187E602
          SHA-256:7710CB688C472A132F4A3BFA3B41166209D2AB186366611E1AB843B93A24083B
          SHA-512:2DFCDB2FF1F393F9BA6D87C84CE24F045A2ADB6E5DEED2B94D08B64F7832C4104E4C67874D1B408C970C2FECFFC1A268269ECAB5A148F501BF2A5063F084CACE
          Malicious:false
          Reputation:unknown
          Preview:<?xml`.F.....f0..Y7p\. ..U....\..@...@>-N4..._..Xp.oz.]geRo.:......0...e.....I>.. .. e..|.(y.EZ..-.%n....Ic"....!.|....=6....#..O.J.!o..p.....f.m.6L.]t...."G.E.)....N~"...L;.IJ`&.%$W.4..[....oe.)..)...^R).)Q.n....~0)3..qZ<..J..fp"M...$..6.+.O..LR.... .....H..\.\y..i...s..$..#.u........".s..".i...............f.......A#}.|....PO-.fi..e.t..T.>.+.W.z....bW.U.)."}...`.....6..H.~9..8....*Q...Gx2..W?-..`....V."^.4M.C.....1.J|1.ZC...5..M)a.Au..,-..0.tE.Ib2.h.R..0..omsJ...,......U...0}Xo.M.@..........&4.@.6IkOU.~...K`.C.73....i...?..7...P6A1......6...}z...Oc.3.......a..p...P.@7.*..([.`.zF.Q..B..%...K@....&.../;Y.D.X..K[.7'T..r.M.x....e.p&...`.L......}C...F...b.t......a......O....r...Z.6.R....!....?l8ai..0...).ar.3...=....0h.B./.h.._.m7........A<c*..")...z..6..*h5..R.+.../l.X.{5.B.....7;.a..\...l...7du.M.2.D%.&.y.............S[..(.$..!.0..>6......c..2..'..._..Gi...iM..BR7........{......K.boE...._.bv>(g.4..|.E[.T1b.v.p...,..>.| .I...8S..?X...r

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702250v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1685
          Entropy (8bit):7.880213077030074
          Encrypted:false
          SSDEEP:
          MD5:30E5F8B5A83FE09A0BABAE482DB614E2
          SHA1:E94E2674E4211971A04803FF583A96BA0BFC964F
          SHA-256:255A0D4AADA744AC3A80E46A7047ABB157B9ED4D5437F15FCEE7D4EC6263B0C1
          SHA-512:91442D609EBB2ED31260FC8A3EFB9C347AF7C10932A4534381C33DCB7CAFDBC5160341F48A41A133E506ED47C566C35DA6CBA7229BD03ABD91D359BDA4858B15
          Malicious:false
          Reputation:unknown
          Preview:<?xml..x..*.~2.TN00.F.....R7#.m.../.F..0...q.....~Ac...n{.T.`>.m)......HE..}+h7.g.w;.\. ..0"z..t3..{.rCG.....':>..*/SVF..Ab..../...pO;J.....#.lI.....~2.~..._(.Sc./WUu.|...&.c.t....)>....3Y.F[.... /.....GI....5L...%u.lft..=.S=.Mw*.ZP.\Um.+.`./...#..l ak..K....D.ni..X.^....g.6hW... E..J?T.(..1.:...d..{.......v..gl..Ry..{..X.R...\.^V........*E...EC..].....T}.n....?..1+.....h....Bs3.o||.......$...:y.b..q'..-.}..g...s....a../.W;M..M.r>...+.R.....I.%...c..C.old....$.._..v...|o.H..Gd.....u.w.XYb.iW.Ud.X...`..-}..Wi8.T.k.c....).,.,..ot@..v...../>c...7....%.i.[..]:.r.-.4..y..7..D)..GN..3a...\kg...c=.5....bNe...6..X....{N..&).V&........`7...AZ.E!&.....w....Q.W..0....-...P.Tn.N....F..U..|.zo(.xS-61.......I.,....|..>l,.!0.}.....v"9s....">."....4.....!ry.....v..=.D~G..>Y.n..... s0.3..G.w"..j......l..|H..".<.|..g..nN........Dh'..HhRP..)6.#...N."..L.m..J3i..k...0....w*\.E.!.86...A.I..i...Yi7....[(g..].O....g)./b..5..Q.I......N.@JS.c+.....L.....D.4>..j`*

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702251v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1722
          Entropy (8bit):7.865243847427426
          Encrypted:false
          SSDEEP:
          MD5:AFA5BF4F39356FCC9E4CC754E3C8041F
          SHA1:52DC364A9C20F7D86C8D423EC628E2590C36572A
          SHA-256:7111A7E46241FA5932F8F17B42F561BE10A347273E6FAFF5F271F79F3745D60C
          SHA-512:8247E8B55F2D516BB6B0E823A39F12FB7ED45BBD3876D2BDFD777A7ABF98AB5C68990F6DA98D5C66A6B15799DFCB36CF7E6803E8695560E8E9973D6352A96FC8
          Malicious:false
          Reputation:unknown
          Preview:<?xml..L}.?...&.4.'r-...w........_..".K<.|..,..c.y.L... @.JbO.&x.9b..j.nP....N....n...H.J-P.(...[.8.".g.._+?.......M.EC...kr..1..-=*..u ...sL<$.p..>;.I.....{.....n!..>`..H.........~.&|...Bv.E..?,*..>#W.l)........n#..#.w.M.E.<k.5M.._-........>.z..Z..........C.x.T.r...~.n.1....3J......V.Q.Yk....#.:9....&....(M)KSxV.8..EV...Q.)..jM.".H.d..<..k#..%t......Ev.f._O..0Z?..qzoc......0i.+.P1......d...#J.I..NF.B...A...f........8..t.{.?...dro..2.4.Z-Q.F...q..R......7....n?...R..f.s\.......HKk.a.x.....?.f......Okl.M.............9I*.k..W.........*....I]...<.h.+..?.........C..."X..n..K....,....v.....m=d...I.......m..-....`...C..6.?74a..".362F\k2.c8oA.F..-.-Y..o.M@.lPj4M...6....D>...V(c^2..R.{..2&.....|..D..P.U;.2..W.p.......e.p..........%b...3_&._q......~....!...<?.f.:`.-]...v..W.KKO.S.5`.].A.....B.....H.R. ...z.....U....9m`%......)_.pf......6_.D......HM...`..L*....*.#...Ey.;.....~z...Y..1....S....v`..7le.h.;..s..8.|.pg....8J..P...........V...H.z....`$..\ut....G.&Z.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702300v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1695
          Entropy (8bit):7.895200767657919
          Encrypted:false
          SSDEEP:
          MD5:A0D42792E363D4388BBBA1E24584EC4A
          SHA1:10A4FA13E44AA68A3F4B4C75504E28FD327DC53D
          SHA-256:7A3675D6850C39EFEE48B97BD41FBF0B06E1B268996F2AD9F565F01A7325CC9C
          SHA-512:3D12F63B9115B5BE480F57C1694D33EC66E3BCC7B5ED6227C677F59D97A75468582C38A9ACD86DAB4BCAC43016C2BD469135BCBF034732CCC19A3EAC299112AC
          Malicious:false
          Reputation:unknown
          Preview:<?xml...3n.p...s.u.Z...a...yEQ\jK^-...F...[.A..._..s..0....g...+"..z..`h.Y@a../..6.,.....Kjl._.....$..p.6;......g.l.z1 .1.w/V@.ORY.QJ.."....o.H>C8.b..(.m=g\...%.._..r..HC)...z...wN.n..\..x.1...G....;.E....Y..fZ.S..B.+.......H...G.2....7#... .`..I..b.Y3.k.25..-N;.+.......7.)..0....d1..Z.V.6oR.*..S+I.mj........M..........z4."..g`S..b&...X..t.....1<u.O(o........r<..m}.|......P,$o!,.@..O...[..iC?l.BI.(zp7G.|...Ur..;.a(qT.../...K........D.......]'Y.....]....A...?...zyA.GLJ...3...!.m.sw8......Xen..rh...>...1t.$..C.|..Om.M6......[L..^.....p....)iBP..m..g.6.n...%.~....H.{b,..#'4Z..V.....]H....4.(V.$fT..+".J.#a.w&..M.uD.i...v..#B$....pu...:uX.[..4^#p.].<..{..9...K.b.~.*..9..@.&T........\.As......}.U...*.&..c..s..U3.....6^....?.._#..... vQ.o..2.^].0}.l..Ky.......z7$.;nv4e.3...l.......j...7..^...E.'r.K..V...A}k...7.b..U.A..2.q.....[&.QmI.K...X.fe.aQ!B._....R........O.5.......#..k.t.&8..2.I4..;.B[..........M.%v..;.Wc_..u...g..2..7m..W.M........%...9m.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702301v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1732
          Entropy (8bit):7.884693716983996
          Encrypted:false
          SSDEEP:
          MD5:81CC7694A5847809F6B02D902A22FB93
          SHA1:D0677784BFE28337E10828F5AE8CBE0873CB3DED
          SHA-256:D8C570F40D639CB6317077EB8C702EA2970D573BB71FDFF2A071770E11F95C9D
          SHA-512:352A3B5D5CBCC2C62812B016B81F4018AA05926704A382B705503B1FFE5C4DD88980F561A6091C98ED04572220D20CE475E4A579FBA54BB49A9390885E66262D
          Malicious:false
          Reputation:unknown
          Preview:<?xml..".;..'"#2zD"y..pr..{V.....L.......L....}."'...a(c;.W.S...F...c}}....,.@........>ZE...-S.../..e{...AB.<....].......Io....gdK......|tHlZ ....>..#.c..?.b`.C.i...IY. ...8YB.}.... }.C(`Oy......V..?...u.X.8..E.....pk.....Q.K.........8O.|^I_l...........'.f.G...4y....o..7-..V....%*....d9..\..RM..#.....<.....Z.0.Y4h..(FCx..Y.e. .K...5.%vM......9.uF......:Y?Q!...,.G....L.I.....X.....w.e..6.}......U..#.'.y<I&.B...8.T...u^.)m..3.E.*..l.....jM^....S.)PUS.B.^... .*...#.A.."R.O.e.5..m......4..%....J;.e.}..@../.-.X.Qw.......z...!1.|I.y.Yt.....j...o..._....{.n....=8..$T....!..'.....?.'...,.....#f....C...b....vu.Y..!e...).Io&.}..O......=%=.ViA'.J.r.....4r.j..4| ..<gF.k....K....BE.Cu..0.....8...92rW.k..p...y.,...-."...4.8.r.0CM0.$..-/..^4e...sup....DHO.$....$.n.5S..}5...-..3.~......t"+......A.....%.@.0{.H..o.K......+.|S1......c`....)7H%X......;5..T....E.w.V.u7$.i.......RQ...;.c...J.8+..*.A..1).E8...F..f....L..+20.s..?..l.A..S.........Z.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702350v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1691
          Entropy (8bit):7.88037175740823
          Encrypted:false
          SSDEEP:
          MD5:C310CEB3B5B59B5010EA399EB3F6AD4F
          SHA1:2A9A4B0D3A9263CC08F98D47D08E711AECF4A51F
          SHA-256:5FDCF4A1889EE6E41BEB2836A10066CE0CF1529488F35C5FD717492B928D813F
          SHA-512:151AC431E994C0A97FB20F1F81C29ED35A7D036AA0A51AA9863C1B892FF5CFF6E96F883B22E368068A9FF97912AC78C83242D4F0385D5949C2BD8F2CDA8C899D
          Malicious:false
          Reputation:unknown
          Preview:<?xml..J....ng.k.r'.z...&....(...0+..I.....N.Y.@..p.mN..hOe.n./G.}..g.e.r.u.WvA..m.J.Q.5.`l...."]....I....8.....q....9.%&.....m..+....5.7cB.ZKy~c^....bX.By....l.....>.(..&..8^N\.K..j...W*....".!>.O...8.......zj..F.-..57a....i....n....<..W.....i.....\..^[...........[j.?`...>Kj.h..s.}uv....jB.eMI.6.2 ....).[....G.x..v.@...&..wDc.s..p.0.z...........-.#.i.X......B.....e....o-s..F..z(g.A_&.k.....X#R..p....^g5...s.q......e.k....]......M..M..g...0.f..4.....d3N'....>..,:.....e.)..y....1M ..> S...X...E....^.;..Z.....7-E...k.,Cg..L.......uD._.....?....U....f....b...@.sU..S:..|./.i55 U..?...x......M.F.QI.v8.]..[-$.....1.xW1\Ue..Y3..`F.........um.(z=u.Mj.3..Q.1...:..Qn....!hs.@I.!..$\.....4...U.\kziQ......v.5..t.hl.;R.D-......p.0.P.....b...f.3.*...\`js.3....^*ah..m?...b....2^18...c"_.pyZ......U..Y.UA...?.5d.......`|5..................V.b..6q..U~@.....Z..d...D2.5......c...w...*......9}.......Y$iG........?T,w.Q.m...=..m..!.V.vB...Yq.R}.s..u.+/.8%..C..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702351v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1728
          Entropy (8bit):7.896113833954123
          Encrypted:false
          SSDEEP:
          MD5:7A2A706BB92E2BE294178021E69F9995
          SHA1:C3B1F5E2DB8A495CA3B590B2073E8853D110F466
          SHA-256:BD952CB5EBDB9128867294CF23C41212EE8E1C4A9EA05607EB69725C5DEE5FDB
          SHA-512:FE1D88D213BC87FAD15794CB487B3A2A57BE80B30C2D92ED86D67357779848DBDAC1617BC58EA71BE7C5AE06CEDAFDBC44B2501D009D4266A02573DFBAB82964
          Malicious:false
          Reputation:unknown
          Preview:<?xml..F...H.e.P..<.G.h..,...=.$r\....3'...1.....}....j.j.X...E.........m.f.i..M..h....4N...o..5.-.'.S...eq..m..............~.>.5K..)4b..........e..n/....{o.BC}...T...&...XR..2..>.X.M.{.|..am,.KI\..9...[u.....W..(........S~s..Gi.C.....a.6.~$.#..~....%)..t}AqV8.K_*....r...J9yb`....R".7N[..T...U.!...^....d......'%.1lx.z..P....v.....V4...(.s*.^....j../.I.....O..l.o..@.*.iE....]...............}|.3.N.,..C7....Os..m......m..c..VF.H.N1..g.3..^.C.a6++......W...'..>j...w.8 ...M{..7.F..-...gp.jV....7Ka....$.w.0.S.l..d..X.?....b.....DH.?.......i...z...@f.....x3...e.Z}..=f...U.8\/.5f.>'.".....A....|VQMr..H..Y.+!5.39.....N3V4l..Gn'..D.<..X.,..b...=...f...R\.....>.(...)..lK.$g>.]........-p..6....mU.,b.....x/.-...5....b8.0...LOg...|..T?..l..C".cO..xK..!.a;.W]Tj....n.<..p=F...S}t.E..]4....Z.L.....s..[./...fS...I...%....$...=..39....B..Q.... M5r' ..q_D..A3i.Z."z..W..v..."E.e....V..]B.G...=......}..(..G%.I.I..x.n.....w`s0.hB..,..{........Ao...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702400v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1701
          Entropy (8bit):7.884793461168294
          Encrypted:false
          SSDEEP:
          MD5:115EE5E6C05FAB89AF33225C163566E7
          SHA1:1AEAB24E0F2530D576F1E6859A5C59744E275CF3
          SHA-256:9C5121DB5D7B90D95B10BDFA0E510A45086F1081D47D1E2E2D6785352990B13B
          SHA-512:90C80C755122D7D3A56457DC63DAEBCCBCD50D9A5FAE7995EF4AA7B862E75276317D69AF06D6C891DB9E1E896A7E28CD38E5D6B4FC145E374CFECA793E3CFE8C
          Malicious:false
          Reputation:unknown
          Preview:<?xml.Tq$.l...i%..I5.....d..h.;......@....5k_%..J...%.y)~2.Yk................V...fb..XjU&fZ)..Q..._..z.p.S...j.L.B..P...@$.r.Y.P#!f....G..y'.P.....1(.}=.^.!x.F....@.b..q....$B..$\L2.{...+."..^i...f.1t.?....W......:h....jgG."..;.TyX7....*.Z.~.......D.....l3V...d7......UJ#=.W...b...H......sJ..!.....AA...x/RO....H|9.XeSF....27....?..S.f.V....[..'.f.....e$.ae/.~wyy....5<}4.K..Qb.t..}....}K.Ig..$...F.4>...J..hj.....$.:.w.w.+..a.K..&4.IP.1...0..^.P..i...2.....t..+.V....h..V.,.........9...K....^.%......Ik.....z..m..R.fs....h.br.c..Z...._...K.g.O..5m.5..4/4....X.....Wo.".....H.......3.......c....g..x..U.].TY..C.....6.....%((.....=.._P...Y...(r.0.A.yq.....M?2x."{d$...u6V..i....4..:.5.L?6.......[......^.....wC.=NE...I.:"-.\..._..i.+-.....aG.-....'w}...I...T...q..A.X....9;.@....BH..o.H.&yu...o...E..^...6vn.aP....U.~"'...M4..8....?5...@.#(w...fZ..Fs~.Y.4....."..I...........n.....vJ.....|..F.I.O..G._..5r.w.....y9..n..>.+?{V-........sZ`.rr

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702401v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1738
          Entropy (8bit):7.87074266480734
          Encrypted:false
          SSDEEP:
          MD5:AEAECB0F891866BC908F931413FD4100
          SHA1:2AC33AAE43CB65ED04C053987352B14D49A3CA68
          SHA-256:1E2DD5699BEE83A19097DEBF4B8A69AC5099F26461623BE389E5BD0CE4404321
          SHA-512:762B27FF2F71AAFBC661E47AA6FAEFC82B21B077A6EE9227220DA2A46DE106B801EF7C3D2A335BDCA5FFE8A3B7997B091744782A135E8619A97AE159889DC2F5
          Malicious:false
          Reputation:unknown
          Preview:<?xml.E.....q..-.q.?s.j._P`..Z-"..V2..y..~.HIq..K.......IL...$.NM......|*.....].UI~.5g].....O..Wn\..~.....Q.>......d.e..JY7..n%.....I...-v_.O......i..QX-.;h....../...G..2.%(.g^....H. o...sn%.p]....l.Ez..R{...O...n...........=..O.%..[q...._...`.]DU..agS......W..l.6.>...zo....o.3zmy.+.[%s.>J../...l~?;.o..ej.A.....@..p:..2U`....o.NT.nk..t....^c.I+.i.5.\...,~nJ.W.p...~..S.K.....<SJ.J_..."...U.q....0...G..I..m..e....@|..7!p......;'.......ln...i..._#)....F..l....V%G`e..m+$.r...Nm........O...=.$oB?V.......:....)..8........D.1.N...s.q...sD{.w...h_/...g.....NN......>.J..t...@.<^..].-i..[.B...)m8......8.b.....k...^<.0..f.".I_c..B.s...R9..=~.......sM.(.....C.i..m%..}8.[Lm.........\b..4@.....8...,..[>.J.....HD.1.N{.C..W..N$....w%.Q.I....O3B..}..*io.....*=.fC...w.....".h.F...."f/...E....]t2r..\fv.9r...4>....J.U...&h.n...f.i5$n.9_j....U.Y....1@?3.nIV.V...`...K~.* .fx....L...x4.@y..>..n;.P..Q......[...+........)..%...6..v.....a..A.b.....|.3..X....~.=?9

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702450v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1693
          Entropy (8bit):7.886366325804559
          Encrypted:false
          SSDEEP:
          MD5:C4DF68D1DCB26EBBDCDF7554F05C5B60
          SHA1:0BD4130E4BC67945DA833E652F640B734F306D71
          SHA-256:328B3842487730F56BE221AE486EA0FC91BF95C80BDE4B582F29B1BB96E39398
          SHA-512:3067F59C49D366DA0767A7078374CA4B2C500F1C53FCDD5F4843B53B68CC872186F839FABE726A4D59F9E5AE147ABD1965735235D7E557C3F41A12C41DEA12A6
          Malicious:false
          Reputation:unknown
          Preview:<?xml.... .v...t}.z.j.r.t.."T..Y..-.}.g^{?..}.u.:.>.]s.,H'f...`.ms.f..~..$..=vT..L(...wS9A.v.......@y.{..]..Q.,../..G.=..........n...VG..N.....w..?..=......a.{S.p.Y......h..TQu....;..K*....O...%.L : .T.X...t....v..'.....Jl..t.!..!.sh.u_..<E.%d.3...L ....Oi....r.o..@G.+RA.....z|....i.e.`l....`..l..x&W..=h.r....vx..F.-V.\a.b.H.s:...d....V........Zc........N.Ng:JN...x....>xw...U.o.,..v....iQ.0.(.'.........An.^..... [x..~.{B.nWdkX.\.B..CA.'.0.. s?T/.h#c.w..]{.|.[...y....<M.........<t.:7....0.T.......h..<@..P..G.Z..%...s_bX...?........e.*j=>Hw...,[8.I.....a..r7...g..x{>LN...ZT.!o.#.......r...=....3............<..:....j1D....t....yl...a.].7K.....aK`...V..?..\.ft.Q....KK.J.}:.....L....}0SK....m.....'.D& .k.Sdz......Q.q%..7P.Br.7K....b..*!....;.x.......5.~....Ow.n.,....M;k...^...U...w.,.....=..;....v.2.3]......2.^.Y.....2.y..'.@.M.K.@c)[...6 .T...7.I...2c?Td.. Tw....Q......+..4..E.H.1p..s#=..-....^iI.;T..S..u.S.F....l.j.a..!z._.{.......e..'@..Em.(...L

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702451v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1730
          Entropy (8bit):7.885100922374524
          Encrypted:false
          SSDEEP:
          MD5:33DCBE1BAC7B5739F95A2C481EB2D549
          SHA1:FF94C6C5FB1B500F7873F1DC26B8CB6F2C626CE4
          SHA-256:D8FB39D5969AEC59885929E1D0A1607DCE08E0A6ADAE72F97D5581587D241C54
          SHA-512:C11E0F94CAD9343787095A260AF9671E0489846D255636E1792ED01F35D46BD3E4025679BD4208EECBE7D7DE1009C71CF431FF361FD916EE77C44967B106B103
          Malicious:false
          Reputation:unknown
          Preview:<?xml..YSa...c....8.v......'.#..k.A.y....e....1.'_..._).C..,..c..!.W..w..$...<PD8.>..!...*J..|...[...y...[_l..........?.1.":...X.......f<..W.....[..,Vj...9O.|A\..k.f.....i....`.....t.M`P.......B..l..n...j...<.!2.w.X.2....M.X..?{tx;"..\/A..;Hd...1.a......_.-..H.....w..z...o4..r..=!.G......2.j........z=M.C.d..H.=y.e..:ye.U..." .YLN..QB.].b.CCY.......7..h....`...a....s..nh......cZ...f/.....(/..?....~E..I.(.z.|f.HF.m)x...hZ.L..j7..8..T..G...Q...`v.....J......%-..,v.`..6....;.0..t.,.......0.e.....b.L...z.!.RH^...z.KW....[G....l....E.C..2...5... tG((.$..^....?^...|...'c...z.)x.e.}.Y.R.'..b...Q..b..e.C.Q.l..e..$..?..,*....Eta.6..Nr.w> ...L..C#.c...B.d.8.C...Sw..x.7[99.UqV....G..g.B.#......Z......Y...0..!......I.{sR.@.z....J......W....#...W...Z..t....L......=...d..%.S..97....W?..........x...?:.gyL..4...H...H.q.?2..[X..w.q........W.8..>.....T..y.+.@?.P .,.......6.....du..c...E...>23.....mj..XO....-..w.iG.{.2|g(..@.....I....U.z"0E...0..."pT~...,YS.U

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702500v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1711
          Entropy (8bit):7.888340618121299
          Encrypted:false
          SSDEEP:
          MD5:CCA30B685A486D55819E1B86C6C4A4D9
          SHA1:F6475D917F34771E1A3DEB5869B6E9FEA413956A
          SHA-256:E468AC0E92F3ABB613B5DB18E1BFD4647888035C823665DAA7AA32C82BADE754
          SHA-512:32668C39F82DE48A258AC0D0A1F8BB8B05ABD7A574B3A0C539595E1B6395A3524B82C6C37BEA3F4341BE2AEDDDA31EEFF51CA23B6C5ABB30ED810B99FAAF9FED
          Malicious:false
          Reputation:unknown
          Preview:<?xml..tM~.=.....M.I...q....~*].....5.d......0{)..GFX.<&...b...Ce..Lc..X.1.M..w.G3...\U..E..:.X.`\.';...O.g..vz.u.k.....R...6.....y..{e....*...-.g.....).$.f..1.....x...ZN.2:.$c\._..{...'PA.p......I..E......P...P.8@..qR........N..7Q..<.G...Iw..'......2v....Q....>..NK...V..+.G..$...o...Q........%..@.j~F..y(..`........B[*A<t.b.*N..~H>x;.....s.?.m.<j...H.........d..2z ..P(n....E.x.-...V.!.....s@c6/...~....z..k(^...:....9.cs)....t.. ......_....?.{.|.F#...d4....p.V....Z1}..;Tlk....=f..pB..4H G.T........i......|.6......L$_V........}b.f_..%.........C..!.6.......j..@.&.P......G.h...A..........G...Za#...WE....r...0....s..y1?.B.s..._i.N..Kbi.A=..a....J+?.g.>....I..-.9..\......k(.....|M'.....pz.K.X.?..[Df.z....E.[.].m..#Z.L.K...".V...qv1.@b.....+.Z..M.]J.fU<.5t..In....k.[.M.....$.&>..$..:..}vU*.a..(.wm.P...Ei/S.c'w5.,.:..M. ..IM....a G....c......HeT`.M{GQ.o.l.)>)...\..G...(.<^`{}..4{...s...7s&;@Z_..9.;.......2.d.....t.t.;.K.....]L..[VI.7.*j.(.h../ ...?..F.T`

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702501v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1748
          Entropy (8bit):7.880986763003617
          Encrypted:false
          SSDEEP:
          MD5:67A538A728F45DB9C20CA4C881D27D87
          SHA1:96113B2C52F00840F388812F7E31DC7D0128BA66
          SHA-256:125E278F6286217AC13D3C42BED1D3EAAF6CB089FFD3597CEE77608583F9B6EC
          SHA-512:E53C873D5AF0EC38691905F97428877B00B80719E1A525E77EAB321D02060D516659C4CBC4D437E5228477B4681966ACB7C9AF419AA92D0A8B0A96FF69F4BEE1
          Malicious:false
          Reputation:unknown
          Preview:<?xmlN..@.....E...?J.~....V..z.....a...c....m.(5yK...R..f. ...K...}.I.Z..ri.TAR:ld ...9.......M..1f.ll..1.0.K.O.....,).K.....|...z.;...T.....B..C..==Z....vMo.Ef...{..0..K"...T..~..A.ho....6.Y.dS........0.q.y.@.z..s....uB..|...V.R...9ra..".W.@....9}.4..R6... a.....t.&0eF...U...c..''.A r.4.ws.X9o[{g....lOn.3...`Ga.%.?..8.+.....Aqr.;.D..0#...w..p...g.'Hm..1kW./P..9..O..>.\..j......V] .......9....|..p...`..XM.Q..w.R.F. .u..Ya......V..|....t.M....*....Ni.l.I.&.`..K..!r.$..|.:&..%.`.Xz&^-..l..?..7....".D.....$@.H.o....aY.7.c:\J.ry8W.-.!.1.m..*4>.u..G...$.t......F#...aq.`.)eq.......aZJ.... >....-+.\.GI4v..2..&5.^f....7.Rw+GKP........{.V..+b...V~.?......~....u..A...P$>..-.~.....Bf.^pc..&..Y.-.(..B......3:.AM..<.%.....0..*......C.@20..)............&s.5.p.h?(.....=P..Y`Z.......#..-.C.........|9L.hN.g.b..z...vh......|.yD._.p.f5.c..1.....b....5w.$z[....."..r.^W..1.."..#........~.:\\p.[=.....$..m..F...G...j#.....T...+./.....5YA+ .........O.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702550v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1711
          Entropy (8bit):7.890164460715848
          Encrypted:false
          SSDEEP:
          MD5:7652321D0498FC8FFDD4765F36D2A36B
          SHA1:8E153869551A6F1EB8E72A45ADD974E1B602F887
          SHA-256:31603439A36C09AB0F3D978B8BB236AD47F107418D97C1A3791B1716FC1E16D9
          SHA-512:E2E1FA681E00899F43447AB03F44FDFBFEF323549BB56FA02BACC8D3D2EE3C0FD1790B098E6BE4F4800B55130058AA702A398CE7CF36602E2FF90D04F002B88E
          Malicious:false
          Reputation:unknown
          Preview:<?xml..ft.....LZ.R..&..8....l9....S....P.*.....7...k........}d""......$-.>l.=....N..8....Y.s.*.28..'Y.........]...$9....oo.....c.U....y....9J\wO..i\..Z!AJ......|.. ..[:.N...c...TH.....\.O.@....(...mQ.i.....O.8..hD~.....R..'.,..DC]..OU.....k..}B...X.C5...~yjm...{=d..-Z........-..}k>A..J'.H.+1..&....H..h%[....V.....g..%.....q.R..o4....A9........y..|.X..H9...u...c....7.:.b.CJ_....eJ.......!.32L.W~....Y..K...!.h.Y..j`..YU..J./.B....j..[.........x......=......>.Z.@..D6.!.M.aEp....g.....}T#.FY.I.5.s...m....k...|...Xh.G.....~.|..2....;.Q&...d..s...W...*`SJ.I9_>V............s.B.Tg@.._ic...w.-...MN....t]...0..es.........e.m....m......r.rW...N.....K'H........1.U2?..+.w.i=y....b..U*9..B..RJ.b.@./"U.G.%...D..j...q...6:5.......R!N.I...a.+E..JGv..t..W..K.l...V50O....1.'.....$..4.M.)V../.j.\..'v..mk...5..i.BE/.{S...c"Z..n.......[~wm.9..%:;..J*.q....^..BhW.N.;..w.C0..(!.F\/..../DoVP).#.-P..x].h.h.~.....V.X..6...".).}..q......0...8.......^S..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702551v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1748
          Entropy (8bit):7.887435991372703
          Encrypted:false
          SSDEEP:
          MD5:85F1F388B84059435699531EE9E8CFB4
          SHA1:7E1F7151E9D8B439E5958C45ADBAA1481A15765F
          SHA-256:4EC9500194D6F6671E9312F002FDF77E714FE0DB7AFABD819BEDC70FE7B91BA8
          SHA-512:E390FB2269E0FE6249EF73F5461F65E5A68D6296FC44084857EDDCAB9A1394B1E8AB00746A6AF20E3753D62D9614DFA6CC0E316BA83B8D9FC7C31BAA956C2DD8
          Malicious:false
          Reputation:unknown
          Preview:<?xml..M..g...?0yr.. X......+t.r75..F:.uR...f...>?F..ie.B|...Z".K.....K../....]......c..D!iFv..?..o.......'R.8..[.@...+..t]..6..*...O.U......>...T..-.'C...~.......P.3@.s;."Q0 <g"uTn.HX8..v.q..,Iw.s.G.9d.^KB:..W!.....K...7..*....}%.N.......;...q.$.xM(.f|V9=Z{....-.8..<.U..f;..\..b.K:......@?3N..1...6...9.O9.....VJNz.d...h.=........9h.4Rso.o.....|.q...C.2.9.M.#9h.W.8.H5Qd.....P..w.;.....w.3h..60..D...t..8.v}@.."`^.Gp9..B.@...e-(.>.q\...J.....jg.B\1...../3o....<....%.T.7..z...l...L{.x6uf..f.C.K?n.a..30.A..z!..._..uC.a..l.....y.R`M.D.El..1vH...,.O..Y}.I..".wu&..^..{....s-.:."n...Sz.KR....b..>.0.`..........d.@...1.a.-Z..eQ...KA..$.RsX.-F.h...\._..)...*.*....2w%.r..y.PL.w[..*S...=.....F....f..u.jt(o:.}`.y...r..h..9."...,8.W..l..$2w08...I....e.[..>..?.o.W.l..V<.u..I.jU...7%...ue.;..w./.....R4WhTg..u..fG.}..K.!..*.A..j.....0|L....L.r.Q..n........5K..?.K4....c*ot9.*.....HN.5.}T.Rt4..|g...?......O..d.m.....b.3/...B.%..a..9N......{..1:....|..g.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702600v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1705
          Entropy (8bit):7.882122111087315
          Encrypted:false
          SSDEEP:
          MD5:0798F7931E90B02788924B147BB9AA81
          SHA1:DCB6E6EBE1613A636470DD793C5AA9586D42C58F
          SHA-256:9945A89F9851D93CA5C768BC02042CE8CF5A41763177212EB0D7A9A0EE361902
          SHA-512:BF1E6B50F36105686FD6D25753B4DF98DAD35D82FFF8DAA3CCE56DAB5EF1E2A211D62ACA60AB5DFCEAA38D751453CFFB1B8A3CF53093406A84BD73F99A6F8F5C
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....tC.A.P.(g.G.>...}.[..R..L.5.EuM`....z.@^.....7"i`....9KK....~....h...T.W..P...m..gR=..S'.G...?.H<...]T._(........F...T.}..Z..;.L.l.....E..*..\^..]!.Qe~U..bd......7...X...j.'_$(..hg|#.......iOOt...^...Lg Xs^..q...[.i.F...iG...B.B..))A`.1.Ua...,bg.A....T.Ch.L..e....:...C..."-.{...c.=.Z......pL..*.....@.K...+...S..5......tR.S...2.G.y..U....r!.....[p&G!.S......a..$9..o..5I.X......r.f.$.q.C....p}?9..4w.......L@.^6..f[.5..JA.N....Oo.g.S./.......$u.\S.....e7.X.M.&~_8T..k.s......~2.#...#f.........n.dh.4.M..Y..6Qw....s..H.. .H...$....f.J.b....o@.=...E..__..`..k.U.o....Y.YY..S(s..P..K.4.\5e.s..;K.....+......xTE.~..n;.q....Y#..>...{...^...).}.B..=t.M-..p.0uJ...,.8I.........(.U......n61..a.W.Z?....1[.Cu.t..@d....M.}..O4.L&.X.a.......)......-..H.K..{v.?.J....OP..)...&..."..K.@......$....%..DX.....i.L.W.#.s.`x.v_...{.Z...i\H..............fq......X,....;..c...(]....U.r)..B...NZ..k.h\..S..x........F.j...X...Fm|....Z..Q.w.>.G..;..s.]..6.pj..|o;..Q

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702601v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1742
          Entropy (8bit):7.875071831510046
          Encrypted:false
          SSDEEP:
          MD5:7128E4F13DC13F5BC5EC26B3A37D6468
          SHA1:FBABC0C82E492526473FA14AE536888CAE603281
          SHA-256:9C1D242DDFE423DA89E0F1955937F9ED46C963E01EF9D98B09BBE7B7A29BDAB2
          SHA-512:47F3B5A2EF90410D7E2EF0186FF697F9D46AA36D4B7F4B4E6EE5D5058ED838B52E4E3D95DD59CBD0BF5B09AA7D868AE4E043A856248E9681AE863B4A1DB7F345
          Malicious:false
          Reputation:unknown
          Preview:<?xml...G;q.....zxac..`...k...6...C!8..F...1x....|.o....qp..~L0w((`..o).jBd.........,...I(..^...O....5.*K....Y>..... `.o.N@.F...2K.....e.e..k.Me..e9...C..N....l.AD.z....V.0.D=o..6..4.....<.h......f..7DS........_..~yu"....0{...Wa."b....).+.....2...~"..pzj.......s...h..%.......|.....Qa.....v...3.-...-....=,t.h14G.$,.$....x.S..@.;.h2..)__.~.~...?Q...?b... 3.m..1....w..?5....m...\...5...v..(;IVuzw.e..M.'.5r.!.B.r.&..."/..B.......\Ey_.jgC..I.._~.h.<..|$...%@..+n..........*.P..}.f...#.ai.d.-*.."K..]....=.e/......0.2..H.V.Gg.s.|Ska.....'...y...w!.h....../.(.\..a|T.9.a..<.r..#^..?.t..`..P4)...}.._B....'....0....R....^........{......q+5Q.....|.Qrz..8p.....;....xJp4].y."`^p.1..~4t}.J$Z..E..9.O.8.....y.`..Gs..;<o~...9S8..B=e..S..+KZ....4Tl....3|j.....}..7b....f..`..%}X.L..*.\.).dXosa..5f....yN2...Zj..4......9.....M...~.\.......)s..G>gR7~..&....d<.-.m... .7NF...k..?..........2^\-2.~E:K3Y./..n.Mg.........:..gS.!e..` ......"..h%'*..tu..Oa......F.(..5.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702650v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1691
          Entropy (8bit):7.877522943418934
          Encrypted:false
          SSDEEP:
          MD5:C1E5C2CE60037A1EEC08FF756B7FA3CE
          SHA1:CD488B390BC618991804E7DBD724B6B16283910A
          SHA-256:4DC490BDD913968DEF77F0E68634582480939EC536470BB8D125E6F44456ED54
          SHA-512:2DDF2E0B844B5120EAD97C5478168DF4997A789847D225181CD24BE4C6BF08419DBE155EC15DA0DA43FEFC8475D557D42A0E20CD1AAD9E6D177140C52AF54F3A
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....c....ST..'.....Pg.^.,.L.>...8.Nj.aJaV.>;..H......>..0.+zt.).s.S./[G\.$~N..Or.J[2.*.^._D.KI..7.<...;..P.l.....z&5q..~/.o..,.0.u.Y.u>.jK.."...v.....wN:.a.@...R)..q.-~pS.V....-V$m.=p.qTtR.-.......&A.X...^h.J.G..7./.`/B...9B.....E.m.+?..._......@.....k`....4..Z.R....A...m:..f..|....U...z.5.....i.1.+`.c...?7#c..$......p.~...M.....EEx@,........Pg.]..%@.%y.h$....x.+.5!T~.d8}.!.}....um..../..X9......|....r...!.....TA.)./...5...6j..N.{..T....L)O%........d....cW.:.Q...g)..<.|.......Pn....yZuto..X.z.!.z....VlX.>..VJT~..W@.9...M...Nd.j...".?...I7..V...r.G -..:.q...b].UU3.!........47S.=y.tf.LT..I]./7......G...$Z..........*.0.s_..94..`.[...of.x...w@:R4...G../... s.B....^@v..............f...l-..M.|..#..$....~v..........k..l).)!E...jr.H..hJ...t@...ay...3../..>....TCy..YT6..k....rP..3..G.@...(~...\..z[..8.#.>._../HH.Q..W....e...|.(.....?.5..2jG^v.og.X..A...........hK.8c....}0...].....7.VD7g9.br.O.y..M.&.G...!..Dj.....fCYB...,..?.........T.].4.6s.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702651v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1728
          Entropy (8bit):7.90014235942665
          Encrypted:false
          SSDEEP:
          MD5:70A4366A89AAC4CA793AB0EFB482BE06
          SHA1:297FE88B1D3E9C5C090D9D640B9B1C4261B421D3
          SHA-256:B4A8B8DAE7C1EE1F7B4FB8DD5DA09F9676A461CCDF848DF1CA5345EB9D2656EF
          SHA-512:54282B05776AAAEC1A8A619BD8B7C52B054B6EC8C3A4C43C16BA44379E27FEE7B4BE1E19E547BA38DEA79FAFC46F99471E404D22D8AB6CDE07F73900DC8D782E
          Malicious:false
          Reputation:unknown
          Preview:<?xml......i.{OW.3.w.P...=o.o.. j.."r...ok.....W.e....'.;...&..$.P ..0......*.e.......|....H2..A.N..~.%I.r.E.'Q.........b...2.G.u...J....R......q..~....?.Q...6...{..I...q?.S.e^..p.^J..;......s.....H...Kuh.5E...<....a.4.2..4..^k*...w.m.......Z:4..=`Sv(....HS.{G-P#..#.@L(..\v.za......F....UaU.+!T..Pu..y...<.......t.+.QL...v.J.8<.j_.7....0I....w.|.n.).S}.>.-......y&......z..dB...^..X7A.H...>0. u..}.....&...}.^.QT....&>iX..5vO......cA........._.(......xI.2..v.pv.|J:&i-.......(...f....m5...{n.{k.,1......A..?[.Q....u'.;.xVGQ..M......u0;.s<...{Y..-.........X'..W.U...=3...y.V.....F...g+...[.m.V..R..nC..._..Y#.K......=..\8...5.2 ...e...I`[r.....:r.....`.l`p.^..Q#..%.c%.....UF.s.n .D.>Y*.LV.%..u)........\../!..W...t..VU..!D.gR..../5..%._./$-]...M.*F....8N...Oc..|...S..b.;.`L..9.w..>..j....o.D./...i..;.....4.....;\..(.V./.....~.%"q.5.K...<.@X..^.$.j...8..o....?.O....[...."...g.bt..g1NKn........)V..|Z.'c....BXRb....Q2_....e|. .Ls

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702700v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1700
          Entropy (8bit):7.886620251191181
          Encrypted:false
          SSDEEP:
          MD5:9862C124047A2CA2419D636E9858F1DF
          SHA1:C6B7B49CA8E77308E635CC3ACB932109CC829150
          SHA-256:91D4771BE2CD775871E303DC80116583A2B16B13ABCFBF3622A485542A32B166
          SHA-512:8940F435FD2FF2A015FE7F722A6E1D5EDA05E20BBD8A1D27E462F78F949B4B585AEB2A7F664DA00E1B6C409B94FCC477C18E3C5D92ACB9D6676F1FC9F786171A
          Malicious:false
          Reputation:unknown
          Preview:<?xml.s.....Yjs.gr.n...v.%.-Z]..Q.N.n...{...:...h..j.yF......t.j.j.p.5.{'.X8.....nS+z.Zm6 O2....".K:....?..V`..r.O..*...Yw.%.......u.....*...o..5!)exM..-.O./kJr_.."...?u.f3.......{.?.f........e.[.|.5.E.....+N...."...R./..C.1NN.eB...9.4.."JK.W..n....9.....H..|....M.y;... o.$.R.~!e..v#.|YW..EI..2..<.H...qI.5..p....sh..b.s.`e(.f=nw.HW........z...T...'j...#R...*>6[V.D..D%(p.N...{1......6..}../...6.e.V..g..Q=....3......Q.A.Gz...../.g.N...../..j...Z(0(\.WWd.,l.u4|.`cR....q..7Uq...;.n...g.....{i.....{R)..D3D.!....Y.!%!.*wd.7.k...%..\...\..tOr......9.Md..{g..... &.C..,P....P=^..M...m.e.1.8...B..?U.|......g.......SQd.5%TrW.t....:VHt7p.e.<.DA.8....w.3x*....%.yB..(.[..b.e....W....T..,wY...<.c..b.UOG.Q....?...9.5...`5 .`...pr..^...;..s.G;.l.f..W...<.g.Ko.&3~..K.O......l...PO.P.zt.iJ..f..|&=.3..I..k.............tPR....`...4R......F9...:..joIV_y;(K...a....=%]=...Fo..x...$T.!H.:|.jA...Z.z./rD*fV0.h..8.P.xm1*..0....;q......f7t...+.T..4...'V...V.8..h.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702701v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1737
          Entropy (8bit):7.874773672714222
          Encrypted:false
          SSDEEP:
          MD5:5D8C176143EE38C52C9FFC8861786A01
          SHA1:D556A46DF05CA03CDFBF39FDD37CBAA1DE08AB45
          SHA-256:EFC9D1A5DB78E1AF0CCF6A2EB6F58F5757C75AAC6B205040BC34CF70E07858A3
          SHA-512:99C787B6919C4F9D1535B636E2EDA6B1A06A84FEB524409B4421B65AE5B4EE82BD220545E329D42843A1C7F526D6C41B4F532C59AD02ECDD598F70B6CCCD7B0A
          Malicious:false
          Reputation:unknown
          Preview:<?xml.}S....C.s....q..D.B....K.....U...1...T]%-.P.._%:...n.&E...\E..5..,...r...I:....Mw-....(. ..>*..U.C..x:n.kT.-....+s.v......(..H.....A.M.....Fj.+jP.g..............yOjAj..t...`.....E......4..9.P...........1 .p...8]*.l.....E!..(.;..Iz..>....k.....F..6..u.}...9.(x.m.......nai.q 9;|..buE..=HNn7#.)".I?.x..Xv-.,.<H!._.N....WWG[....f.....k}<"..j.5..,r...Hd.5j.......H...f.m.6..e:............}}.......".i....ab.|..J.4..Z..Ps.P./...]]..K.KaMs.s%nr...A[|B....!..?.b0r.......e~w&.E.b.B;.A.l..#.j...}E..........U...|R..$...!.O...j".r.p...].....%F..c.....sl......O=...g=3..|_.n..K!...........Ii....iG..:...%/...F..8v{..Us;:.d.Q7.....2c.[C(T....8..v.........t...d2dC..cA......$#.,E.N.4.....Y...ec.Sj.)n.U.P...8.....]..4+_k..F....Bj....R....m?.f.a.^tYW>.D.(..(..B<.]/..H.l...}.j.......2.kCo.G~..~.D......f.r....&..ha;....e."...x...J...L..gS.{..T.Q.._"'.....r..............5.....2."(.L.7...kI.... .1A]..!B....._ SW...$kp..@....R...r!^;.cz..p.C.8.k`..Gd.bv.x.=.D.K...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702750v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1699
          Entropy (8bit):7.888878215082176
          Encrypted:false
          SSDEEP:
          MD5:93F4B6EEC8C93A40DC68E8C231F86536
          SHA1:358A8900167F14C6A750BA570608AF728A87B0CE
          SHA-256:B10399D904580E56CCC3713F95724F754ECD1CD9F2DF94E8B8AB2EC82EB125CD
          SHA-512:439D941DA0B518A3AE0794362E3582AF89D54E932CA6A4476647F1592C2CE97F01C7A3767F70B4356303EC6EBA07477E1EC65DA27EAD9EC3AE00300DA7956AB2
          Malicious:false
          Reputation:unknown
          Preview:<?xml..$N...[..P.}....(.8.....t......E..h.....hB.6..t..F..;I.pY..Z..9...?o......`_?..c3..*......,....P#F..J.;.X.1?."5....?..F.=...&....Y..._..f~....3 pp......u.L.........ZF..C.....u.H.^.f!)8h"././K.Jk....Z.....d};U..).%X<.r..y>.Ne..p....G.........&.N...*....Bz.+S...L...l;m.b....T/6v...`..L...Fm...x..d.g.'.D......E.t..4.D.Z}.d...uLG.......u.[....&.'.%..>.".C~.>M....;%.5.p.8...&........D.C.....7."5.....g..A.&..c;..s..r..3A...$..)6....Q..I.JS.......<..tLg......<..#.T(..D.Rc.......I.^.u.......1.....W...*..J7..[`.S.n..k..........A)j>K+".>.pv..0....P;!j.k..;1....}+....~..[t.i..,..`.C)z....x....t.#.=?..7.n=...7......>.;..M..rxM....[......I&.%.3E..........mn.R...m3...J..lEd..q#B...:`.-98Z.3..0h..4..........k.. ^u.....@r.f....ff..l.....U-0#u.3LV4.Y...0.6..{.~....#|...&$...y.q{6....1..8P.......~..-.V.].z..........,!SPe/4.._#.....p.<.9LmJ8B.q...".R..........X.E.S..,pp...M.c...%.C.....gbe+...TJP[.'..6.*._..'=P~...~<..-....|.....i.f.u.G.{.KI...T

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702751v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1736
          Entropy (8bit):7.873315510976146
          Encrypted:false
          SSDEEP:
          MD5:2FE428E6778DEE81EA13575E65045370
          SHA1:8C4FFC16F81A7A8EA6F056DA50139C62AA644B54
          SHA-256:D67B41E8A7E8570B6C2459283F2A058571EF1200A47524B1F49B24F2C3938A95
          SHA-512:F8A816B50F12484B7E51A95C77F1E9208F314AD9C6142A48384278CB6559FEA0943D385E5E6A70959E7FE431DBAE4E8CFE2D2E2245414AF71793B9D74E272F7B
          Malicious:false
          Reputation:unknown
          Preview:<?xml.C...ukn..KK.+.~,.}P.jK..".h9.J..4..^~.......5.k.....{.....^..4....b...:.[....n..&.(9..:. YSX.$&+.#..+L....8. ...[k`..Y8#...g!..b..j.]...1..A.......l.......K....=..........`K..b2G.k..f\.<.o..c...(..L.RRsal\8..4.&$3(Y..#Q.....U..m.....#.Q/.t;T6h.)V...2.&Dv.iV...?.z.\7.../.*..X..s.H.....Wfh.....U.U....u..2....u..I.....I...........o....D....h7Ol.T&hI.#..p....;..O..;.......+d. M..n08-".H..:....m5...-..*....7....8...r....x/.1...f.z..2XK...v|}.p.].. G1..Rj..\.i..^....KK............s......M.rn0J.-h{.~....Y...[w.....-..i........Y.9.x?G$....e8.=....B..L.....F.D.v..%j.6..?.....<.....bT.M...R.K.?E.a.K...Rw(u....(FN....%...t.+b.G.VB&...6.[:.DS..W.~F.........}USc.b2s..6...LY..nKH..8.|...V.]-..0.6..~.J.q=8...iQ.@ .....w.......!'..A.#.......b...B..s.>K.Ni.......XS......y..9)..E.u....9..x.Q..?TX&...b`..~......P..L......1f^.........n3...:E.f..Z.]......i..~.8.f....M..n....;..]...x........../4.........}f...m...;. ....*P~...2.'6..~.Q.s._p...b...5&...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702800v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1687
          Entropy (8bit):7.872625812289817
          Encrypted:false
          SSDEEP:
          MD5:F09F141B4A2818C695A5266716F431E8
          SHA1:3B7F0BBC406D9200DCA77380DA860B7D5ECE9ABF
          SHA-256:016FD29999B5CACBE2C7286837EF14259E4633B64A4BF5A4E7E3DA4DDBCFAB07
          SHA-512:F438AB8551BC5BA715F3411E15402BBD8814C77EA21DC905D7299F9630686FFF8A01B2E1A528089B14C6DB06840094541C8BF3A2FC20B810A862F4C7D7DBCBB2
          Malicious:false
          Reputation:unknown
          Preview:<?xml..%.M.U.q....@....W..";).=(.A...4.Qt..#+m....V.`..`.T[.....bc...Y..j.....i...LZ..[?P)......1D.!.ej`......../..kT!...(0c8G.Kx.$.R.f.9......v.r...S ..; .H.^a.^.........b...n....-$.......2....T0GWMS5.OE"oV.g'... =......C..1.Y.u.%.G...).(]r.Yc...a...xv}..n@B..kos(.......R..w....1...|..-...#)xx....u....rcEDB..&..oXE-.zD}.k.P./o..&.? ...B.......D;.9_}p.x.`=.*`.+:...D`..-|....p_...-f.XU..f.R..j..jr.'~....UAM}^}/..].L.....6..^.....[..$....<..J..7.7.sn..p..H*...s....-2.6:.Z..4oc.@_j#E.S......|......?...?.+x.O.0F....q...4....p\..B.g..`..~*.....v.@..F....l.g.&.s9.N|..O.},.......I&c[.Wa.-3.e~.4.%..Qm.`.b.9.g..3...W1......)k...j..2....L..&L....yf@.........{.....#6.&..F.....Xup.2..07..eFg..Q.%.s$.\t..."T..8t...w..1.I....q...;fa.+S..(x6....M......./?....$>E.m.aZ..y...0ap..N!g..@...nD?...Z.{..z.h...1y.>....cjI.P.@..#.t.m...([..........\=.Ww3....K..43.!..".n.d.810C.......@XV..0.......I.m5.-.....-(..T.W...y...H..~..Z.;..<..td..Z..rn*.....>..90l....A

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702801v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1724
          Entropy (8bit):7.8891238904884755
          Encrypted:false
          SSDEEP:
          MD5:45C53F86FD3FFB648936F69CAAEEF084
          SHA1:752388F5A4597A79907A5700A256B38AA991A6C0
          SHA-256:C3FDE6FEE24C965ED59A5D5FE7DDCE88F53810377E6319073DF0E70B4971A9D9
          SHA-512:E5E333023AADD8CBF6357E9DCDD423860F2754F3141C948A2594E14D25FF1F79532B5C89585C76AC9856954BAACE9C6D3750D2F13E544ACD939578AB358415CB
          Malicious:false
          Reputation:unknown
          Preview:<?xml...T.....K...m.0..........h......[y.."Y...._m.Z".L...../...U.._.'+]A....J.:.(V.gSi.E..@G..."....C+cT..$.{...6.D....f.I...\..O.%....%CJF.Q.k.QP..E.5G.g.vM......c..`.....4R.^nzu....A/i...W.es.;k.....W...J].....q.59.i./..;.e.Q....F.....I=.1...F...|.E..+.1....VMV..s...Y.R.s....lA.........3.e...i.Vb.......4R4...a(l.mrS...>...{,..1.U....]r...o.%x=b.F...a..fl/.( ..R.?.P.....m..YS..y0....AV.W..>b.i.9.4rk.rI....{..d.+.1......T...b:.6.N...NZ........x|.n2..ZrQYC.'......'.R..J...H.......w......5.i.........2..*.....Y..DL.8...m........U.@@...~.....?...K.-..a...).B.Y=.%AKR...1.l.$.BRzh|..An*..x....K]...L....L-'.P...r*.......q.$..5wG.....o....D.....d..na]....%Q..ZE..8<.|x.L_W...~...dDs..2s.$.....-B.......l..CBlm.....`..{...@..^...Y.).6+..C..G2.ka..5...\6...U+.r.T;...Si.sr...(.Q~,n.Xs9>3.D.C..N.....K...12...._.Y.0.....;...<.%.l....c..*h..M..(f.......E. ...0.d.P.>...#Q.'...O.~.j0..J..<)y../D....B.Y ...$...ni.>..........?F|..nc........E.W..[.A.-......(..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702850v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1701
          Entropy (8bit):7.882338631803139
          Encrypted:false
          SSDEEP:
          MD5:81D9729DACDE9D731FB7EEC6FEF9932D
          SHA1:2B361859003B0F694D9B19461D2C29B84E8B9B62
          SHA-256:60091BEABB2D6BC564D3D7B9028E4A82B45E2D9A3FA7AE85326C92B4B7E38524
          SHA-512:18CEE52812AF2936E385925FDE976B7FBE52C296C86DD4B7DC8CE3C9A1164F579522D7ECEFF42102E5AEED0D4C509A8B84E0A96C144D3C7AE1A23380197B89D8
          Malicious:false
          Reputation:unknown
          Preview:<?xmll5.m....F.F..,Kff..Y..J^......^.D6..^.......1.L.......C3..a....KZ..@..fL.5B.K<..9d#..W....5..G.O............R.W......O.w.%..).."r30F....^.;x.Qd.l.L......KS...W..3..W..y..w...GP...Y.wJ...#.....w.fu~..>.<...'.$}|5G...W......<...i .F^_7j.@..M..j....^..!...........o.AS.;....e&(..i..i?.3../...L.^.....4.6.0DEq..Q.&..v,..u.).......[%*Q..../..T.....1...-.~..n..<.\bK.........?2...0.....a6..H.....{.'w...z.....VO, .Y..../...+... ".[.c...H.....X.f.-.Z...o.hN'...:..... E.)\9/..9~..u.. .....qI....|....v...H.#..W$....N.6.`....8.U.T.......4...*..S....5....[..P.37..y......Z..F(O..=...QiMU!.+.e.>l...i.w.'..h7W.P-U.)..>.f...P...v...4D.Q."*;.......7..+"3J.(%.W.v.z5}2sa..M.M.....)8...2...~..k.......r@n.J.I.....{.L.R.@.....DS...l...D.-i...&.{7..\..t....7........y.....{..2.?.A.........>.......{..=<H3.i..X-o.L......XWAU8,c...2....}....../q..qB...g2.%A.....m.......tF.H.y..D-...k?8.u-..^...qf.S`.....Awo..B...ge.!....Y].U.........wz..j...y.-

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702851v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1738
          Entropy (8bit):7.8759526816807774
          Encrypted:false
          SSDEEP:
          MD5:06F2D6A1E12ABF55C6F4847173056187
          SHA1:AD5DAAB5CF07D8791C1F13DE05EB6B4B8BA08CE8
          SHA-256:3F9D98D09989AA3578DF0AA9BB92E07EC067C4B23BD256E56227487BA93DB378
          SHA-512:69ED059F8F7190F6BB6862D098D3D46FFC554375F905F4A5E86CA19AA983C99BCB2E51B851E1C3F40F4737239776B24FA386469F04BE3AA2657AE95A8A9B4AA9
          Malicious:false
          Reputation:unknown
          Preview:<?xml..*....v.7I.z+..........h....."i.X=C.......7....D1..l...2D..3.ZC....B...I.3..0...M._.T~..b...r.i04.a..B.E....K.......62.6.QM.k..x..k...).0.R.P..d..\.d.."M.....8"....`..}.....T.Ii.P..;.q.|L.....p.K...?`............."&..E,1j..=...2.Z8m.rF.!.=h........T..h*\ .....ZH..iL. =../.u_.E...;..`gn.....T2...n.pi.....&8..K..]......`P\7..u......e.w'....2..H.q4.c.c..)..f....#..C.....8....$...i.P_Gf.T.k.][..)d............?y^......m.p.;........_.v..Sm..L....p...%...[...K.. ..X.uZ.1....0.6...X....L`.C.B...So...k.z...o..X.3....&_F2<.F....3_...........5..w..E.kX2.....r.%.;.!..%.......>.FD...5...>..K$[.]s..?.mOQMj.8.......?.:k7.x.|.Z+.X.#....Q.....e..S...n.O...}'|.t!.=.:7Vq....M.....i.~?..@.s...._..W.k%.J\.....[.....[..[,...Sw.....}.r...2.`..<..=.....f.B...^.X.^I.u.......6..Nf.G.<.},D...M...t...../..$..0M.;.....V.J.N.3........."\. V.T...v...[.i.7cd<.....;S..%.M..v.u.J...G.q......'..L...Wzp j...o).._.....Rl.6.O.....J....Y.B=...G..g.K..s......5...)Pq.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702900v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1707
          Entropy (8bit):7.902060642565607
          Encrypted:false
          SSDEEP:
          MD5:DFB0FC5BDDA5784DA8A54CDFA17A18DB
          SHA1:46D8776E6D0EA699A59E46CF106385E7AA046BA4
          SHA-256:7E4D16C2EEFF7F4E026D8286202C20A2C0B08761023D3B9AF10A85789C730938
          SHA-512:201D9CCF8F988EC83681FEE03B582E8E74DC5206523040D7D4BFE3BDC1CFCB621D248F5AE662153FA471F6A36BD99F379FE59C409E219FFE8AA4CA345160AFC6
          Malicious:false
          Reputation:unknown
          Preview:<?xml...L.$xWz..8.I..T9:1..'jx .(.l(..S;....n.>_J.......)...w..{..,...\..V....i:7L2..N*...q....c.#L.Li...X;.:...~.?..u.....U;...l.q.R..;x..Vxj.2...Ul1...a...j.IpGd...Y.4.y.A3}l.{%0........V.3g..A......)..g.I...}.S1#...Rs....>D....Sz.~jt...+.Y.._..M.[H.V.t&.e.....q..R........&..1..2R..?..dU....w.7.;HK. ....l..9O.XJ!....#...9..!K.,.D....!...^....&...&..5.c...:.s.q.]....=...=...2zd5...Jb..FoE.9..CJ0....`.h......=....?.8...^N.>.+.......ODG....{Y.%).5...:=!..5..T...v.....>~.I....I.c........r>.R.% .K..F.....%.yb..~8..7P..%)0..5U....[.4......M..Y/.z..`..'.vr.&...G...E..6.K._1X...on...d....$..CIv...J..R.FOBY.8..e.B0.........8.,..J=..q....<....c).c.......w..{.Ud.5)......`"./.y......t.../.y!L+@...[...x...A....FC....H.m.G.W$.z.|..........\.fR....#j%...:..P.=.......L...d..e..@...p..........9.9Q.W...f.........n...a6........3.x.$@.'"..W........5.....z.......u..?..7.F.b...p..'.?.?R....g..|/e3......w.5]...Na....3...........Yc;.....AlA.....n...E.:...=.Gj.r

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702901v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1744
          Entropy (8bit):7.862175207326555
          Encrypted:false
          SSDEEP:
          MD5:4673791CAB54A6A31061160AD0AA9F7B
          SHA1:0229BA3C544ABE522628D82896A06860E7E4A8D2
          SHA-256:BB04483DBDB7B6A892187AC881A8E92784D7D2689348119C1AC95AE4CF9B0142
          SHA-512:311B2374D9284AFC1887C1A43555D65302CFB6ACCE6C50E1CCB5AF4D0502BDC5C94EED60357349CF5CD7606143C1AD95E19118503AB3192B1C0FBFE5E4E83969
          Malicious:false
          Reputation:unknown
          Preview:<?xml....f...s.......66.l.<.......Z...b.V.*.+#.\.7.S|.?...........].....TQ..F...R..N.t6.,.HW.......6\... <S.....%)..p..j.Q.g.h.W.......S.m.7.C.6...<7..m....+u....G.y....+C >8H.....}/N.a7VB.,.......d..X5.:..OQ0..8...J...,).i.$.|rtA.B...e......6|y.F.{..-8R......#&.......u1.M.b.$.;.TuK...9D.}.:.E..F.!.z.....6.#..D....i\.....YZ,..<..c.6.B....x..a..._.R9.?Q.~.U.u[..'k...xo_...6.M...m.y...d6.&,......#....0 )..3.~..9V/r.......j...hc..&...d.m......X6;...e..y........b...Y.;....b..T.,+#- .=...3..+p.TC..[....a....}...v..y5.a.<.^.W..F.6n....>N.....D....`i......m.,..&3....*>.].W..|.6..,......O2...~D.:Y...Q..V.`..C.]...|.,....5.0U..6.Q..|....q.)+2<.9y..za....Y9.).$.E>_.j..ns.%L*.A.*....Q>.f',.F.M:......t:.B.~o.n....I..{n>.]P...+R..#7vV....r........6?.2.Z...8.*..Z.......8.b.)>.?.....wob}.Y..y5l(.g0..%4..z.G.....*........8...(4:.d.].}....*..V.h.._..Jo.*.+...k.........n_.$\..:N.m..c..i.f..\cc.......2.W...N...P.~....ce'.3w..+3._..&O...jFa..U..{.1..z..nB.j....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702950v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1701
          Entropy (8bit):7.886531900396716
          Encrypted:false
          SSDEEP:
          MD5:FCC828A5B408B3F772165C8B5E8528B0
          SHA1:13C72D379C449E4715907619E10C584A93977E56
          SHA-256:8B5D4CFD4EF14F65D077F80815F47673D5836C742221563CBD3281C939D91861
          SHA-512:2F40CD14DD79EDD9099072F7E2ACD3E3665DE50AF679F0F9833845556AB44350F7A552140032E8562B96C3BBF79F688DAEA1FF8526CA791208E4F4D77B7669AB
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....`....r<(.6?.~Yqc..,h..~........w'.0.$..~..O..)..k.\.].tn\g9.@..](..p...Q~...#z:....y6.oV/1r.Hmo..\k...uk..:..,`r...!......J.R3.V+.A.h)+..d&.a.v..Df.o..m.!A: .(....g..[....6.$.vc.e..,H....t..9.}..i...G...O|b.6..0.%)..~=s+..../K.8....4.......p....i'..I..y...X...'......%Ws......L.Wd_....@^....GT5..J".(.......iE..N...).......<o]...*#._.......QP....)..}..V...F%.K..=...n2%..L.....!I*...zx..-z......'0..Y.Wl....2...(..a.V(X.(Q..m......x......E.S..C.(....x.sH...:...Ij^7..h.Oi.G.7p....!$.K+.+.}...Gb..5..q~Twx.:....).."RN.'..x.r..`.X.."t..p..4>2..,.....X..r#...!|.!((..8...?..a..EP....%t.|...:.`oKT..*.D....:...R\..'G..z]...W.)._....8..U.(...)..nEp..*S;^.D:....r,L....g.z....-..h...Y<.p....rSvE?.A/..,4.....I...X.dI....q.U.>,...H|../....<?r....S.4._<w.|vr(R..8.DKu^..N..J...'....PZ.-P...f..,....k..%..B.p..O..........).-g._`..5.F~...w.U/...q.......Q....M3......R.X...\...3.3OO...,g....`vEo.a...j|_..&....".8.P.H..*..l,.q.....3..S...'m$..G.V..9[. +

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule702951v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1738
          Entropy (8bit):7.896840177905024
          Encrypted:false
          SSDEEP:
          MD5:D3FF480B1F66546AE8EFB7CE63976CFB
          SHA1:E83134EEBEB004630E6AB564BD8ABB12D8A3A61A
          SHA-256:C4C578EFB0BEDE8F0D78FE9C1140E7BA5C9197EFDC41AFC1951DD38A406A807B
          SHA-512:B4D1BC817214A34A8582E33F9ABE81221204547066B0ACFC75B536483C2E8F6B09D4528266A6B3E223DD1C6F52AC3498CF78DC6B6C335A6BE3D2DCD0A2467A98
          Malicious:false
          Reputation:unknown
          Preview:<?xml.R.D{...#.jM.#..g.^.R....X...|...f...{G.%..=...u...q$..._.k._.[..Qm..%.....k.....S..G.R.t0kw.).wAo.>..;....L7..6.O.Rn1g...e...|{..^.9.o.....>.....[....Md...&?..{. d..I6...x.....S....'D.".....i.%`z.....rZx.y!.N..6..X....n.}.p..zOnC..+..*...._....v.I....w..J9.....f8..q..14.m..Vl....g...r...3.W..q...........r...!M.ii#.KN..$.(.S.U.|+..:...d .-..-+......5...P..,.i.....I.....I.>3.J5....M.....?......".<.(1B....p$I..|......=..%.cu8.H...mfhba.f..~,...c.c......r!..7.u.....V...<.+..j+.f...6o...\[......'....p85..I.q....T.......e .....$....#^..&K,.j;.2M.].......1..|...z2.l..T.....|$.^.h..Z.>.G...|.......!.\....HU%.N._.z.....x..7...n.mpL.Z....j2..92..J.!%.K.Nq.........;cv..e."........`."..%....M~yB.d....I..."..rW.s.].v....@V.h.%..?....IB..M.]VH...O...Z...F../G.XQ.:.Ar.).d...t....&Wq...w5.9..K.F...=.--~....0>`.o.B[p..bh\M.*.Z./.)f...}....s.....h....m....(EH`...=:T.....{l.KC.y4....z.Z5b.A.........`....8.n.~.#......:?.:.....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703000v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1702
          Entropy (8bit):7.888151807320221
          Encrypted:false
          SSDEEP:
          MD5:53927F802C84393B081AD265336CCB90
          SHA1:2821EEF0073594D8AFE894474F6C42F967C840DB
          SHA-256:74C92BCE1062AE1EE57EE3BE9FD1A745572D6ED07397A513601D56C5223802D4
          SHA-512:019637F1B8981C05583B0440981866D19D07C9274502446CF8A5DBB77B7606A7344AB6898592452E46F21EEED8F828E9950D8D5F30D7D26BF694AB8F134AB6A2
          Malicious:false
          Reputation:unknown
          Preview:<?xmlv.o..>%.....Fu.J..N.I..*....|...3l...{.Z.0 .c.s.#._j.1...\.......j.e.z."..}.45([|.....h#..Y\7...e=..e..r.N_7.p\...|........x..9.QZ._..(~....i.. .BG....`ApEo...g...s.....]......H.........I/..'zQBi....e..Ne.2...mHb.G0A.#M.4%...'P.j.G.^........OqE........{..t*;.^.......,........o..T...G".E....|.5...i.o.>k...{..z...]....d.8v.8h..~O...O....b..N...b"UsW.$..Dd...n.C.Gd....a.4-..+H_...gs..q.RE..9tKN...M#....I|*{.<...57/....aI...J..+.c..1....K9.6........q.Q.>.L.w.d..0D...`..(..8:%"oA)=...`...l..Z.B>../.e...B.L....h....Ve..4....j..A.!..T.D..t....[.Q]..k.......i.M....."...5._.U$.87..T...{+....6..0@M....V......EZ.....a.T$..r..&sb...R..3..+..W..mp9ZE.=..:...x.J............8......} z.w2...*...x+..#.mnM...hK.#..M..,hle.....0.eZ.....L.Rc;h.....%.%jO..3..?^....2a.N3.MU...F.8"#z.h.....%Y.#W..XH..@.2-:...r...Pk.~A..|..T/...MSd.N..k...i.@?.j_...w..&..Y..I>.}..%^^]...M.<.u6.^......=..x.......VW.m...^.82....pg.@J5.e+..?.]Q=..T..[..&....S.........*........A.l.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703001v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1739
          Entropy (8bit):7.887511946031452
          Encrypted:false
          SSDEEP:
          MD5:ADA4812C33D0A41F87F86C1700C9EED2
          SHA1:FA56D9806E836CFE436947F200ACD76ADF2C8B37
          SHA-256:3E81507F762432A3323346B8BA168EC410BA8266B9AF1850C9B8C7E80C65D9D4
          SHA-512:138895271A1B7DC8BB1F6F321ACF2072B5D5C70958D727C3C658116F707CDAE4845A8E27F5E382AC3A948BBDBDFBAB76D7AC8257FC69D09D639A92818B2B4806
          Malicious:false
          Reputation:unknown
          Preview:<?xmlB.-.N5.O8\.^P.,...99....v..Q.is.U.>...[.X]69&'A...q`JI..w.......o..C.r.V.2...j........@......@.%]r?6.-=.......P.C..2<3..@Z.u.N]l?...v....6p<....mf.v).G......g....FT....8..;..l.Z...H..O-.:.....1.m.e....O...X.n-r.i...$....Rwz..#5.r....o..SoW.<Kj.....O2....HOV"..|.+."..Z.....,.....Z..6.......3.1`t..Ek.[.........M...&FJ.......;.\/5.....x.T..Jp!#(W..E...S.}. I...}^b.....kV.\.J.K.w..w.O...Q.X.jW......-hx..#..+|H.....@[a?...~.k.L.h.D.s..^.M<..}...Hf....t#...sZHo..9:.G...v...h..P. rW.OMr.6^.....Z.,......@...>.v...=..&..9.-..{3....&<.?]h#...$..S.....$.G.......jV...@....:..6d.].....r.A`M.5.r.Za.....I.._...[.....Ae~06.h.8...L`.qf.$o..l9.y..L....M...Z2.+...........KRs|x`.p(.<.Q...+.6.........z8...wp...+...!.3...[.X...D....fJ..%2;.EWdc.y.@R=".....%..i..EB.,=.^...Nw....!s...n.@.(g....X...,*...X..#..}.\....X...*U[.J.%2...}..@z(Q.e.@..G.q......h}...........$b.C.m..._.J.8....II......"*>...c..G$...?....`C.6./..Mb...52/..."....$........#~.......?.o.GuS

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703050v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1724
          Entropy (8bit):7.891343700748479
          Encrypted:false
          SSDEEP:
          MD5:C849693BD1DBD05701FCDE7C6927F7AB
          SHA1:C7DE5C1A878C615BAA049DA2AE743406F3635BA1
          SHA-256:BF30EB5A0177DA33641A41281D06B039EA8CDB7A74D9E0189E6E8ED412F42D66
          SHA-512:29CD5EA5D24B8756787D6788F008C1AA452BAA8D78F858BEE664B3B406DD38B6FC453875606C3048E93AF98FEB15BD87FD6E015A60AF6C3DE7C526CED32C521D
          Malicious:false
          Reputation:unknown
          Preview:<?xmlZS3..l..h.@T._.eO.T.6.(;..w.........=.7R.._ ;I!.........A=.4.l1.7I.....4.Vy|.f.Vi...)...].HL...G....Y3fe:.... .z.......y.+.n`............mi..m4Gx..j....c.N.....c..W?6....Go@...t.....E..X....xDC.0e....w].....+.j....c..6.-4'..M..../.......4..{7.....&.H:......'Lu.d]....}([.`\I.=..'V.U....V...)2m.J..%..K...YRIa....K!..~..Hj.Pz..Jo...w."F.+.A.h"F...*...`.T......6......iK.r.1,s..\R#..bqX.......t./....?.p9>K].ME1.CzV].3A.i.m..@..T.;.K.j.%...q.....O....i_(p.P...|v.......YP..y..7.j.t...G..S..e....+.....J.E._5S0,....7.J.}.G.....q6'W..d..r&.Rs.5z....X.W.c.\.L.`..b..|.tJM.W.5..f..l}p...K........i..$....z..~.io..%.Z..G.ih.e;V....XZ..=......s...,.l..9,...[..wb.P4.4.G...@x`..c.7......NN.k.?-.!...|T.......gD...k..SM.....Q.."$.JC]{...e7d..0..YF..m..gK C......6.#.i.P...Xf..f.9.Q...K..B..!t.`;..I.(.>.>wN...?8...^x1..M]..+..7....A.h...2.3.f.v.......g.;%.Q.4D.../.......$B...6.>.p..wLv.l0.....FI....|......R...F+..y.}.....u.T.s|....:V....C*`.lgL

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703051v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1761
          Entropy (8bit):7.893841965289858
          Encrypted:false
          SSDEEP:
          MD5:C67C82CAD6174F83D0631CFE75E12A0C
          SHA1:98B4CDC309734DC8AC99DB5F610B3C41E234ABE4
          SHA-256:3151A4C1414B839D2E2AD75BC2A3C86AD737CB91828B58A37C426F40D12258F0
          SHA-512:24401316C8362617BEF614C47B3ED3BD72426C4E1C680583D9CF35F8D6F57EC9AED1B05FF931C12BFE5038E4BE5EA14C5FD34CC7C4B963D72D6B72C2F626071C
          Malicious:false
          Reputation:unknown
          Preview:<?xmlSyyz{...D.#.K.....{SL:. ..sVkQ..d,.9]s...6..E....Q.8.@.H..p5....K...z....N.D.^..S-u...g<...D......*]..\...`.H..`.(&.Wg...~{7._....<:.>........9..$5t-.A..~....~.....P$'.....h......!.-.!."..X)"bx...HW..$.$..D..%].<..Q4.t...A2.y\.-......E).\aYk.5.JE...C..gZl.;.j..1../-/G...65.U.....{T...R..,...>...9"..~bS|.....3=.tz.<c.....F.Uq.....w.k9..Yp.W.".E.+.T..R..).g"....=.8.g...pH...4..|Ru....b..M.....P....et*..W.i\l.s...c......F.RsQ..Xs....>.T9.6)~2.Z.Fv.{Oa...Kc..(.>.z.[bXC.i-..G....m..ts......\DOB.-..*.../W*z.....i........J...>..:fb.~..r..}B...8../.H..5.....^4.........&r.X......cG..........B.....5..'.Y....'~H.pv.i..~t.s...m..tW(..j..{..9. ..T.$_.....V3.........M5...r..q.^...MNc.Q..l~..(U...u3.L.].a....w.(8..:.R.i..1...rET.\aC.$...*.W..S.,...,..K.P<... ..`.~.o........4..j............p...!.{,....>.[Y91.ok../...P...2'.JD......(.9...,>}.`..C...W..qQ..........\_..9.=..Z..i(.,...._........?X=T..5s..$..-AS...X.O...L..V...I..^.~14.W.Z6..>j

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703100v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1689
          Entropy (8bit):7.898711769799107
          Encrypted:false
          SSDEEP:
          MD5:0E4F4A76E76A36A531314CC897A77A6D
          SHA1:F4B7F3DE17BE9CC03E90D7C90209FFE864132D0B
          SHA-256:56C2B77B953130571EFB2764016D3DC4FFE4CB912FA313AD4A4259449834C30D
          SHA-512:C12E6D9B8822087D7DF53717354DB43D92924BFDA08175CEF1F03DF361A2481DF48C1C9B4297BF512C07B684423211262F00BE091830A62F914546133DB93755
          Malicious:false
          Reputation:unknown
          Preview:<?xml.".j.P.......%O../.....V\..........g=............Fh\..../..#...X#m..L.G....9...:..)k.It..&....'..pcU6G..a.)0....c..k.}9...un/mi.,.p.&.".......k.Dc...W..c...u....#..\.+..........r$'z*u..j^l.[A.*..)0w..6..Q%...3.e.-........cA...@[t....La;koKE..R..;.q#zH.....1...(iFyg.;..{$.D...k..o...7.4..5..o..x.l8 )hdS.J.p......:}.l..@P....?.fp-..).t......#+9.mo..oN..ey.....o...r....H.......icC...R.....T.}i..H..l ....u<.&:.b..Zn....H...6...@..RcW..p..X~.v.ij$....Ay.g..r.....>..0v..s.p.B...U.^...W..q.....9#>.+.....h.S.qQ.....E.e..}wN...5...Y..V#@.*..,.....uX0a.S.....cI..o.^.>. .l..2$...0......E-.l.K...g.#.MMj..=.;..O.I(...E.x.J.T....\uU:..:i...S..".l..*.H.AG.TR...Yb..k...`.Cm..".#.7R...K..kT...n.KV..^?....1q.;n....!~!.'.W.n.!.Cv>9.n.y...H..b.TL.Z..*.S.LN..I..g.K.np..@.|:q>.4V..a..]....b....(KL..!.C.+....2M...Y.......-.... !.m..4.R.[.6...XD.4.}O..Hk.HZ.f`...:Z....Z!.....=.............Gv^I...w....@Y..?B!m.....W....._q....S..DY#..z...}.6..{..VO....8. bF...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703101v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1726
          Entropy (8bit):7.894245621331333
          Encrypted:false
          SSDEEP:
          MD5:858295169627DE97A9E070E455AE9985
          SHA1:0982FD081FE97E22552B83832682B1C5352D4C19
          SHA-256:728F5D4259B5D269CE792D0C8F682C1F935AE8D7B179BCD7233684995FD893C4
          SHA-512:AE2E57DAA0E0889208786ECF87BE0263CA42416F9B2233A51C06F1AC462991706BFB7ACBE31F34CE18EE88A11549F248BB24459CC598C0FA39E2CCEA38221FF3
          Malicious:false
          Reputation:unknown
          Preview:<?xmlA.D.(.1#...(...!..W..45.#.r.^._.eQ.&..)y.1NO.[..T.z.K+.0....d...~..uu...phS...T......Z........8.2\.....^..OHZ.2=...c..>.Q=...6..'.:.........~..V.C..).../D..4.]{.V...B...O...]....X.J.\.vj...."UO.DY|.f..F..~....f..!....9X.o........7.-...U.....d.D./G... \g..............7~r...M.S...f.[.].KC.2..7.D.m.{.......L.w....?......9.LZ.k|P..._f...Ga..{.V.|K....DB.....Jg..i..NO.[Uc..e.F......._BT8...5.c.......&'...../...].J..'=.ST....kM.NYb!.1....5.T.z.0.[.<\...\.z.".....L.Hn...g.c.m........h..5L.....,|M?t.L.*....%...9..v> .L.e.~..qN.S.^.jP..5.....:xNZC'...a...0l.'.{..I...qG-...@.1.+...w.|R.*Fp../.Y.....f.cv....x_....i5`f!...<23.!...;..`.;.iV..Wfd.r.*....@.@j......._.R..c6=....5?HfmRYwTh..........zg..bD....Mu.....w........h!.a."`....W..z.(:..q*-..v.w....KG(...<...q...X........hv..j...5ag.[o.O...iu...+....W)M8@..f.s....<6.!..2.b8w.C...A^.6.|...N...n.uA.Iv...eqK&A.!.?x2v.....ZyX'...7.6U/`....s.....r\.H~+x...:.65.2o..p...rk.a.Ve{..m...F...])V...ga.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703150v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1707
          Entropy (8bit):7.882022617081922
          Encrypted:false
          SSDEEP:
          MD5:3D8F158A84FA09F10C2C09C2E6230A86
          SHA1:C6B23E1B63790787345154AEABEFA0F571F2C8F4
          SHA-256:028D4AF772F0367D7CC06E0BA1320B563428E8B246BAC45A64ADDA5D1D257E6F
          SHA-512:223C88977A7A0F7ED3DF5A298A69A174B85C92EC71C3DBD10EE350D5C972692598F75B9795321072F9CF5A27F021ED6368AA8A7348749056A517D46AF0D76D0F
          Malicious:false
          Reputation:unknown
          Preview:<?xml) .9.....4.r?..(.S.X...M..}.....*]j=X. ..o....w/pQ.....".Y.}w...R...E. .J,I.su[\.0...)A..{.)aa7...>..TyL|..... 9.....#9J.@E.a?.t....*Dh.{C2.rz}.}.I-.r...L.&.K.8V..!blA.eA.?>@.O\...3....1..EB......."z)YR..@.F.......".ON).p...r.....O.2q..P......@..l...q.+'P..C......^.g.9..,o.T.Vq8..4.(..J7.N,...C.Oq...%hJ..Y`s:..9...2Y.4...w...."..c....PB...O.A.......`s......$..W.o./.ro....M3..\(..0KQ@X........*..6k...u.k3x..w(~..V1z'.(...y..........U..w7L.q|....'.....i.+d.Y.t....b*.z...I...i...g.....>.......6..\...Y.O.@...;>...D./8.6".W..2P..A..........g.4...6&...$.'......9....X.Ab.J......q.s.>.......d.Ew.I.tmy.X......RO.....\..Mq>....q.=..)w.)$H...oFN...[.D.....k.../.j...@Sv.n"..7...`f.|.....N......._...|. .......x............OR...W.wn......S.V..j..C....koA..i.T... ..Q..U.......ny..2..}...h...l..=..A.Y..w.p.;.{.i..._,..e....#..<f..K#i':..U.'..._3..GE..9..j{...MP.._9..z..I.[...|.o.....P'.V.....'^....I)wQ...f(m...;4C2K9.C.K.....K..q*G...R.dp..R4~h....@_g..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703151v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1744
          Entropy (8bit):7.901769340016628
          Encrypted:false
          SSDEEP:
          MD5:8EDECFBC5ED0547117CBB5A4AE7C4AA1
          SHA1:F3F4D30034D9C715AD71F96AE63B24C061F5CE75
          SHA-256:E3058D3C098B876038B683E014A9F94FA1CEAF41B3CE1AEC11669296C93A2C4E
          SHA-512:61AD2B27B05541AF376E932AD103A0BFA4A08B699CD819B88A14615FFAF862CEC0136F85D4CDB3600EBF51A39A949AE0BDB2670FDEEAFCE40F46287460CD108A
          Malicious:false
          Reputation:unknown
          Preview:<?xml.E .h>o8./.Q..C...M3..n..N...F.g~ur...V.R..S..r.......k...n%>.2,.6..r4[.c......?cZ\.*.4......o......B......8.K..2B...0.O".._^...&.[gS.b.(.6..=#.wp......%.Vv...9..^./.NX.S.]i..~..q..o....> ..x._..}."..H....s..6..Nk*.h.....mj7.XH.w...N.).%..5...+`.So.![p....r..G=..vX..D....|....`..?......$#.<T...p-'.:.....r...\.U...WP.U.@.J/...a$.....U.$..H.O......0..o..Ho..c.-.....y......Y..8.]Th.....~o..05..@...._...3....."........T..i&&..5A5....=TV....F.g.].M..!...V])...c........ e..91`BJ{C.....t.u.....L........y..x=...e...;:90...yIs7}..De......#....9......x.pW....5..=.@A..9.e.-57......=l..........*...6.b.%.P;"....<..r.0.n....{.g.S......cj..ht...Bl\.....O9P_a)oy..B...N.\..*XG...e..)3..;Qp....~.....A/....QY....V.]*..~....+.u...b...K.q.k.4.x%.............Z.....!.r.v)....i./.".....dE?....a.........P.d6..... .*....T.X;.$i..&.5..&ee...)W..~.9.e"....S~.bQC.L..w.<...pCjT8B&.:.t........G.w.....jG..]3w......mk..H;...G..t0....H9.?....q....d....Em.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703200v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1695
          Entropy (8bit):7.882613299422624
          Encrypted:false
          SSDEEP:
          MD5:27163A28131D16BB699B66772399C5F5
          SHA1:33A428A17EBD6CB1AE11CF5DE1EF437F7550334B
          SHA-256:1EEEF67917B380D883FDBDBAD5D96A4A5F9A82E112932B38614E593EDC4074B8
          SHA-512:8EB966901FCFAD9F98054A65B75289ED06E9F13F8E6ABCB06474B2D03C1D55D8A50AB491C95940BFD6249CD3609538F49FDB3B602C4D2DAE044F7EF222C5EA9F
          Malicious:false
          Reputation:unknown
          Preview:<?xmlgZ..n.`S.O.........0..M.....e..Y.....X...|w.N.......3..^...{v^t.i..9+..RMQ..0....s!..H.>.1HK2....^....T...9.o.<$7.W...j...u...U.......-vSJ.Ll..LC....&I......f.&h.f.y2.>T5..6o.3Z}...h.......J.@*....RQN...q.....P.}..:..$]3].6..r.W..r....o...zn......]......O=.9..B@-..\..%.j...Ud...U.at..y!.N`pb.u...^..!S..!.j.....p8.=.y.z. .:..5...c..\$4..j.kS...G.....P...."...9.I.7.[D..dj01..P.#...`Q......TG..?..?...9.N{.Q.1....$#..,..&wH1....F.XDF...n....rd...f..a3..H......].h:..].w.h0.7..sCV...nH.k...N.c.B.F._B\.R..\c?.....q........J.U:.Q....$.........7.y&..{.q12...".X..{.w...`.#..J.o6rb.....9..fg.R.B..~*..)fkGe.{8...rzg.g..qu.R..{}&(.T.5..pn..|...KQ9..5....Y.....(.k.[..Cj.\..Zh0k.......b.j_..}...!}.h.1|.g...H.5.).X.RM`AI...].v.:.P.=.I...t.....H.....i..~.4i.X.....:..B.)S.....\:....3..H..I.V..%.....o.C....\:..v.i]s.........B..}..s[.h.p{Me.z....v,.E...e|....&...\..D.5m.../..0u..$!-r.._._."*.^X#.........G....!..S.@.).eA;..&...LysMz.-.....Sm...8.".-F."

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703201v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1732
          Entropy (8bit):7.886109140927725
          Encrypted:false
          SSDEEP:
          MD5:65734B5D1A5081FCE349FA3C3B726C13
          SHA1:8199C8CE703086C477328BB8EF713DCA4DC8A57C
          SHA-256:6D7CA81F9B4C775354D64319E57653687D797A9A8AF121DA1E114201DD3FA62E
          SHA-512:A99BC2A778245F2D3E4EB5C2BCA2160F1F00C93FCA0BD2C18EE46C30A24181BBD3C48650BF586262B39AA0C3C84C627635D053940C569845FBFEBDF8560C8139
          Malicious:false
          Reputation:unknown
          Preview:<?xml,D.4.#.;z..Yj9.7.,...v......b.<......3.+$..=/...6....*.b.p.i.oA.....,.....|..d.l.........+...9$.......O>...........,.r.3&.>u..k..<<....{..,A..D....%...j.....BW.aqB@$.NV)...1Z....<.P..6.Qv.Blj.._X..+2...."~.....:.a..1..o.Q...t]q.I..o. .S..v.bG%....c7....*x...`....J.W..e...Og.a.*l.'...%...r..B...|. ]4.....=\..8.%.....Y.......J.6....*g)..E%.M.A."f.h..@.0>.JXWC<.c.V.K!....o..\..49..*C\.1..._..:.!D....y9.E...G-..*..0.{......!..WC.^d.qEO1..L .jZ....&.......p#2wAT.A.#..p...TJ...A.fe.....0h..=.\~0z....-.4RC...B....@..4%.V..O.....^."......>..TbSNq..#%i.jWs.& ...G._..JmZQ........2.>.....E....;4....HA..Do...y?>.g.CG.=.~$sj.,Mu.......l@..q.....0.-.Lr.?.@.U...w....Ka.......kP..D$w.p.. G......^W...p..=.....={.@.F8..{.c.....K4..o,1.'..l.!.|......?Dh..e.&.q....2|...A...O..Tiu.[..n.}.pz......*.._....0...L.&t....v.......h.@8.....i.>.$.t...#d...&.p..3.7Y....4'...;..^.9...R...4......M.'e"..[..<......5'J.K...?........9......(.X..W....pu.[X.+8l(E..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703250v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1693
          Entropy (8bit):7.870645463646128
          Encrypted:false
          SSDEEP:
          MD5:EE89565733F87FE32C16950BD71F4011
          SHA1:E805EBE19AEE0BF1E6C28610718CB31259EBF649
          SHA-256:AEB732203AA2DFCEAB86C264734833D0B6F3EA7057F9867202829382722ABDB9
          SHA-512:18325D5EA4F6DA509FA9826EE1F456FE26C6118DD0E466BBB541269A35F9A6BD617F5827E68EAAB56DF3E1485921E178B1F04B9176D1C2AE07AB68A255F5F71C
          Malicious:false
          Reputation:unknown
          Preview:<?xml>6...6%m..il.9.+=W....v... .<.P...:U......\(Q.....Z......{N.......Y!...Sw......T....f....zj.~...-.....k{V.7o*.Wo..%.D..)M".U..:.....J...-#A...\Yt.,.*=P.y....}V.x....F..c.........1<7.r..OV..X.....S....h.......3..O.....&....H..g.....e.H.(...".>NbC)+...Z.%.M{.1...r.M\.K..7Q..v.S>B.c.......'.._.....p1F.i...................S..7...pJ...Z.|....C.T..Y.H.|.I....-FC<.v%..Hs@...n..rr...9.#..X.V.!....e...N...4.,...........S....;j.N.OB...x..@V...V...q?t....M<hl/..5?.....[...\....Bj.....4.+g9..b......b...._.(N...;e3..^eE0E3.e+.4.....8...;.M.@.]'(....L....k.]..B.\%TL.......nw.l.nG...2...d$I.C_.....(F.E..=..DF7QG...g...,U...s.KT....m;s.'.sVuW......u...X...BL<.aS^. .......YD...z.=..._....6l.k74.....H.JV...\...Y'.3...o......A.{..4.ND...5.>x..<.......pEP....V....Ya`..'.....{.y.E.....+..~..&"..L..ca.MSe.{%.B.Q..`..Rwyol^..I..(L.D$..dZ...^.;....-.p.V...rk..3...FZ.n...A.o.G..N.F.n..O,.Q..J#..xt{.1...-'...V.....\....r.j.....__.p.b,....dF..H.Y....s$.}. ..<...g.c.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703251v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1730
          Entropy (8bit):7.8781956259139285
          Encrypted:false
          SSDEEP:
          MD5:99221F57804EFEF6B17C7DE7C03EEB3E
          SHA1:0B00630EB62528D1FDC0FB9F3ADF904F2F608E64
          SHA-256:3DE2B339E65E0F12F46DADD5E6B67BAA6D21E781F2BC987C17651347427D4567
          SHA-512:6F803191F26BC69E6FA8CBB205676827D5F84A2D210B578C30C35D93C9012904FE4526A045C07604B7AB9A637482B1D0711E9A447304D5305C36A2AE3DECB4DE
          Malicious:false
          Reputation:unknown
          Preview:<?xmlw#..Yv....1..?K.l.Y.*...* p...!.ce..j.$.qXPD+....E....*.b~k%..lmUM$.n6....Gi.-......3....,....:.'.<$..3.~ul.z...:..R.....m....:&.h...._..2...gV=..Z..)..kE/!...hN6.......R..A....F...X.Y...b~..fW...."f..h]....{.......@...?.$1QU.B.wm........ ...h.h$c~..B.D..wB+..P..X.g.n{<....V.<.P..d.z.'..i.w.2...k..r.l*..........^..\i?..`......Oy3Ih...nBk.^r.|..it.;...VW...3`...X5b.=..F.^.V.....uK...../......2.....A1U...h...>\..[.`d>.:.$...!.ri.....s....m...@S..:.c..j...S......c.XH.L7...7h.q.X*.]..b:.........Z.1&..f...I.-bw&...'6Wf......j...W;..fvt.Z.P.....f.*I...y..V.!...^1y.4.....07.Y..u...C..Wa.X>.........#?D.....~.T.....5V...!U Ys..{E.....f...\..I.9C...JJ.aJ9..K.<..w.,..b..}O.`.A....k.;.}]d...0....,._Z....1R..ln..[b1.3/V..../....t...P}...%...?_p6....._.Nz.3Pm.T.7...v.....gH`h.I...8..@..5.F.<uV...Z&..tu.._.......P..o..x..V...F.i.e.9.Sl..hH6.xYY^..3..p_f..k...v..Q..z.;P[R.....M.HC..w=.QMUr.P.pgf..p].XJ(D.U9.-.D.{.GrDm..._k..q../.U.|..mvw8.I.YX..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703300v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1715
          Entropy (8bit):7.878080535980278
          Encrypted:false
          SSDEEP:
          MD5:380E90D5CE9EBC15DC9A88E0AFDBB161
          SHA1:AFFABCA13D3C135448EBF2F40D9688AA286837DF
          SHA-256:1DCA499C6D1FD5612121E93F9C91F72B46AA61B8FDC300A3C2CD3F572A52F90F
          SHA-512:751B8BD663D6B07BEFA6E62D4C727E4728FDD89D5067195294F87CEB4F02D7D285ECFF95CE567074E4117E7995E645C4DB5FDE252CCBFE890DB88FB6FD0E7B5B
          Malicious:false
          Reputation:unknown
          Preview:<?xml6..-Tb.Y..#tB..j.Q.W..V5..O{...-.?d@=..=..q.,,'...,g.....*b%.e.b..X:.'#.O.7.V.G..Z...*n...U.Z.."T..;.0q..3.9A..B.a.Ue.......G........N1W.yB.o...b.....AH.o...F.4...u.......*.....s...o.....s2...`.@n."g.j$..;h;..[u&..wS..Wu....O..5.mX.9.@P.~o3....'...B..&NtA...S..H..J/...#..|.km...K.-..[^#@P..>....f...X...w..sC.X.Js..w33....<.T._.....M....Tf8.....~.'.jJ...CcO..w..:,N....b............j..c3.S.......q.V...I....Q.....%.I.....,..2..+..&.:.E.?..dZ.).;6.E..^ ....NK....s......{.ss$..2.-.}IZ...!Y%......R.D.....MW=..6:'&.-G.....C..#.l...<..H.. .Z\1s.....6..Z..a.+gR........gg..`..`..Z..<X+....p........b.,.0...!..*B..p..B..v'K!.is.<VF.o..,7qbg.'...N..-y..X.~...]...*.;X...P.Y.P.#..>...S.."..6!u.tW....u...L..c....*.....Brx....A'7.........M.......a...|H...E!.nw.;...2....^q.G...}...9.-.._Ah....Sh.b.[.\..L+...AK.O.L..Z...n\J.!.zwuw....3d...,..Z.6N...t.x.....W#U ...E...;U&.h...:".%V4.-.fNE}.....2`,m".ii.$...g.|...s..'.s..l.@g.@.QA..Nk.'.$.....l&....O....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703301v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1752
          Entropy (8bit):7.874816843651409
          Encrypted:false
          SSDEEP:
          MD5:3350A4298AD48D57A176BFAD006A0823
          SHA1:DC236C52BD7F363B10CEE7E87917D3DD00C8A4E6
          SHA-256:09EDAA722BA10E757F0692ADB7D7BFD79ECBA260A6F28AD58421701FFAEF12B9
          SHA-512:E9B8AF2A12914F71B25327E78A2696656983328D7A302BAB5F4C0E2D311D3B8812B229241E07FDE740CFDFC5F24281988EB15CFEFFED25E226A1B2214C2FE45F
          Malicious:false
          Reputation:unknown
          Preview:<?xml{.7&#.~.?..Y#...FJ}W.J..y...!t.Y.7..._r"Y..F./.lC.A>...u1.9z.....(.....!9.......=$.HC.k..!...).AD.v..8%~.e......&........p+j~&. J../.'Ap B....v....k..~y.9..q4Y.....8q.V.DP.V...}.p......o|.a..&.....tJ..X9n0)...%..m....cR]$5....A.Eo..U.BS.:.4._..E.(.$..F..............DE...\.."...........0.u7t..X._.b=..WW.'..v.b..C.Ki=|..z....t.wE..F.Eb..*.-P$..)x.V.....LZ.g.<...).39.-.,..\..{.H..4.?.9.`..C.g.'_h8.G..9j..c.$...4Op..H..;.I7..P.9.W..bS..mS..?.P.....+.K..._[">O.."|.._O.C?O.L'..JQ5.G%.VD,6.~.nos.../T.... <b..`.[.^Js.......1L.y..[.F2V.".+i8........eQ..zitR.a..t.Q..r..AD.Kir6C.C`k.>.D.Qu`.Y.K.."..l.d.b#...i-v.NA....7o.. .".p......u..*.....%..b)q......R.?...C&.....WJ..0..#@..<i\....b{....R.1K..........^.d.o.\...T..@r....!..9...9..^.m}\......QA..a.g.X..?........k...('..6..!VU....zq...`.6+.....;.SS.,.b...H.[..SS.=n.).....Z&}.'..W......t.zW. 0.^.{.c...J.L....a.H7...d~Q |.....D..42t.g.kl.E+.._..-x./I.GT\..&..j.]....H.!]I..5.u..bn..'.^.(.w.....F.R.=Z...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703350v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1699
          Entropy (8bit):7.889170197252091
          Encrypted:false
          SSDEEP:
          MD5:CAA823F90C0FBDCBF4B26BE3914DDA8B
          SHA1:840C38D095AB784E2DE1FC769998B760C38ED674
          SHA-256:67BAE2DFCA60A6778C6136543F050184CE2DF7513224FBBB0F49AD06605EC087
          SHA-512:E21EA91B98EF155DDF858701FB6E07C5DDD85842F5B2948921FACBF1E910591B755B66D1F14F8C82BDA762973A9E2F08D4C3945F9C2E0E2059117EDF7EF9CDE4
          Malicious:false
          Reputation:unknown
          Preview:<?xml.z..->......o....0......ro..[..:....f&....@4...4.i..+.v[...%4~..4.......r.,b....>.....o.'.IQ9..`D-..Z..5.{.T2.>...m"D.'.k......!....J.'T*.-).=.z*.`>1.i.....vI..z..~.....qK.X...&.C(b.*...'....&....H..d+.G2.~..u.b."........5\;........{.U.h..`7r.?q..f......%...>...O".....B&.....X.I.....'.i...l..K........#....w..._.._...jq{-....._.aq/9.........."...3f.......oD.S.....UM...g@...\ X......L.1.....)....l.Y....:.d:_......2h....M.ToK~...}U^.j.........u&.......}Z.h.jU.5/f..f....3...U&mg.%R?V..x>..{0...".x.'..[.6........s...".x./....b.*....W....s.1....ME.$.y........7.3..[....}c...s..A..........I..l..|l....t.(.uS.^h.p.Z8a....Tz..6.O.....|..hh....U..=`0QV........?OH.......Y^....Uw..B.]W..`=@......+.{.......f..l.V...9._Q..{}....h......7.d..vh.....T$~...t}...g<.......c....;.s...<.q.$wD..kj$]).*O.L.3\..Qv..RYF.s....7.|.Sn..2..#TA6..U..3..T&/6..}....Is.....=../.l....h=..*.7..`a.^...4.!a0.VE.....j.7...Wf.l...,.Mo.....N.6..k.._s..y..6.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703351v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1736
          Entropy (8bit):7.883937730354447
          Encrypted:false
          SSDEEP:
          MD5:FA8417000E7CEEB10244D3CC461EE2B1
          SHA1:B15DF28C15FCA985E79A895453B669C4FDDC2B14
          SHA-256:8778D2BA646E50779687515C2C78B2BF4FC60307892384A3A21BB639FDB9E60F
          SHA-512:774FD56C479822D93FC42D9726BE306E7FBDA5EFAFCC649AB84B356672F632C458466A26A500323C7B6CF0CF3A9F33D879EC83EF05110737230303B52F5F2FE2
          Malicious:false
          Reputation:unknown
          Preview:<?xml..T7.....!2...*..g.~...JJ.La.O......9D.2$DaO.....~1.YmAA..j.....=.s..<.(.='..L]_NO...8b...+Mg.R....oV.."....1...../.L^+..`:.=.XH..S..-)........w...xI....u.'O..S..B.$..p.|..9...C.....,.<....U*Q-........^./.b..).I...\..I.R.....}.@.m_..{.Yy0.iDI.~..#...K..vI..q,...#..6s.@.2`Y%`(..A..K..A.x4.V.%.7...2i...............K.....k.`s..V8...D8.Z.3.0.]...6..~..4.lo...=..g.bO..|.s......2gV.^...6.E....K.z.|....m.Q..0.....Yz.v.bA...b...o.."...A.n b]f..P..4.I..3...Q.x...0....ec..|.w..U3..;a........D2HON.L.$1....g=......).i.K...2../...d@................4F..A!%..~.L...6.|w.R=..C.6..^$.n#)...SS*L&......j.*...l....-p..>.;...~Rq,...%.nl..0.s....O.p..f......}:.;L\..8.)... ..O.p.Y../..."..F...c....%..F.>..h..Y....V.]j<...&#x].$kxtq...C..3.t...d...w\...`-*.Me.g.38..,c..5.[......M.M........x.M.r{.k?....@G.B..S.....*2w.c.?...'5T...8.5`.......He.-..P0..G.S.7...+'.....`..s...\8R...P.&6).&..$o.^..........#..~...]..<.4.D..|4......*...l.[.......j.]..C-W..f..=.y..S.e.W.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703400v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1721
          Entropy (8bit):7.869800334206723
          Encrypted:false
          SSDEEP:
          MD5:DA17E1404EC7F6BD80E887645ED8D403
          SHA1:300DB621F09CA4E3E5ED01D65E1B8B12C1218CAE
          SHA-256:28C9907200CF0E57C1FDE97CDF7295BB01F09F626AC20A3A67CEAB440BCB5A2B
          SHA-512:E8E70773C5594F4DC375013E5F25A35B6B5A1FA1CAC2E3CF18089DEFFA6E5BE6BCF0909F4AD0E8CA606261997C856D012DB283E8A4C68ABA6D3FB1934FDDFD50
          Malicious:false
          Reputation:unknown
          Preview:<?xml...kv.7G5\.}..V./6X..4..mr9...P.'....`.....l...P.EM.1..&.G.N......O7.Y...-......Q......w"1.A0.M..B.M?#G.a.S.......k;...e...aF{j.T0..........\.CA....I4,!R..P..G=w8.&..2.T...%.M.H.j...e.9........f..G....zO.[.......).j..j...C....)........x....~.......t2.n..;Dr.qJ..B.e%-..hCC..4.&..]....6....!...l.M..C.d.x..8X.....u..X}.>....n..]1...."..g..0...._...Tor....|.p..<...S...41....(^E..hA...v..P."......:.G.....n.$...\.;.JH..J... .H.,h..J......W...lx-/.z.9Dv.b|..r."....V..-C.v...w..b .#....-.......[N......7IHt.f..3....E.....!!\.<.6$...&.G n7f1.a".H.Y........{nU7.VS.....r.....@E3.Y.;..i..,D....k~..~8w}..i..~.-.o...J.....Wh|r..<|...>...I....W-..O.b......a..............J>H&.)d...3.."...5.SS.Ms...T5.q...G.\..u.vR)...!.q.#....A.B.%..=../....]....Q.(.m@......C.b...:M...m...-E......b....;J...^./.0;j.]..S.=:.X.]+d~..I...t..~.......!E......A.. .I1.hj...h....p+.XpO...w.|.st..q.?...11R.1K.........:..m.9..#{...u%..!..n..D.g.i..I..?~.1{....h!+.+.......:.......

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703401v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1758
          Entropy (8bit):7.893398760128608
          Encrypted:false
          SSDEEP:
          MD5:BD8ECCB0936B5DD71690801F28E796E6
          SHA1:10012EB258C71DE9069B71CF1A03E618B5484633
          SHA-256:4CE99C1B4312720DAAB538C510F57E8AB29208EA6FE04914EA08475A5F07861A
          SHA-512:F8AD5A3C481BABE8C6ABC148C2CF9D0CC597FCC4E502DF424A2D7F81A6F06CDFC06A0FD6E172999E2C5B190E55EB7F84C22E09E933DD892BEC4CE2405A196C8B
          Malicious:false
          Reputation:unknown
          Preview:<?xml./.....{.qf..^)...X...t.vT..Ta..K....u.....Wy...c.3P.2.m.......!'."....s...5.Sm...x..|.......&.D..p..3.X......F Y....r....{....q:.&.....G......Y.<8....P........S...^g$=.g.A...MU+. %....93....+*4.......V.o..%.)........p....0.....Q....)=..>.8|x.uok6z........m...].<6.;..9u..E>\.G%9.............jw..#........n..^.w)W'X...P.P.E/h..@..AC..0...D.V,..1s....CCV...W..O......._.l..-5...S.r.......7+(......(m.u....4eu.....2...y.....TZ3."&.3..8...[].YS....H..}`...{=.....<.P5+.........|KI'c.AGa..A{......DVQsn`.U......V.#+(...#Z.J.>.O..L-.F8.K.'..:.}...H......O.......n'AhJ...&Y.N.W......M.;{......v.bT..U.*..6.%...>.7..._W.Q..2h....6N...........U....y.6.l..N.=....F........R1.(\ZQ...&....3.#>.WyV.........s..s..or5.P.:.F..A..F.Z.^.VP.L.....;.#./.<..<.._.......2Y...r.:.....3.....D...>...:i_.T4"@ .Z./.2..*...C....J.f9...sR+4.=.E.5.3>k.&Tz.q.|#.I....t..Dg.k....5#...*.^.... '8[.Q.=...q|k......0.:t..s..|}.....3<..v<..>.n.b..#_..Z..u.....l....."GCz.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703450v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1705
          Entropy (8bit):7.878018918535095
          Encrypted:false
          SSDEEP:
          MD5:B1BBC020529611D53BFFEC70EEAB60C4
          SHA1:C85979E538B7B10545C0A2C08DE4713FBF8BA5C6
          SHA-256:90762C8FC827A971202D6D3C0118F9A8136598847DC5753B808814FD11DF37D8
          SHA-512:46AE01490D1436F356FE868490CD012469F5FBA46346D07B9F69E06EC172F7509A3406AA410A11E2A0EE82CB414A8FABC4F227F50C89C3B88920B7DB569D4824
          Malicious:false
          Reputation:unknown
          Preview:<?xml.HV.V.....-..".......\HB.|.S5...3]&G....,M.'......-..+...2M.....3^[p1W......O.D..TM.a`.....k.k.cWu....F...vl/u.^...<..>_..V.o;..Y..d..oX....h.~.i..0.d.I.FW...]p..I.V.l;.<......ruX..l..QP$..........$.3.ph*(....vR.o...j....+.g...59..`M.Z.Z..G.e....HVh.L.E..P....X..G7t;:..1.)....yTu...(Z6..]...;x..7. .)~*`k[...p@..c.d......2q(......:(...Gnl....c.................X........2..h..'e..a....2..,..9..3....}Y.m.P.....4.../..J..v....+.._..'.~..ti.'^$...b..H,..Go...=..?...V.I:c.JI.r]:....a..k2....=.k$n.c..+.S....C..l..u-..@.X.).....e]..cdV..#........).y... ..+... /......zI].7...w....6.5.1e ...p.]8v.x..g..dn.3..Z.,>#.b....7v.i...&)..d.9...i.Ge..idCY.K.....4.....=._......k:......C...)..2.4.P..%..A..|..<.u...[..(..2*.z....9...[.:G.<.:.L.J...Q.YH....;en..q..1..$*"@.Ph....A.t....^cC.=....."]y..8.2.7...|Z................40.Q.i.Z..,..@-<..Kc...nk.j.......G.|.*..f=..L....V.....i"\V.T....F2.p....E.(..p2....YH.F9F..g?..1#..^.....#..8.._~;....db..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703451v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1742
          Entropy (8bit):7.877874922219552
          Encrypted:false
          SSDEEP:
          MD5:51749DF6D63E43BD30F6078AD44A3C4B
          SHA1:107846BACC9C0AFBB4C298C07B10F0462E9E5664
          SHA-256:8BE2DA48699534D322AB3DE10B3958709BA414562C126310DB7EDC9F5FFE4E00
          SHA-512:1B5CEEDF3933A1E0D7933CBC8C9E0962E97B41285DC699ED68A236A9FEDA889AA94FBDB170B08FA79B031B56A2708ACF1C18E85B29068C65FCAB0C284F421BB2
          Malicious:false
          Reputation:unknown
          Preview:<?xml....krn.4--{.R5...9.lL3.......gB.3..q.>&Q.I.[.S.A.@e...F.....q.B.u..7m..'.}..r.TzK._.I...G.....v...p.XY..-T..3l.....h...Jw...{.....w .q....,n....O6.&.7.1.._.........L1.j...n,*.,..Mq.t.......B......5.y.goK}.7.`....@D.d........_...........U|.R.....<d....NI....S...h.D.^....LU...V.GYr.Va..<T..P...F.\s,P0..!..;.....DU.........'N..Y....F..8...{ ..wGwUO.'v..",d.n.3...2oB..7uNS.].v.=gxO.>..V(.....Mo...Ol..}.|.%.)...D.....:R..Ti...(4."...Q.y.T.'...M%nu8B+.8t..I/....z..T..;..O.).8./..>nY.....~...Qb.4f..)......>.8e...7...[J..,.+.?SS.e.Y1..M....z..v.~./._...1|R@...`../y..FP..d..S....(.6C`.n.}.n...<&.Ai'..(r..s.;......I.B.W<.P,...-..}q......1...`.xZ..A.z...=./.v...&z....*.=1....V..@...[.L...>..m.).S`.e...~...z.X\.Ba\..%`.IK0......n?S..E..5%.W_uIzWcn.M.ed...yQ...;Wv.....=.`V...8o.Y..I$aqk..h..=#.Oc..&g?Ew..p+..#6...S;......A. .t.<U..).3.....W..F.....0S.....Co..N5.p...\...{..~.,...!..*..a,.U..~...6j.0.@.......:,v...h..!mn...}..._...].u.G...b#...Z].>..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703500v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1695
          Entropy (8bit):7.88595801680199
          Encrypted:false
          SSDEEP:
          MD5:3B3EAB3AD09222E45BB8305AFA7CA45B
          SHA1:2C6982FDC970A57D98955A7884808559DD122038
          SHA-256:9FD95199B3AD9AB9EBDC4F2182D4F4C657B418EDB607B4A6A82C52ED8CF3ED4C
          SHA-512:FF6256994C8F42F3055E24CB9F8CAB68B0F2CC65DB50C288E84D05296A53C7632FD30D7D8E998227E2EA20CD5EFFA783D1BD39A7AE51E8025B08673BAAC82E52
          Malicious:false
          Reputation:unknown
          Preview:<?xmlA.Bd.y/(.....h.G+3....;u.h.d!..7`.....M...j...f6.........q...S.b>.?..z.'..V.v....1..l...C.P.....Ql<e....].|v... .v.....k.....qk....V{....A;....E..i.U-.q)....|.8a...H..L..h[..MV..................ozR].Q.^.QweCfa.......'f|.D.1X.d.....&....G[..f^....+..,..^..61g.B.%VQ.hJ?.U[...J.k......:.t-f.B~..NX.1..=m..|....2...^r@..5-t.V..h.EG......V..f.U.B"s.[..(...s.}...v...F;...R*...[M.........^.e....,Q.z.j....n.x..,..s....B.7G....x.S..N.AE6..e.)..J.>.t-$.G&(....2[.)R...<..6=..}.v.....S.H.E.V`u..w.=&A.f...N..|m=U.C.x..M....?.@`..>...p%e.+.&[=.#.ZX.o`%.).....?..M..,...R..0...O..%j.h;..3...iF.......d.......b.......YXxAB.....'.`.q..V..pp.i.F-h^j....I.?<.&.d?&?..7\P.J......D...?.-K...=J..X_...b,R....B!".kk..:...d..|..=8.$...@SA...].uB.........._...yaJ}{..\3.zI..T'...........^..0.p#yB............$...#\.Z`..;...&.tVJpY....4v...H.....yF..Hs..x...>..0..>+.1=..x..`.AD..[.N1^&.).<.......Yg..=J.I.....%...........Z......o..9Q.:U!..2..a....JY..|..MS...7X.7..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703501v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1732
          Entropy (8bit):7.891523007704691
          Encrypted:false
          SSDEEP:
          MD5:22FAFE6F1F2768620F91F5368AF504C7
          SHA1:B870495E6AD60E6307AE6CF2972E69433012E818
          SHA-256:878DF82E6620F9B7E3E4DA0D37EFFC1C86705A76154D73EACA76124D52CBC10F
          SHA-512:DAE56F5FF518D1615B49AE24396BAFFF80044AA977392F338784B495405268E1B6554DB826C070CC95DAAAD7E209B92E53BA958842C1D0F2475D19BA14B4EC44
          Malicious:false
          Reputation:unknown
          Preview:<?xml<$Y.Q......`.........K..4..R..TU?..4.M.i...Ht^o..jA.F.7..>kO...&`.B...d....1J....<...(<b.V)^.d...."F.<..p.60.g-.9\.`...^5...Y.VS...g.....X. o.9{.._Qc/".V.z..........7...a:.....7../....B...sr[..-....1.......H..E........wt..~....h.;..!..&aI..s.ux.2..h....7f.... .....t.x.... ......)q..A..8..?..........m}rz.3.C.hy.M......3...`..."..n.)...L..,d:.....A..'..1'.R...[.c.1...~..."`.C.Y'S..N.OU.B...C.b..n..Z.a...*...O.....;.j...E.....v..!Tn....y.j..yE.A9.%;.....v..h..l6.O.y2..N..y/H.:(.)..mB..c.....=w.&.+_'$...+.y~...V!n.P..+.."..3...x!u.VRE%...r*....F..DV.A...3....S-....Dl...:_.0B..}.3....l......;#g.m.....E%k.....h.g..2..Q.V.../.ipZ....-...sz).E....e..m..[....R....6...S.V=.&..(....E...Y.........?:...j.fc.).....D\,.#l=)....U.N.Z...!.-M..L..S.*.M..K.n..mQ....R.\......:.T.@j..p.......E...G.h....o.Y..x.7Q....b..|{[=..@v>P..d................<.N.*...kY.... =`.a..t..@iC.)H...U...H....D..47R?tY."F]t|R!.6.0yim>W..L...!.Q0asW~=.....Lybodm

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703550v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1705
          Entropy (8bit):7.882503270356561
          Encrypted:false
          SSDEEP:
          MD5:FD2152D7D18A4D17F8769183FCDF12C9
          SHA1:A580EE0EE13EBCB6B6A41366555A9F33F74AC5EB
          SHA-256:22DB0D658A6367250BF108FE943EBC4D18B84FA7E8702CDB8023C8369D9F00E6
          SHA-512:5031413CDCDEBBAF4B54F3F8BB13AB9425530336CCBD808346B2EEB014FE26F78A1FCD2A794893BC4B7EEAD346AAB7A78B79DCB51CB5F95A7B9684FD586A9E53
          Malicious:false
          Reputation:unknown
          Preview:<?xml....2$..ip.%..........p..4.........*.Y.r.'...tr".D..(2}KH.@.. ...E......%..je.2..P..3.B...&...iX..O&..0..<..@$W..i.n.o.........@....q.c.n..k.,.q.. W....w......&. .....^9.U0'..x.(.{.|xlU.u1..g.(.X{.DO.Wg4.x.............8..#..stG........8.....:..........:'%'I...[&.pr!2.U.J...+...!..H..\.r...].<...,3.H|A.eU...%.O.S.2...l....a.1..b...x.tb....W..\.....Azo.LY!'............:...'^..}..:.a.R.r.....Ko.1.S...*.Y?....CFR...>S.....N.P*..*.G....4...$>..~....?n...O.r..@Y.6;=.mX.[....w...;h>F9..O&...b6.`}|R|..J"......nA.u.VKl:.....t..Sk.C..)s......b......`....'..+%..$.4..1.....n.....~..]..e..[T.g..s.'Q..u....t..{u...N.i.L...."..x.Z.n.E.;.,...~Yd..#~.L.3p...x....*3=....&.]-.~..Cw.oE..n..j.V+0......#.bN......fg.c..=...^.p......#....V..1_[X..KK.....B..e~t...R...._Nx.3.{.....3.7"....z)..F...._......'.s..7..3..WJ..r.'......_#.`....9z..P..@.}..Tw..Sc...@.^..+.*.........D.XL..?W..f..oj.2..:.9L.,C..V.1<.T\..'.>Y.....`.<.$...2.A..j^.U.Cj.p..Z:.o......)..X

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703551v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1742
          Entropy (8bit):7.872760510718404
          Encrypted:false
          SSDEEP:
          MD5:52CB7B42595DE778CA10C3338A4C8C0F
          SHA1:2B17650D1B532756252209454E5BC2EBE22E2369
          SHA-256:2D8B951764ED3F89FF4D4CEF80B59C9C3B4A0741D9A2D89CA6CE5D632ED8012D
          SHA-512:1533FB3A391C2FEE7D27FF6C8E726321320DD5919D39144D1EC297FC7175CD6CAD54EC0239D155684C0E900A2EECE66D8124EDA02285EEA9CE7541F108E9AC8D
          Malicious:false
          Reputation:unknown
          Preview:<?xml._{.l..F...K..5.e^f.uY.,......P....@.g....N6T.I].Ur..*W.%.1hq.l(H. ...aEeJ_e..... ......#%.....>d5qzx.h.w.;..+j..,?)..54E.GK.f. .Ss...2.E.\.......s.Jl3..C..{..eA.J.{.....E..b[...`._.N5.q.y..5..Q@.;J.kTR.)%...g+..&../....]:.\&Fm..]..;..#..bM.1.cA|..jB......0*..w.."<...5.Q....N@....f...G.......Dv...e.V>...T".r.Y.n..A..&......I8....'....H..5>.7...Q:`...*.;....X:a.%...y.w...2T..@5.;.....WB...`.p.....E..;..lr..]C...'.E.E....X................\.T..B=yi....A.4].c?.9..t..r]|.7.....Ov..( ...!-....Y).L........j.........D..I4'.x......*d.......:..<.1...)z.5...q^%.<..#"...5tOr.=.Q;;..........7pI....:Q..L..G......>.O...l.."Z......tC..........a....+.~).E...P7.....j:.A.....h.k...m..AA..9..$.OG..!....'..m>x....j..D......&[_..'.2:..U....u.N8...9..w@.m.i2.&..c...0..F.qD`......A..3......U...A.np..#7.<B.%....Z.+..1.K.sV.gkf......w.L...a..x..K?..2..L..^;rL.d..1...........!=5..-R.l.<.b... ...\.....a]pD.B3d.C..CL.(..0.h...#.+....g.._..p."r..X.g..M...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703600v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1691
          Entropy (8bit):7.867524682162185
          Encrypted:false
          SSDEEP:
          MD5:B74DE695A662A2968FAF6DF229D5925B
          SHA1:260691844B5561F246B83B92D8BDAD8B8677C03D
          SHA-256:97791E6CF37C638E894868D8660FD31A9A269048321658515A6CBA11F1ADF4A3
          SHA-512:C528E0531B82F8578A25B2BF90DB7486BE8EE6765E0B45F8E215B3B3210F5BA1E7E25E57A077A98D874D5E4F00EB2D38B2D6D33853556CCDBE391779CBF8BADF
          Malicious:false
          Reputation:unknown
          Preview:<?xmlL......1^u.....\..UkV+....w.....@(....j.N...b..;..G.N..N.#.-;.~..R....=..FHo..9...H.y.Hs.{..r.....tO8..U..u.. .....FE.X.... \.C.e.^...+.J...H".K..'.7..8.=7.C.$...*...W...w..^.\T.....JC.=.pH:..R....K..YTX.L1..C~..~.\..m..I-..IE. .b..!.o.)NO.Y.....2Se...A6...N...Bbe%.^.......{c..I.....(..6..u...../d\.._...y.nI....X.N.uF ]..&.hP.^/....pjV_78x:RS../.........2,....FV.......tDn'...Zi;|&......J.;.~..T.i!+....<c......R|=`]....b..]s..RH..H.i.7F..]6.D>O.9-c.t...Ls....\i...ct.:C...?...GV.0....S.#;.(.......5|vKs.Pl._D......v....t5....wf..D.>Nr.;sd.{...@...^?.-.1...0....s.;..F..{e....,...[d..o..r...Z.GK..F.f..}.<..[......s.......f......u.Z..x...F2..Q+........w..5..n.?.U..C....U.wY.w.?......j..-.~T!w..B...h`....S..'h.apcf...J....[...B.......d.1..H.$.X....}..q..+..y...".m.@n|......."$.....Mk..!......H.....Y..}..G..C..jA.Y$TK...C....w\..".e..71.k.).D....b...E.u.z8hH..].RZT-w.-7.dn}... D.<.>.T..fv......J}K....rw=...{.....<.J.-.F.....b..}.60tx.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703601v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1728
          Entropy (8bit):7.86721258549936
          Encrypted:false
          SSDEEP:
          MD5:76ABF3061B4048DFC835B20F491EF825
          SHA1:47C04E3C542EF3E924EEAF71747C0F816F901F0F
          SHA-256:E886CC7B0B86959351C81C6F5311221C0F2E2DF28A23A1303B0128E95C21524A
          SHA-512:4C7E8F31ECB43B8141105C32B87E2C181D77848BFD27DEC57E578325340AD31180745B9A651C50D55A517E464B92E69A43C9B267B28EB91C8AE957DC29B29FF1
          Malicious:false
          Reputation:unknown
          Preview:<?xml.t..........T;. .....H.><"t..(.:V.r..p.!G.Y.*.Eu.A.Kh...;.&.i..^.ET.g.F..X?.A?v.kt...UL.3.>B...s.4,F..#.......@~.-....L.!+.....Kz<K."..(.9.}.5I..K...i.:+..b....[w.2.]..T{...t,...R...6..c..z>OD.....Z..e\.M....".......w.t|.w^..........q...a......#.a..D..............3.P.H.-....}qW.u.*...]......_..x.S.6.!}.k-.I..|....^.i..l...\.....z..P........asH...0.e.s.7(Y. ........|.#y.aU.1.dl.....P,..G.68..u<..g....#[2.......e8`G.v.......Qq..3S...s.**X..p...M8...D....}..d.Px.1..q.....3.Y.7.j.....|.s$.Du[|".....L...oQa.z...L......\!.D.g.|_\[..3.T-.4.6......N..c.....B.R.l...+....V......L.....7Y.(.d..3./M.."..v..`*...!.<...t....2....J.....NkmK....h.>............!v8n./.....=.;.Z...s.?...{&.J.8b...}..Q...FiC.9.gV....-...Z_.s.}.U.O1..|D..^.m..A.@. ..~.l.|..V.bH..j."..)......+..-..../U....:...,R..}".~\.}.w..(.n.9.1..;..v.|O|r.......N..>.....j...~.....C(@..2s-R..y9b...dj.@..8..vy.(^......c..b-%Em..8.<...Q.a>*.t.R!r.6U..r.!..o..o#..|..J..4...2IS...}D-y+.|s..7..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703650v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1693
          Entropy (8bit):7.895134367256544
          Encrypted:false
          SSDEEP:
          MD5:AED020E43D969BDA4E9075B2D577583B
          SHA1:4BFE4DEADB10DD8715E676C53C08B1CC1DB3DDBB
          SHA-256:39C24A891663B75148EF3ABD9F45327FA6B6507C52EE7B7CFEC3572CACD98354
          SHA-512:64EBD8A2928D4872352A929B31CC03163CE6FC887F155D2CBC8B2CFFFDD6E20109CDECBC765FEABF1E586B8482FD3E367C5223BA641943C94DD1B2B4A6CC0039
          Malicious:false
          Reputation:unknown
          Preview:<?xml+.h#..e>...}br2....j...S....3.x.,@ z.p.T.}P.pS."m.%I.HT\.6...l..M.(.}P..$.....,.p....K.J..*..0......&....(.U..~I....j.)...V..$.L....0.t;..5.A(..%~J.U.u........J.`.U.H..+.c....J....I.....;..,.sf .x.Y.n...T%j....F`m-.d"C.4ssR.......q.b=gP"M||..r....6.O...._.0..@..A9..//.w.:..,....{B.M.@.tF....%.K.Epw^.X,...<..c...h.........3..t........I./...o..G....;...y...j.wh.)............0.".e.-...+..V.......=..tK"..9...w.}..'..J.7.K...mP...x........as..`..uLt...f.^.......|.9Z.Y......T...n.Q...I7.s...`...%....ht....N...Z.(Q#....F.g...h[.g..|<........a..........v2F.>.e...wk...-.e..Rn.)..A_.J.P.AB......@c.i.dtX8(....C..`to..$...Z(&OM......e..C.........X.....P.L....gB..."..#..*..<..DV.H..k..I0w.U.G.Z......,..(.s..r.?..C..?.GP`.j.M...r.....K>.i..<(Nt.!.,"....'.M.0u.Y..=.y..gC.....w..Z.e...H>..Z|R......[...CFa4.7C...3'.,.....M..V/.^.Y.......0U.....KRo...;q.)..+S.wO.....C..L...Y.|.h-4w..j.HtZ...n4I.T.u...+ .x.-...v....e@X.<....4...1.2.qQc..h.._...9.!._...Q.N...HZ

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703651v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1730
          Entropy (8bit):7.898382752772549
          Encrypted:false
          SSDEEP:
          MD5:E8780609196AA639CC1D534F09ACD0DA
          SHA1:52D562105892FFC9921E7AC77BE48F424E963596
          SHA-256:D044B7AFD1C7752308D0225D33A8E174CE0D59C607986444C084D8917DB40834
          SHA-512:3D0CB0217A9C131D9CF81AB75B12DA149900DE900E7A61B0D1DCA12E1E67B695131165D309BEE3986F395DB01FDC0FA0FEC885AFFB5446896B1B0588455EEF2C
          Malicious:false
          Reputation:unknown
          Preview:<?xmlt.%?1............d.\C..;.j.(U...r5..Ix.......H..Yw.q....{?..fQ..-.._.Jq...-.."...@.$.....).....B.v.."Cl.....2(.t.1..&...".?.......y&.-..i...j...1..D9....Q_.C..JP.r./[..W...3S.l!.....X..\.Lf.9....S..kl..U,w...kW.1-yK.bt@.DC.[....##Y.u....~.H...{m...5..o.`,...!ML..#.O.PVM.7.......s.I..t(......&!~..:...F....p...X..G.e....$.Nz..G..t..~...$z...D...q...J...6k^...r...~.7=....B..9..e..p......F..)Gy...T...a.U.kE...-.5,.RZ......#b...f.....g.G4....W..fbl!..`~.....l..^.XJMr..9....+.V...B.....F......r.....9A..@.;...2....Z............tq..C.P6Ft..>.Y.)..Ls.5.s..0..'D..4.7...`.q).@.w;.,.qK.^u...O.....+..).....Qq^..2h.f...W...q....e.&.~.........q<..Y....7I3Ug".........K.b...C....ee%.uL..L.e.`...S.kbk.<Z.o...:.o........^.K.9p....^L.~..q.l......9...L..q.....$.k.N.... ....z;...a0i....2..$IQ...A..|#..F...4k....j......i..u...[H..Q..sb...bvZ......."3..p7#:..d...c.U.....T,...=V.ky.B..TW.....T4..sc.b/^...Z(.n.T#.8...j`S...._Y.....?.n.vPu.......M@...y....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703700v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1711
          Entropy (8bit):7.8914160574057135
          Encrypted:false
          SSDEEP:
          MD5:4698EC5577603CF66662C8CDDBC88B52
          SHA1:D04D3B182E5059C08FF6E388717511DF822B75B6
          SHA-256:B616A19210120DB5DE44E2AEF7B938C569186EED183DEA1E4DDD7299F1E2B6DF
          SHA-512:476BCD9F000EFEBB5F63687845D6D664FA89C3ADB7EE4121C7185A22441F81E67BD15ABE3859DE7EF94EECAAD9E51427238C3F753E25C8E8835D90071C901761
          Malicious:false
          Reputation:unknown
          Preview:<?xml..."V/#..X|5..>.....\....~.g.,.j..cb>....k....6........G...ta=%...+.R.b..D..k..o....EFVD,ulf6EuE.O.>.....V:.z.z.....mR....,o.{X.u.z.Oxh....E..e.Y4.<a .[\}'.d.b<x..w..~...w.7J.p/..Z<L.1i....y.%..!...Q.bG`.....?..*I...}..Y.8.0...D...0wU@..#lS[.'1.U6....p...eQV7.<..*.^.@v...2g..yt5c...-.?.fv.....jzV.^..].A..Q...^3........}.L.E.....wNt.F.N...'...=..8'.a..-f.G...8z.Pw..`..p...D.Z..Ff.....wc.."?.q8t....P{...=BiKa.6...a."MR...|.|.V.{...a.cF......0..;d.Ic..n...M,....Q........5...a.v..|......x..@.q...j.{..p..m..Cts.D]i....~...L.J=p].4.(..h9>..._....<.Y.yZ....0m.;`o#.R.:&.Q....+..BuHAY. .vG@. R.}.L..6IP.).,..j..DI.&q..m{..(.C%F.)Yh6.....Q........?&.#.p.Q.c}pKT.~krb.......?....<...x....k......\>..*T.wb.r..WLP..._x.Z..:.VUr0...M......L...i.1v..xa.l~.#z..$.(sU..R..[.>.F..rz...........^Pr..d..>.2...3..>.!s.J{3.....X1.yEF.X.m4..0..'.Hyp8rKu=*\O...d...}..n.....y.K{..F.}K.[U..bV!...._...CGb}..hh....Ur.m(....'..A....6.....A~......._.O.-..V}]5.(.7..0=A&"..V...huS...4.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703701v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1748
          Entropy (8bit):7.888097548051288
          Encrypted:false
          SSDEEP:
          MD5:5E7DFE801276C41502FAA9C8CB87DD57
          SHA1:C59572DE4736C2FE8848FACAD3C6C7125C0EBCBA
          SHA-256:72B3713AA91B220B753201BBF1FD49233D5383EC8BEC4E5CB35571B760065D54
          SHA-512:48CB13B11A1CC6A49E13617A88FAAF8C6997E29AC6702B875CCD1A5AD402590865E852ED231136AC0B2E9F362AFCC69F29BE0716B2642D612CA6EC308AC7123C
          Malicious:false
          Reputation:unknown
          Preview:<?xml..X..3..p. ...c. .^.j..)..t.....,6U}..-.=.Pk6......,.~A|.8.L....Wv..f...Vr.K...4.....9['c...O...G...L.f..K.==.2_'H.<!..@.........@.....O..@..CX...uI._..F..x.B(......@.p...8..b.... ...L.U&Z.2..<.r..B1),..Q.0r..$.:...P.4}..\.C.^8..MC.."..<....V^....X.(.a]P(..HQ..J..Y...4*.!.h.R./....8./"M?Vd+.2.....G..p.R.O....... .2...7ODNv.m8.M4 ....T...V......a....?5"z.!.+...z............L..U.1.{...u.+.KU..3..qh\...Oo...GJ.6....Bee%..C.okV.u...j.m.z.N...:.U..y.....uUq..1..:.6_..)9:x.9S..2.B_.....0.^...!... .'Z.d.w.i.6..8.C.;o.......e....;m..M05.,6..}!.....}7W...v.\4u.y.. .]K..3......(.Hh.z.....|..U.A.>.ID...,..N....sd&.#=..5N.c2c.'...1....$3...q=m...|m..Z..t...&.M....."..F..O....>.5xN/..#d.....O.W..-..tCI.l...F...@.b.....).X(.q.8..L..2yv...8Y.w........b..... .f.|.iSv..8b..4....*:..P&P.("f"....1.D&dP[.$}.....;J..0.....*..n|A....M..x$.[w...%..}..9m.#..$..R..VD...c....yoG........q.=$t.9..t.$o..J#V%...G........>....ble.d.C6Yw.....,^..Q....'o

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703750v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1733
          Entropy (8bit):7.881914420457607
          Encrypted:false
          SSDEEP:
          MD5:1949E90435D7B9388B321AEE8A730E4E
          SHA1:901FE9DCF988F60A346C94CBA98976F5B21FAD8F
          SHA-256:C8DA93DD2E5F59B97CDA145CE7F5CBA133121876BE716204B7542D9467DDC53F
          SHA-512:1C7F50472D44E0735BBBD8673967E9ED9893145946B3A5FAA317E078254760EF9D59DB1EAE6E017BE43679AA449431732DB4EE45EB646878C7691360857D3482
          Malicious:false
          Reputation:unknown
          Preview:<?xml#......y..)'..].D~..\+.#.f[.. .?..WgJ...."..?x/.).A...\z|O...YCC...F...e;,GM..H(..!....L.........x..B3...k.+?:u.Gt.]..t,.wI.,m6..Q^.2l.6...f+97<~i0..(.+~....f...9.).............u..~....X..Z(6.b.d..x.)..5.Y|l...MKpX.n....i.%...1..jj...B.u..6#G,`.=.....).."!..<db.._.[..N....$...q..@T.........>.k..O..l..M.X./...'_.....O."Q./.v.[.g..d^.l....$....{....U4T..........K.o......A<w}.3....'.P....(Q.k.Nl..9.K.8H....5..u.s.t..<.^l...(......[.fr.......x..wK-.h.x-...g..skde.a...D].I..`..#...^:..X*}...0....8!..].3......it......)o.vK......'..K./zaTM._...d....v.<^S!mO..{.U....|......r.{1...&-.=.4.!..v.7....U.uh.a9JNZX...,..tA....NYNa.Z=..2,..F...r..3....v..k...;..T.....^3~...kk.z.......;.W.(..E...l;N-...O..!2..=r-./.%d...}...m...l@!k._g?h..]3.G|s!.;..-..c.....N.D9.b6....)..).`..>..}..q..0].nKy.`@..S.......zc..*A....i.g."h...;....{..(._..R....2.8..S......R..5.h.v..\v.....x.VZ.3.KO...m.......c.n.ch..j.V...BW2..~..U.....j....e..n.o=.m..k.'mY.g.g^......

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703751v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1770
          Entropy (8bit):7.895919308370954
          Encrypted:false
          SSDEEP:
          MD5:F22F1AD3F4360CA5D53C69EEC07D4FD4
          SHA1:0D3749DC6CDF08C9AF3F9941EFAD6F0C521B2798
          SHA-256:17491D6163043BC3DF67A33AABE2CD4B33A7333C066B3427DD3079FA8FE856BC
          SHA-512:0AF9D5A32CEE2AB7774960BC9AE532212BEB43E92CC4CCDE607A00739F5B00159732DF64202DE852E035480A525D1B3AD401DFE12EB23C4026946E9C1A385E94
          Malicious:false
          Reputation:unknown
          Preview:<?xml..l..j..".9M:.l..:d.Rn....i..i5&......].S.H..F...nE<..4~,7....iY.,...)I....)!.<8..Aw[u......c}...].eq.........!.v[.B..0.5..V)._.b.pI....v..#..>......;9.."......$F.....[..?..N..Q..7..B.|2.'.....h.H....q./.X?.1.G...=.,.h..&|.......`1......*X'>...:.+.c.......l..3k.......n]VB.1...=.X._.@BP..3...Ew.>m...4.e..<...aT....`...ag#]l..F......>{@.*.'...eShf...u..w....D7+X./?..9..,..[..W5.0v#...cV.iP-. ....^y....gB.<^9...V"Q.cES.\...@..v"D6,....gb...x.i3|.........S5if.n.f.k6L.O......)...=E.y5..H)......[.P.o.)...RW.).S..9...{.W.a.W9.)2....8.UL.......!.cB.N.....f-.;.........E.z&...#Y.{*.:yB..0.v......t........6.fE.8..x.`.b....0....%..WV.K..+..UE...BO....jXwE...(..$..}n....E.h..|.c.$k"].j...nKB<.....uf|......>aX ..d.;.....6.?J?4......_1.....Cb\.*..O2u..%.3..Kj...u.D ..;.A...Ci../..p.Jt.."..{T....}M.H....x.......o.m....Y.q...:y.....J....5vDp.#e....H..m.@w..sX...L.(.G.C...`.Z..=...E}.`...>.&.._..?..|..h..3.3.^#.....*N..yl.B..*.)`.?......q.gR

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703800v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1715
          Entropy (8bit):7.8890697985990474
          Encrypted:false
          SSDEEP:
          MD5:2FB372C423B0A2FC8533879981CDC187
          SHA1:2ECDC7826FF8B5DE689B857285B3349821D5BBD0
          SHA-256:9466EDCF172E6A573832021B6A320883D1AE8279CEEF036B399EE0E5E0805153
          SHA-512:049FA24A7666D7110D9F1E330C5B9A7E13E482AD3628E98BC63F6462677909E15CD0E8844303E2358E7BE4ACD02667E2BFECE6E9A5563F5A6F00A38D5DD6798A
          Malicious:false
          Reputation:unknown
          Preview:<?xml..P;c.+P..X.=.y..'./.L..............$y^3.+.Q]1F...o.C]#.... Zt.E.c..4k.].... .%.JO+uT3G|..O...........7.w.[g....N... ^.....8l.x.S...:#.o6.oq8vj..0.(.....&...*....p:..I....].x....O........._.t.P._~.z."....LT..R.~...J..~.......0..U.......=gG......8'..pp.(..J.3.n.*....A..i.3c.Y..?.....;c.K.6...t......Y|.KvB.~c...c...ob..]8b L0..Mw4..).G@K..k....C.. ....!..[r..p_..]........A..,Tnk..].........C.2...?cQ20j.$..c...?...........k:.t?&...|./.]e.........?T..Q...y.B..3./..A../....{.$..e...."D....[$...&. ....bC..m..m.r.S*..}..[4....i...Ir..:......Br..z.;.c...:8.=.q.S.=K..D}...A.;.4...O..5+.\..`.Mbo.yk`..B...,].Kr....w.....>.^.L...:$..JBf.......=.....WR.{...............j.x-.z..Dw'.u......1...G..o.^r..p..6./.....:.A...Q..*/....zE....iQ],.{.......T..M....1^4z"..H\3E..."n_#+....\..R....WB..............C./.'....NM.F...1f%&.../.:..}=...H...N..........1.4...X....$....v>.5...FN=.....~...'7.UCzy.>..)^...<....H...x..!2.`.C!.....}a,HW..z.*..eg..TP&3BpE6{..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703801v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1752
          Entropy (8bit):7.864878257456489
          Encrypted:false
          SSDEEP:
          MD5:5E45CA93D3E220FB87FDD1EC22E1F25D
          SHA1:133DA2BC1A68A2E60BB4456CECF8A3941DF6395A
          SHA-256:E3D29149F7E224F24C5009EC6D0395AA73BCACB6DD886E5C447E5A0A37A46D8C
          SHA-512:5B0F3E14BA55EE5C3A505745D347782E78D86F5FC862709485E7B320562A6865DA8A4765A51D225B8E680547BC579D5A146B6A361F2095D552D4D31A42EE45AB
          Malicious:false
          Reputation:unknown
          Preview:<?xml^...(....../...@...'....?.,..a(b"...A-..3......eko..G...8........p.;.\#~..X...0..S.1..Y5#E.%.s.*).....tK).v -9. ;[..>...}...i.e...wG.v.8),.)...<..SKQ.|..).Qj_....RK!O...._.l.?)N...........F...Xq.a.N!.U.+..B.;c..B.|N.3...Q..tc..c..kq.bk,.....6(._6..g0..#.V......6#W.Q.\(....8.c. ....$........uO...|..yY..W.$..^.l..P....V<.nw.F.S6M..M.3A=vk@.V.-...Hv..>.`..W......`..2Nq..."..H.^.L.5O..)L..W......vxG.R.....s..)a..,..K.f..z.6.O.k.@HM*.R.C.*....?#.."H...7!S.9u..$.....bK.N5@.U.Hp...sd.....C...4..IE...C...\ru..2o.@D]5$h..9.4.-O>....3~!.).Z@..>@..y.4...)..A.U..(f.vwq."E3.HD_.r;.eaM.........`Iw4.....O1-(O.:...M.c...._#..|.B.h._.+..-.v.v1...x.#..5..\....q.......P..H2.....Y.....tj.......}$8.........../.....1N.K8.....K..nq..-..R.kDB...y.^.lc.^E...#C....^././...0.$.JF.D..........m...v...... ;.QE.I..x.F..,U..........A.u..\.`...2..k..'.2.o{...u..."3..eF.p..HN0g..o.L@.i...z.z.}M.tzx.B....G ....a.w..t..O.9{.c.p.Y}.+..g..y....B.B=j69/."..Y1..O&2;.....3.....X2

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703850v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1738
          Entropy (8bit):7.897399129255837
          Encrypted:false
          SSDEEP:
          MD5:34FFF2CCD96B98BFE7E43FD308DA70C9
          SHA1:DE53FA8C34A44CE551FD1B6F6461528E3762F14C
          SHA-256:A517334A20A84AC23D2763DF399C644F3CF087FA2DE742E64FC70F9664E3DA13
          SHA-512:C9892A74577078D215E458575B75F63D98E95E8EBCE21F42DBAFFF53E21A8B02051126FDF218744941B732CAAA222EAB5B79A84B7DA608E227F1DAE387F42AFB
          Malicious:false
          Reputation:unknown
          Preview:<?xml.|J.....W.....A...".<^.f...)....L.(....q.0nRv.vaX..b..&CaP..+......x.....[&."..7.+.rE..8t......S.s.g...O.I?.'Y.......4.L.XB........s.Q.#.w..W..j].<..j).....~?".`K".....k<...S.?...-ZV.....HP......~).....z..{7..@..Q.5..0..4....)..._.M)y.,..5...3e.s..... ...v..z?....\7..U....1#.U^._..5U...b...k.."....<....~...s^..\+.k]....Oa.K9.4..p..*.<.}.O.0;`......i.!\.M......2......-.u.Y...w.....u.!`..k....W..Y.$.......x.....P..n......`.gcG...<0.K.E)FI..-....Vk.2\rP.m+.O........ E..a8W..o..s..9..|h.C..B).".$.\.../?.L....E.7.4....GE...`..J....Y..<.d..E.HF*yDm...X.CS..%...GGG..?....>L.cl....U..> ...K.(1.h......#....,.L1..Cay.&8]..z!.Z..fO...0...W....q........D.!..G....5..<.......5...R].D.RE..!Ndl.]FBmES.)=.*..k*...{C..I0.......L...sB...../[.-G...g...l.s.5.#...m...z}.+......}rd..^6..+.Ng&.~.$[u'?.....p...#P..N0....O6K..IV%Z.Y.S/.TN ....l.%.S.......=...,W/b4.2W....b~...LRA.IZ...xY.'QJi.....~.~..?.L..9Z.~b.b.}F..".Y..eh$..b6....{...KB|.p.........

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703851v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1775
          Entropy (8bit):7.883107689694872
          Encrypted:false
          SSDEEP:
          MD5:B8F7119EE5D2A1491D2CBFEAFC5A5A00
          SHA1:11B370B96777DF6D5177E8281A835FD7087BF24B
          SHA-256:8EEAEFF8577E511090103E1AB27ADB8411DE1766B01F91C74106E43028EA962B
          SHA-512:BEF054F523FF3A3D085318AE6D6C58536DCBC6B9596122E527270A107D666FF00230C235D92A2504E872407985E0887355DAE34911C2F65A4CF2431DD1DF905F
          Malicious:false
          Reputation:unknown
          Preview:<?xml....on.=.T.*......?.0.....0i..\..Y`..(.>...u-..H......0...a.....[..[..\..Z...~.......(.R.:....LC......Ol....".Tp:..J\[.......`!..e.._(J;.h....^s...Bj.2.W.........R..OP.=R..;N....#Z..(.k.A..m..=.VqB...|..yN_..l+.#.:.9..x.S... .6....=.....6..q...T...N.....K...]..0..x...n+.6^R......m.B.8.T..xk|8.... ..K......L9o.#..30.G........l|..0....._.D...@K.6D8^f.o....?..L...A.8b.[.i..%_.2M.CPT...6.d............@../.._......_.w..]aR:.a.J.F...;*..M.).d..c.......)X|k.....>..W..E}.........)<E.......W..<..3rt...Mg...%...}]...n....)eqg..3.z.dR3..-Wx.jel8&Bc}MJ3-QJ#..QOD.......R.-v....6...V..k.1..Z...K..(.).Z..2.'.~ZS.J.th.V...K$....i....,...:lbdv..../`.....}?.Xx......Z.....xS..N..../..<^.,$......:.$.O`..........KX0Qh......&..:..8.E.m..........#....8.w..-.z.N....Ww....M..T.QGv..M.:j.;N..8.H7.Z]..Bh.{.b..i....}....^.....D.M/...|.. ...F..W"g...",&.;...N....K...Bi..f..~`w..7......G.g.8....>..'O.;.....e...=.L.....z.m..CY..cs..L..$.G.{..q..... ....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703900v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1723
          Entropy (8bit):7.884579508851316
          Encrypted:false
          SSDEEP:
          MD5:1A988FEA7199BEB421424B7167548F12
          SHA1:CD5DEAA2DA265FE26DB1913A908339084677F9DF
          SHA-256:A652B37E74AAFE175F5C401BF0E52F973BC285C7953EF10594EBF1FF4CFC174E
          SHA-512:30C05A6AA70A975752F546BD184D2C09C1D466182A5A2977EF6B184022C8C445EBA8D51F6E49FB8BA4892282B30E4522EEB03B5C4DBDC3C3160CE10C5A137A86
          Malicious:false
          Reputation:unknown
          Preview:<?xml[..v...y!Yf9.Op.#.{.6.B...."..A.j....y....,.M....$..:c+.6...k.......F.5...@.0q.....%&P..e..$o9(..* ..8......C.=p.T&.KEi1.k.8S..>.m.d$I..W..S..:o...q....{d.X...Ruz..pa...~.c..z............H.....OpA.w.Z..s;.2...zT|(..(8...~y.mPL`.].0.........(..K...../.@..P.b.L..Vx...rn..R;.J..h}...x...xVW.3... .....hn.I(ul...!.9..zl.N.X.T.....Z7."...F.(.$6.".2X.u..#..h..c).(.(....lht...><Q...i..`_...Ex.P..r..U.u~_qZP.h..&.*...............@h...dL...........w.. Z.....7.-/..G.]..j(......T.N...M.0'`x...5...`...."1X...H...y.y..25.KV.J.8....I.1...S....rh.{..d..,...t.d.A.0.(y.zC.F....BcDq'.P...n!...3w.@..2K...?$..|.a..@.Gj.f..4z.uc...K.j..Qk..........4.v..v%.d....;........d......0k}.4..R.T.T.t.?3.J..X.....h.'.Y3.w.../>.WA..-.}.b).7...Q.!........ .g.Y.I....p.7.X:.#U.a.M...-.3...W.j.O.3..{_..,SB..{.b..Ga.Uz.;..d...Wrl..m.>Xi...x`8..w..n.3..9...]....Q>..].....Ke@.O?..+..STf;F.<#T.@.e4N.............M...'...%.zHM...._.\P.2.....o=.....4..+X..&.$..0{....i.......q~.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703901v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1760
          Entropy (8bit):7.901889906108787
          Encrypted:false
          SSDEEP:
          MD5:6C8F906AACAC28DF58A9B46A2B1213E8
          SHA1:53114DE37F572F506B01C17CBF0CEA882E5D84B1
          SHA-256:AC6E954135C898820488215AD61D12E43429AFA5EEF9285E1B95C650375B6E50
          SHA-512:0539F2D8C43EE669896C5E6A4E9B6F58AD4AB31EFB16539689A50CAB2CDE1BFAB9D9B3EB5A19C2E8B7D0E1997C464B3EFF678A8311C14D1160C2BE70F4B8CF12
          Malicious:false
          Reputation:unknown
          Preview:<?xml{P.i^_..j..J...I....S...l4\=<...,.g.d....DJ..&3J.>D..5.}.C2~..kFo..)j.pr.n..y...D)}....f..}......0..2.2F.-.-..{Ub.vA....^.eh...X@..i~.3..H.n.....J.?.,.?-...d.SQ......f?......'..}I.....G...$Z<...E.Mz..D.....eva..[....@....d..lIR.3.~\.\....~...#....u.>::.....M.k|...4/........G|zL....t4.....G.m...My..%)!....z!.l..C.G...K....Zh..1f.]..6u.m....e+.&2w{r._..<{.....n........|...#%.h...2...*..@...o.".:1Y.j.Y.>.Zi[j..{.........=....m..7.%....N.S.'..2.9.-.....}]*^.-.9.p.n..1....+Fm......&M..,..4....lm\.A.r...hU).V"....s..RB-..A.q.....2S.$...V2.*.>..a>.a:.d6$..~..$...FTn+...\..<.46.."..&^../.X.w...8<.....?..:.h..kpr.I..'../..;..>.....H.....X^.~......f9Z...`[m.7S.w:.^.55.&u..Hi..ac>...D...Ep.X.....n...).;.&...8#..`.HX..^....2.h..l.2zy.on.\@...:{;W...[....]g`..X...8.... U.Na65p.##+.U'.x.N....}.[.g)..,.o.xG......#.#.L~..9...-.r^...w.M...a..z8,.].zC.$a.6ZU...4.!..6n0c9..ZI'.Q....1z.r.S..Z..9Z.y*=366A3....0...$.nV.....`%d..7;.......c....`...x.!Hq.X*..2.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703950v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1699
          Entropy (8bit):7.8823791852996035
          Encrypted:false
          SSDEEP:
          MD5:218BF6DDE373AC93FD94945C4D7C62DC
          SHA1:12039A47C5CFAEDE415CB32057FE28E8D50729AB
          SHA-256:02D8DF7716470644CBC31D164538DFB14C4C5914E1151F56564892C2D875048A
          SHA-512:472C2D59729C5618D8129EEEAC1CCEA27B702926A2A7C26924763E11D62DDB0C06F7EBACBE755C8BB76BD4BB1BEBBBAAE88959A5D70F91675474CEB7453FA627
          Malicious:false
          Reputation:unknown
          Preview:<?xmli.Z/i.8.........%.@|.v@.bZ.~t{.o\..3...#........0..".VN.qV..'JC.....G%...(!w....} ....%.N...&{.yk.&.+.m...,{Y.WX....a...|..[....DCU|....o.g....D.#w............Xi.h.N...c.i.........B.v.....1.<. .....u....xse.....q[.)...h.@F......X.........a4Kx<..{.q.._j.5.(.`.1.P..&...,O...=K..S.x.?...1..m.._.e.S....;G?t..1..p..W.X.L"..l.......`....E......C...tA..H..p<b....#.\4D9G#!H....rS...:![...PD...^......B^z.....+j......>..E^.H.R....../c:6...C.!...1..!.N.....X&(.J...GZ.PP1y......a[..9...%..Yk.e.z..x\l..0H.1?.t.;$.,bFy&.....M&....g...!.rt.xq.bH.L...pu/..zy:.S.zB...vm....m).....9p...F{!....i.:4..Q..........g...1..P...[......=t..}..DC.W."..........c.H..#.....G.....'..m...4?.fs..e%....PJ&d...........k.H..3....>..&W7I[...?@....V0!.?..x..@....;?.I..(}....`:......a.$."p...y.E.J....v.?.x=%..`z.`.e.}.%.k1......w..wQs@.I.zJ.nN<....d..<.dF.&..s.T...9a..{.@.z.3M>..lP..............)..`p`.T..hi.`a.f..;..{8<1X.O...,..M...[....t....#)...X,..../.>....B.q...g

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule703951v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1736
          Entropy (8bit):7.8940691441692445
          Encrypted:false
          SSDEEP:
          MD5:63557716DEFB5CBE2DC985EFB6FA95AB
          SHA1:7388F63FEB20F668A0B70416F3BAC1BE5FB04930
          SHA-256:66A99AEE59F8999886572019FC1BB5AA7AB6558D81F08D87D78AA0B2ACBB6390
          SHA-512:262A8376A383F1A9E03CC795DBE3F4CE52DDDA88005C8FBCF65587970801E968B9EC7BFA3EBA8A466E0F047684DB78BFD74689835A6816F908D2EE386353B404
          Malicious:false
          Reputation:unknown
          Preview:<?xmlh....GB..,..j{..<.{M..%m....L...E.m%..nw.1...+.?s;CA.g.}@\.....R..<+K....d{.. ....L.%.p..'...,.A..'.m&...;..v...B...SI.U%?;.+!.9.....3D1Q!..S*a;.....=....A..@>...O^.B.fP....5....$....5\.DGP....0$~.g.....!2...,.....R@.Z....g....*b..%\._.S..Z..R.......M2*..}..'qK..Hg.....PzTL....w..9!P....,?...tPY......X.p.C..`.h.N.Ai.m.E.7....)..........;..bu...-.._..Z...~..aN(%.f.P....C..)..Y..`..!.._/V>.....<..."HA.v..v.bd.IT...Qv.v.+...~.'..!..B}......3......e hC....s.....$.Q..e.[..Pf..Y.V8.w"0..M....SA.gK.....e.j.Z..q.Z.<..v.c.D...r.k...~..$......O.........."4.%.zO.2.....8N.E..f..z.X.;.>.....H.Y.?....RM....8P...W..}<k..+.qRB1....U..}=.8G.k..*#..;.?.GK.../...X.....yI..h}_.......i..7.m.............U.ZJ....KU.6|...c.b..4..fP%1...=a`..Z..C.;...c..O...../..=.....K.,..g.....W..i..Y........(s....y.u....r .0..t....]...6...S.x.t.K.5..G|...x...M=.\..m..f`.......l.x.....w.(NF.%....2......{..e...r.75..4r..u.Z.1Z..Z..T.X.UF..D..sg.....2V6m.i

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704000v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1715
          Entropy (8bit):7.908133842263281
          Encrypted:false
          SSDEEP:
          MD5:C0E09C63AF64FE5943ED6824F894852F
          SHA1:9BCC13F17D5FCF46818E6F19FE01F8B0693050EE
          SHA-256:54B1D83776268F8EB5EABBB6A96E7514A0605BEADAB6C19D3DD1E5A6A1A8CD27
          SHA-512:6A006500986E0BB8EADD810173B8C5479696CA4949D148BF19D9C9C031460495C496B9C910220B3CD120F25086D20E696E4BFEB8B0BDF4CB1413B874EF103A0F
          Malicious:false
          Reputation:unknown
          Preview:<?xml........M.L....T...V...J.~.+.4G....-h..._...fIm....R...,.........\.....(:?..*.....K.......+u.....\..T3|....a.BxH........'b...C|.....;..t'.j=..)..b8z....~m.D..oRUY..5z...h..o..'..a.Q..t.i.p.gm.m.{..."....$..........}.B\v.t......Y._.&?=UZn.EG[4:C...RT.O..W\z.M..;.b....+X;O..>..x;."w.A&....b#!#g.....y7.c........@..>...iL*..|....7;).v.Q.Z*q1...H..>...<.N...Z(..|...%.3.E?..+...o_../....w....(..:..Y.W.@..@..)I.5q.;..37.. .$.|.[.......q.s..N..._.Y.....T..%z..:..'40..'.p....^|.o.)...03.r.f..a..6....xW.\v.7.....b...(_.P*trgZZ.F..Vxy.....<n.......D.3.C.........mB.j$0....]e2.e*/.......G.If.......C.I.....l.l.b.W..d.....g.Ec.'6.!7.f....M=...c...j..%....X.`>......!.[.........D.......~.].@...!s....U....!]E.....|D..v..+.m\B.d>^.x.X.Z.Ge.b..W...x-...k...-C.G..@.jt.f.#%.i....]...7..........X..*...U.7([|..F?.`(H=U..GG9.w...C.. .......Z....8/R7..[.E..-0.{.A.....o..l.....<.{.........[X..B.mIU,?e;..b.NV.M.....9.>.Y..(.x....H.....{...T.:.....3>..d

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704001v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1752
          Entropy (8bit):7.895002335887092
          Encrypted:false
          SSDEEP:
          MD5:05AE98F9EF846433F9D0866D70E56E93
          SHA1:AAC1AB26619B44CF37DAE8E8AF477121208980E4
          SHA-256:5FB2526411720482194AFFC0EC0E22772D0F27181D1D319D0EDD62B918AEC3FE
          SHA-512:7202E4EE7717D69CDBBE717079E3103BB38809F1799FC8603B79E960F3FB7320C1F86C25D0907BAD013FF4909F221D98584D2779E89886A73CB0D6377660F7D5
          Malicious:false
          Reputation:unknown
          Preview:<?xml~.%E..[.4.....d......P..4.T..%.......h......q.Mjev~6n.i.FA..o.......z...%.H.i.NJ......I.O.....61#..:.....R.......u.>_./....GF....&zN.....?B..`.go/6....w..k\..Ow.s..(J7-....m.zd.|......4]s.-.B.JO..g..$$E..a..8........4b..=N....!v......9.X=..7M.n,....-..(.......h......Zpq...1W, .MEr..gES6........".&..8p.I.!Y..Z.......}...A.k\...oQ..~V..W....G...T..sq...J.D.8l..u.*.G.j.....N..;..............G.J.._....E_`.\J...um.z..h....&.`.8.xc...p..cp.`.8].o.......%]S.,l.......j...%...";.H..06...a.9.....;.Ga%..Psh...q.....w%.B...4.1k..EL.H.]...>.?0%.a..}...n$.d.....S...=IN#..0..(.'w....?..9.U...!0^M......u]6...w.}...?....]FAp.O.m...p.....:.``-.`.8`c.+-.....EM.4..l..C....<...*6.......a:.........-..(..W.%W....gx....b&we.^.b.qK....9..v.N[....8M.......>....fa1."r...ry......E../.).6..{...D....(.SA`.."`......$...]...........'dG.(/d.......,.>.#..JJtG.ZH.K*MX %/WF...dD..=.....S..j..1.<....&1O$+..}A%.-..M...,..&?....,+.Z.o^.e.i....Z....?TH.O.....i.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704050v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1689
          Entropy (8bit):7.874765614873938
          Encrypted:false
          SSDEEP:
          MD5:81D8CCE005FE74BA71D0099171842C85
          SHA1:352B1FE7B26BF552F69232741807553B2980A6DC
          SHA-256:29A704B3FFA6BF6C26EE4D57DBDED9039A0107CBC2C6E7F545A70333A05D7191
          SHA-512:F371943DD5A4EF7F193DF370A906D61F757499F8927FE526F39F26E268A5F10A652460FDEFFBDD98E9C83BCF390A6D08D02219C601676B9625548F17867520E9
          Malicious:false
          Reputation:unknown
          Preview:<?xml.B_s...q......ysva..>.T-5..\\.k......#...]c5|U.|......D...A.q.n.x....8.")..}......D.ONX..T.W.G.[q..S.fz..!...C.......h....@e-.Mz._...u.6.4 .....t.hN-`.h..j..y.....G...K.J../w.].A.?*.;0...H.&`....c........j.8...-n.5]o..V*..^)_).p.....th.."W?j!.O..n&]K...}.p+...xI.PB..h.r5X..9Z..5OA......k.9M....,..`[.........~5....i.s&1l...l._..f.....Qt.f.j.F...M^.a{...XP......fA.!..k.._.T.>.(.XT....g.u.t..*Ubl.?.3o.3...d.*.}.(a.V$m..........{...l.....)K.........t.,6..6@].0>..ft..W.....+..d.V.Z...9U..._p.C..c55g'd.;..yvn..|..f'..m...mM...^...r.q.v8~!..U?.J.1......e..;...$C.EQu..}.k.......^@.%....V.a.R..v.2.....XL.a...UIw.....DZO.T...K.].].<..3.{...+.J#...m.A2..A}$68)..L.M~..W<..\.c..?..h....*.q6.v...yo.r:..W.G..<U ..A...S..*.1%sy,..kU.....I.-........,enLv&.Z1!9.D....C.@#....6".Zu...n....c.V...,....Nn.O'c..>...T.S.$..*.!Zn_...r.f..it..Y....Fr.Aj&.c.....@p.'e0.O/..U..g,.m~....,.*....}.pL....V......D....L3.6..>UJUU..A....X?M._.4..i....>I.F...[.....+`.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704051v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1726
          Entropy (8bit):7.893397532431381
          Encrypted:false
          SSDEEP:
          MD5:3BBA5D4790D81CA8403F432AE4FF5CD9
          SHA1:12481D9347CA09406315A02D7CCB50CEDEAF6703
          SHA-256:161FE5EA4D5029773B8400E364A0DE86F53E2F6EA0AB5AABE3AA5A241402A7F2
          SHA-512:5200431525F658A2E6F4870DA06087C45D6C7DAF282DDE99415A85172A12191E4527DA7312950EC8C1546F13825FD8BB21CAEE5181B4164A168391BD3B676FD2
          Malicious:false
          Reputation:unknown
          Preview:<?xml~.$...33%..&p.mE/.J<.*.u...!.........!Mf.y..l`..?U.M}N..P..|0..3..n.[=....bi..K.nt.<..{6N8...SNN.."P.....8T........qf..y..O4u...1....?F...V8..m.e...#...-.6.|..)._QWK..H.J...\x.....C..>.:.:........g..Be.....(.......j.@.BB..=..!...P%1}.....\:.wA..n...c......U....H.a...B.+..w....yFb.t..}|.1...J...fg..$(...g.3.(/..}...?.1..~AI...Gr.OE.Zg.V"c.....2.P..i......4......c..=....?u;).e...57.K.....v.....fn..NM.WS....XY..+...3.e...p?07.F..t..-).=..@..v.R.h..I.....9....o.?#!....hcYq..I..T.(.v...9.u........$.x...BY..a........y.dI.A..h/..M...q.........d+G..w..M.....Dl#..'..H#U.TiB...vgM[.j......c.A?*.(.(...cc...o.?..a%..,.I.......&..Gl.T....C..G..[..$[t....r..t.q.T9..M......d.8..y...M.........,.\>......<...-....' .Op..j.\...,..-..I...4......T..|.a~W.(F...].....i;.Al.f...Q.....Tm...j..7..)..g...@.^.kc9....P..}.....h.?.|.cu.u~Ha".^..[.....As.....]yxY.2.H.C...%..$t..n..f.D.R...4.....`....;hl.>0...x#../.q..Z..P..\.L..:h...."L...&.'.Lat.bk......%.g..n

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704100v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1695
          Entropy (8bit):7.846064356049239
          Encrypted:false
          SSDEEP:
          MD5:A2A12DE7814E802C5046960CC921DF8F
          SHA1:0AFC231B27ACCB7645C59D57B5D3B3A5309B7BE0
          SHA-256:EFEBD0C5F501499D8133B8CC2CA4AAB4B080D7F0F9AA5E400E4183F9EBA06463
          SHA-512:26DCFB2684AD18B2DF2AB053AE35BCD19549A038E6C2D8C8B5F7783D96AA2B63B96BF663AD289E875857111B45368E76137F9598F6520F85962BCCF677F04F65
          Malicious:false
          Reputation:unknown
          Preview:<?xml....jR........$.'.f..{1..v..$.O.X....m..r//.oK}....=......$!.^EHqfy.*Q.....j.-ZJ.][..._.(....x.I4.}[,.|.ZC*ww.1.|...4.$w....1.X.fd+J..[..50do..4..tn0y.K.O_..V.....cj}.&.96....x`....F.P..?.s)...0....~.]x.Q..O........7.......'s.T..Q.+.A}..._W$..d8<..;P..qb...$-.E...B.Y..\.........+.8.w..&..|9.c].....h.M.J..xi..n.N.k.QE....Y.7b.t......QP...t^ri..Y...J{Ii.......r.......k$.r.l..G.[.A..s.............x~\..F<....'Q...s../6.x.Rb.....p-.YY....G...j....a-..F#?..tT=Eb.....@.h].......N.h&c...$."..5`....-9Z.+s[.2.1Q...T.,...>..J:..<...1Q...._4..8!..J-(..).0._..7..h"..V5..B..!.J..T...YU-y.i8...m.uF%.v(.w.T...o"d,.y.........7......i.r..y.^..mu=4R&.C_..;...7.A.#?.y.....jF....nD:....\!..s.q.s..t.j..9....[.A..Vj%....]..4\..v..:{..M...m:`sK..4. +.}\)...}........X.[.;;...=>..f.u.[.!.&".A....X3......#7cA.9. ...3g....D..L.......]...M6*..:.Hp.2z.s.g...05...|}...^wfJ.z..,++\p..,...Q.cX~S......>#S...*..$..'.. 1N..cm?..E.B.9;l..@..A....fa....-..C}...Z..\i

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704101v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1732
          Entropy (8bit):7.903464334786638
          Encrypted:false
          SSDEEP:
          MD5:F79340F9DD727A589DAE70533A61910E
          SHA1:16AB7B35FD4D05A3CB7705B4267C7FC5690A4A02
          SHA-256:B0B14A397D7D39E44C5617251716DDA0198954ABC01C858FA20EE01BB4FC2189
          SHA-512:A53D01CDF84673A0AD321408CADD72B502FEE12F775FF34877498DAB87688EAF8AEB08E085942201D1FBF0AAC9E73134D39D19A7B718FC35D5EFF27C7888C91C
          Malicious:false
          Reputation:unknown
          Preview:<?xml@..48B0...`.....E.<.[.y]..@.w.O.#..Y..l..V..<.0J.J....;.g.&nf..E....Le....M'...o..J...$@9.!(.h7R.|r...?V.dZ?.........7\((.[5U..\.,C.7.f.$..[6.z).u...cA.k<..../..J.W..I-.%Nd.2..'W..|1.PG./.!..B....a....E..oG......k..d.....n...{...(..d.Tc.j>.i.c..+.wR...%>.%.\...O..C..&#r.tK..b|.CDi.).......ZZ.X...X...9ug.<..U....p.{....&t......v.s..'.\p.g.....o.......#/.....eb.d)7Ij..a[.B..;...;..0.&.b].S..Iz..-oV.....4.)y.x.e.E` .b..W..@d.....xz..Ik._..D.(..G....^kv...WP.9...'oN....T..?.....g......Y.v/b|n.....D....g%u_gt.PM;......W=B^sg.p&..{....y.:.e<yO...^{..MU.p....%.m.5.....Qd..#1....u.$[...l.G-\.~...P8.X...h......,...[.@............8x......". Vw.?t3.M;..... ,o..wp.ar'.Z&.7......z,..+.h.....8....p.......`...mB.rJ=.r..h.../x..t. ....#.h3....U..$....O..8.2S.....:.|"...9....{.r...RM....i........>=....0D.i_..%..Pm....7..7z\......HF.:.q.M....;*??..f.|W.-PW...v........U_d>"Gz...[#=.5...%Q...,<F.6w.7S6.2v.....T..e....f...$...r....,.@.>"<...p...9=.i....jq.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704150v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1695
          Entropy (8bit):7.879158294739835
          Encrypted:false
          SSDEEP:
          MD5:A3FDEBA4C03DD016D9EC83BED78AE0D1
          SHA1:9CE86A185A4874371E843806A3599EA5F4F1F1D8
          SHA-256:5FCAA1ADE864F65315790C3C7D37115DC859C5E72281713758C90B703024AC57
          SHA-512:BFEC3BD0355AE225D32D41048128DA85F55B9086D8C9855397CA2F4428923795B8C68AF3B0A81DF70EB2C8215EE1E86D1BC75988E49ECBFBC6C8E352EC70766B
          Malicious:false
          Reputation:unknown
          Preview:<?xml.`.9n($R...e.........z .,k..'.`..QI|6.f.....rE^.2..l.<W.....l.+c.K,....j..b..W.c.U.....&..,....(q..&.F..UA.\Y?.#..D.<|Xy.>....3.7...75,z...5).)m..`g.9>&../y.H..c.n.:[.GC..S....oZ. ....2.M.F#AYv....'...<.W.4n9..A.........=.v^.(.*=.....W...K'..Qrr.t.,.+.Q?.Y!.<Z..z..'F.......%.2.<.#^.q..g..u.D7I..{Z$$.....X.E.^.z..Y.q..#.B.J..&...ce..</m..[a.r)..q..25|gf.....i.....S...xeIY..g..^...~:>...V.....Q..rNYt..h.....c.=.p..j0;...s.l...<%.u.4(E......."&.UYA...*..T.g.%.....c-n..u.s2 U!r3,....U.o...f.S....aC.$..E.*.r...o..J...@".t...)r.r.U..V*...W..,....M;Wsak..4.F..>]):.b....:..MSH|B.kU.....7..ob=......&#R7.Y.....L8'j.. U. ..!.......{.n..e.....JF.........@.9.$...e...*.^..hA..D.f..+.[.G........}.S....S*M\..L.N.yk.y...G.V...H..o...y.............NG.yD.s..."^....IE..C.F....4.c.........${.\<.x..0.H.F?...Ok.)F.....8..j5(...t.J. ....C.P.O..!j...)...R...d.........b.l.T$...Y......eT...-..p.G..N.wV...oFlG..q.. .o#nM8.g.....k.............v..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704151v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1732
          Entropy (8bit):7.882569130081622
          Encrypted:false
          SSDEEP:
          MD5:76A059548165D2AB74F229A341417234
          SHA1:7036EB8E81AA0B2E28DF2A2AD216617BE747B179
          SHA-256:C30BC802F8AAADB198E028C6EDE5E1D10025440689DE5E953E3717B58E574BF5
          SHA-512:ED1EBB0158AF6639E78517950F6786BF2709D9521E9C9924701CCF46DB8C8D485C0A7B186B227D7C1DB52AEA1AB84FE29771AC724C664A4F2236ACE1C6A3C3C5
          Malicious:false
          Reputation:unknown
          Preview:<?xml0.:.a.,...J.*ME>)}../....qI?...1.h..rNF8....r.....$..........c..:.r.....c.%Xud.w>.....\.&.y........t}.or7...E..&xb.......({=G...(.S...`x....._1..uF.$.j.3......R..].{...W...f"?..[.:0l.o.|..(.d.Ip.q..4.....G.,..T.Fv2..l...U9!...:.:.:.....5+....`[ .(Q.o.e.*M..N..b;..T.w.}b....w..?..rb.!...(....%v....]...c.G.'.)..jlBR,.....m?.Q....$.....5$.I.f+.^z.......K.Jc\...{H=.D.....&2q.bo..x.uI....L...dz...iO.*...tp..z....h.S..PT.6..._.....It.fI0.....u%Q..}....%.6]c...G+.Aa.q......w..E8$zc.K......e./.f..u.)..@;.y.....d.m..Z.........=.t..pH}.2..%F.4..z..........j*1..7.....`.A..A. |..{.B.o).}$.JXd.I4....f.. >..k.../.uJ.i...u.....m..P..mL....!..r......<.Y9F.....WF.phF&....M...&....y....a,..."Xb.....W. . #s. ..'.UdC.#.^.&c.ph.u..[_8....~.....H..p....7.DZ.3.q....Nd......s~..XX.....n*.z.U..;.+...oD.dW^..u.#...sy.W..8....3:yd...F.U./....\f.Bq..qT..$j..(MBx..U......|......)...e.G..Ow-&"...3..}n..7eNH.z..Pv...0Y..\h.8fU.u?..i...O|...h...i.....uU'...S.n..N`.N\k....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704200v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1713
          Entropy (8bit):7.880538764492946
          Encrypted:false
          SSDEEP:
          MD5:23B4087C93AA0E5B47AD89FDDE058673
          SHA1:8DD501D4E3F2E5273773BA179374A082A732BE9C
          SHA-256:194B46CA23406993E17DF1EDB58B968D17D8D74A11113367AA3750E8F0836489
          SHA-512:3E52E84FD703627103EC239DDD3E7DCEB0103482CA06CCEC060555E2B9B8FA808ED14BCE789A0F1905B9F9E047859F99AEF8E8A037D650810CDF2AE7515D0B0A
          Malicious:false
          Reputation:unknown
          Preview:<?xml.o......VM$(PD.v..^._..y..|@........h!...QC..F..Th7g...v...C.....'!.".F.K.x..J.'. Z.5..@_..9?y^a....3..+............b.....(\.,......L....W`.)...vU..6b.....O0!.0..x$ DS.0.-.}..F>...X.).m1H..2.S.A.L<+_..G.?.<.,....q.SJx.G</ZP...2. e.r..H.].Y9...W"Y^>K...)..|......>...z=/,...S\p.....Z. ...9U..}.H..XH~.....-.......n7...w.q.} /. .K..(.6At..,(.6WI3......~..>.""y.;A...c..l.Zk..| ..U...5v.. ......N...Lx..49By..nGR.F.IVU.Z.I...Fi..0....X.......Q....h\.o..E...F....2'.2....z}....VL<.y"5.au..i.A^)..'...K.+(.....f....N.V.....Cqi.A...W...T.!.H.).Y...8:j....Z4IC9.$......4...Lu...S..P..^..L*.j.....A:8V ..$.Y...>....T.RI!...Q.@.Vr .}Z........d2(..v....".:..=.L.....>.Q.$....Z...\FLc..E!.....:.1..$8....r..1....L.>]...T..x......u3#fJ........C=..t...rK+.\}..Z..-...=...+"^}....p....-....U4.#V..~.i7..e}.(/.i...[....c......!....m.6/.'......?.-P....0.w.qQ...>.s.g.i0GD. ..q.2..S.r.0....E9........]............(.h.8.......5...N..@.%lqTC.hf*..@].y..]..0..<..08.O

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule704201v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1750
          Entropy (8bit):7.880845798947583
          Encrypted:false
          SSDEEP:
          MD5:65E32337B1EFE3DF6F664293498498D9
          SHA1:BDEA48116A05D9586078210B9729529327BFD0A9
          SHA-256:11947A636981E505AEC7D7FA29DF74C492009EA811F3705450BB7738AA332CF4
          SHA-512:B3D1485CBBD762F04204E51FE63BD3A1BCE5D204A73B3B1F1103957257669C705BEBA1281EC18BD62AA83B5678804670F51694DA780D5814004C92D464B16AE4
          Malicious:false
          Reputation:unknown
          Preview:<?xmlN`V..huw..k.?@.,..g......Cvw.....q..1...%..aW.....:....oR. ..<...>.>g....nu.....}.&....y...6p...L....<W.`....D..._M.g.HX..[$(..&@...4>..{....".w`3QZ....].V.. ...PzTx.7zyo..].Qg..GM.,w...]ZR.....:L..C~s~......,.<.....q...@.U.q...c.h..F.R.8X.i-nh......G...E.?W...e.V..<...D...4K.rY...oa..,s....2...&..{D2&!A.a.Z....8...mNE.....u...c..^.? .......>....n*g...../._..d*.....q$a.%..?............o.&5%..&.a:..........6..^..+Z...>O>..9.9..#.'.B7...~|..e.....t.F%..#h....D.sF..I.iz,;.y..w.UZ.d...#.y.F....~..t.,U...^....5..Dg....I`.... ...D..,.V..^.>.b...h.W0...?]f...dDT:.sAe.G.#...\.g.)..8.x)"<....I.,.8...3._{..........4{t..4..#.JEV....J..9/O,...a..X..NQ...p..F...C...R..V.).tt.~.tc.g..n7.;......n.D"H.,..,...UX.0s....5............@.8`.p..7.."...?.R)....&..D.u....20.k@v.I.:C..!O....D....>.........$*......q....u..A....F.x.X...O.f.r&...g.b4...C.Wh<q...'...q.".GW..@.U.vj....h..x_.......MPU.v.m).[.s.T.i...r..V;>5G..E.5....6. 5..%....)....n.k.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):361051
          Entropy (8bit):6.514865186601673
          Encrypted:false
          SSDEEP:
          MD5:3998849CE61540BA262CA9B720DDB6A8
          SHA1:E1F16ADB346A5DAFB6AD45E07EF8B9E32547EB53
          SHA-256:190285AFB5EF2BEC4783D577773E41B3F69CF4FB14F39BB818EDA42333857E60
          SHA-512:DD15DE2C4A2EB5134C25E6BEC4A34B8A70FD738ADCFA758B1C08FA4FA3AD1B3131158C2D86D372D71E38CEF8494944640D5CEF4EEB340E860B55143EBDE7F778
          Malicious:false
          Reputation:unknown
          Preview:<Rule...d.*....[.`..E....g....v.#....O..%%...S...38.d3i.J.z.&...m05.?#1.Y....oO..Q1..`(.#.....~O#6)...V....i9[...z.iSO._..@$.YT..uh].,@...L..wh^x..q..`......).7v...z............C.r.Qu..9.5ik+....23!/....z.4.....W.....3%.Bb..X.K..>M`B.^.%.....'...So*,o#ZW..{Yg...q.u..)...<"H..m...a..........^l?.e..,V)?>'.A.i5.s.7..w.#.l...Ni...<..X..R]7..w........`..-..W.0....N^WG.G...K%#quw..0....X2<@...g......b...%..E.z.....gZ...DAM..{....u.....l.....0.K.*..}.<J.X.B.C.Y5'.....c.. d. .+!..;..T.0...XX1.H...{|.1.0.H....-X.6..;.G...0@..r....b.y......H#.AK.i2...........a.y...\s....(...G_.w.y...l...}!l1\. ..;4....OlyB._51..~4E..ij..%...r......d.n.{kw"..i...D+.:g..hP...J;_.}.Ux]TnQ..6A]m............M..EHs......a.P.....3...Gj..........k.sJ.`..Zd.zLa..B.Ml&.R...*1YF'..X.7._B.L.......O@k..f.....76$1#..>$B42...`}..q[?.xn|G.....S....V1..O.{..a9.....?.:F......S1.Ql/yb.t.....A...f...ks....`.Q..$...]=..>...=....c.!.u7{...#.....P$O~!Up...L.6...7.....q.5.)......

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702901v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1745
          Entropy (8bit):7.8736706646559105
          Encrypted:false
          SSDEEP:
          MD5:05AE1F7E67ABA647E839470ABBD0A2A5
          SHA1:F358376674A5FF541CB84D1F959F9115BE9832FB
          SHA-256:F7F60E99FEFB1641AF35309F7759479E4546F1107D249A180D9286059590025F
          SHA-512:C5ECDEE6404A9E9C10CBF57A0AC77DA189A397A8659CF9488E27B90456995EE1378FDA13AD8DD19D6D95291FD7D281ADAD075B593F4126607CC3D1CFDC939926
          Malicious:false
          Reputation:unknown
          Preview:.<?.ic...'&.....w.4.,...~.G.A.-s..A.%I.,....a.......Y..RU&.o2..m.....n.....4...r...n..j.V.|.O*.<.....7.c"x%gQ...p.3.@.Z'.|9.Dh...\9Hx.[..<.K.\...9.R...../........%...O.1.M..q...^......4-..!.{..:..Sp..~.N.GhG...6...0..[..+A..p.../.>%c5v....*R.b.l..Z.R...O..........*,x6...W{.l..1.>.d..T*..z.h[%....... ..1...U....Q.-.{.....9E..5....e`.t........E<.6+....l8t....s..`.......j..-.b.c8:..F.P.....}...E0|....%0.>qK.....U.....bY..X.<h..y.....z.....?>}..%. ..ZY.8.1.\.s.... .A[..?....U.^.....7....4.m. ..-`O..H..3...h..O.j..M>2.U.OL..^.<{\B=.....q...]'.&..*We.E..q...0T.<.k]. .m......df......X....;n.0:]......w......T..^3...R..E...l....M..06...F%.;.Nz....D...Ax.h.`w..M..z....+.m%./.B...h....FSU....X...v.|...*..-*?..7..e...R.......x.).........V..1.<..7.j.h..XlJ$..f...U......r.HXN.8"O...<.)m....?K.#..L.E.N......^r.'.[.W....+L..8.sK..[.....z.C..5..3zt...y2H..41...V]$...^.R.,.p..8...1.H......C..:K.....LZ.0.(....?xx....Q....&i.`.:.'..@C~W..._.Y.]....y..8

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702950v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1702
          Entropy (8bit):7.883794727018499
          Encrypted:false
          SSDEEP:
          MD5:3F0E113E792CE7834AA47FB885FC2E46
          SHA1:5F09E133D6864D6EBE8ED34516A42565B7D84F83
          SHA-256:B2F15C9FB40ACE144C7DF0AC150C564CDA48972F7E12387F370F5E8197659E62
          SHA-512:16E84A8FB17FD4AEA3D607DC37C263CA984BC3BF9C50C6B5C6A58E456AC904997DB8074A64E85DA83702FDF14015A9C6FDA589C5D6D44A1E9ABBA6FD70D36626
          Malicious:false
          Reputation:unknown
          Preview:.<?.3l%5.x.0x.T.T..=...6....Z.8.T".N...k...L...Z..7|...Q.s0R......I...a@.l......m............ .|m.l.:...*0....?dhX..G3.^..f.....Z)N.....c.....Y.5E..s{4.[.c.U<.....T,...p.g.k..a.U.#-..9.U.....*=..a...i........VO.if..|.~.2oR.'c.,.B......k.U..w.U-...HV.&....+.h..5..9T..V.%..{.....o..z..\...|P,....^..?4.......$....;....C[.u...^#.S.^.....;X.5....`.6f1.jH)..3.M..3..0..'TxRx,\#.mb.v...X%2T^e.vqaB...{f..../....D..~qy<.C....@...s.V.e!....3..7..k..H....\...><sa.i.@`..j..*.......5|....!.....N.d....!<].Z...i..d...+#..]Q.E*.........;Ua2L.....E...z.}.#..<..k ..H.p..R*>y/[....7........`.k..?...n.8..axM..}'.M....T,k!...d...w..5........#.......l.f;}.....2m.C.f.k.3q.7.W.....b....J.HJ.2........e=.:/...7.F.....e.TM..T....e%.W.!.....'.&.$Si;c7....3..]....._.s`......<.^..Tn`.*'..so.....f.K.z..@....3lXu..x...A.:.)......'4......"....=.<'4pn..r.W.6.l\.....q.0.$......B.~...:.h.......*..1@..4{.[...y.{.-..Ay..UB..K.....h.W...p..m...\..Q..).lM....N..C...c4l......'

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule702951v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1739
          Entropy (8bit):7.889395712263803
          Encrypted:false
          SSDEEP:
          MD5:AE34293675AB3E5E0A48F511AE830ED4
          SHA1:6000E12AF3C89945972683205A7009BE770F0E3A
          SHA-256:E08931E178B0B31F18828218D6A7EBBCA8138B9A3C7F5D2FE5F3EDC6E97EDCC2
          SHA-512:F6DDD15DBD7CDB282582A91CC8068BE317C663AB79EC695C1DC1A445A3077DBA676AFE2F18F1702F0B0C0052FCFC1169347EC26D009CA1C926FCBA767FF82937
          Malicious:false
          Reputation:unknown
          Preview:.<?.).!.7.0....4...C../...n`....?AT..1..xg'9.. .....2.._A..H.u.]....E....st.Y.U....[*,..A.I.....X<..#.#4...V....<.v.s...>h.p.../...G%.......xG.d.F..pRcp.}....{..... .a..y.di...a..?.a....!..lT..w)..l@.u...n.j....>..M-.4.z$.....q......~K8.LX$../|e...iQC+..3..S.........Gao..].kG.../..IZ......Y.l....du..=WV.u ...)....k.v.~.G%V&.....,nP4.;of.....3...5....fl......8....L[.*..?U...Y...n.Z.l......s....)...%Og],.......k..g_............c.#..9x..i.L=Z..........C..W..P.'.amb"...H .}%p...{k[..~.P..).6..........}j.u..?.,>.g..... ..j...S.9.\..D4..~_o./....e.?.U..N..I>D...k.4..W........Ugj....J...Ude...08W....0#3.9.1.~.iu.......G......_u...].L.`...lmF..m....Z...^c.%4v.Jr._?.f.:j@.DW.......+?./.5.y.eg.7.....gn...q#`.{.F.Q...!i...I.H................`.8..u.S.R."..U......;..lT.?kJ2.DH..F..........V..(..a.rz.gp..}G.....0.|...'..?L........_..RHR..-$n..xW,,/..._.......6pT...3........J..{GEM..6.he...0?.k..Q......u..O'.n. m.U.....t...B..>..=+..b..P..q.s...i.7*..Z.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703000v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1703
          Entropy (8bit):7.880574419559537
          Encrypted:false
          SSDEEP:
          MD5:2A7EB3012E37EDB0E58B345D5FC962CF
          SHA1:ECB9FF6E57F2D7D73159BAF4B4AB218D92AAC657
          SHA-256:C641978DC10308664D2D675B929626C07C1463DFE7A7DE32371E7BAEA9D5CE7F
          SHA-512:D969D69766059004423E5347CB79A7C6461EC6D2D639DEA755B53FB465ADEF5E53D9848B9E2EA89306ADFEF81AD15E37E28C6B8BEABF57264B3EF66600BBC162
          Malicious:false
          Reputation:unknown
          Preview:.<?........d....f..D.*..et.........U/.....q.~|q.][.PAa.GF...'..S..)..".l.U..........&.......ji~.S.l6.=.....3_/...........7.......A`2..{I-..i.....!.......!.\..t ..H5......|~m.........j-o..ud.PI.0...|^..T.J.m.o.o.;.h.J..u.k.^.Ht._.......F..]..a..p...B.}..q.e.N.w.....W.4.|>.Z-.E.i.p.2+..;$....".....^...s`.5;....$..#Qum.....S.c,...E...ex9.r..9..#!p.f@.|...L.u....}Y..T..X..@..H..;,...B....*.......+..y!.?..V..~b.......\..+_c...\..}b....v......vU.p.I.h../..v9....u...T;..S..e.Y..&#rIbn. \..C).g3.}....?.Q._.l.E"r:.;.....A......&<.*.....@....W....6.J..'EzS, ..7...-<y.$FL....Lb..2..]X.. ...9..Jn.>P...V4Mb.....{.....'Y.V..-C.G.Y..>..S.b.y.7.,!..yGB.."..v.c.n....df..0.)....`x...6.W`S..f.Y"...7._..L)if.w.{.........Kk.K/Z.U_z{.`....'..zj.%.{..O..%..jC......N.5.......Svf..)..NiF....`...&-.i=.zs.P...4.w.<T..*I.2(-.{.D.G......s...`....4.O...yc.w.2K1,.....C.*o..H..W..&....i.a...Uu.k........D..,.6...W..H.D..T..."...W..=.......... ....;Q'.\..3.:.J-.UM:..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703001v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1740
          Entropy (8bit):7.876333269512314
          Encrypted:false
          SSDEEP:
          MD5:618930AC23F21C4535C49B2AD42992A1
          SHA1:BC8A3DA0762ADEAB3B3E404D8D0D84BD6F6B0B37
          SHA-256:7794D2D7A620AFB81A9A04DDAF7A9FBC65BCDE06662BAC2483E1F3DC46A8B28A
          SHA-512:72C27403F72ED1B67B63D49500BC833A70724599C5879B866017D4E90FCC054AF5912205E289D2A6D1E7B71259D6E1C415EA2C2DC39C3A65F6DC56AACE2EC962
          Malicious:false
          Reputation:unknown
          Preview:.<?..#@..x.Vk....r~.....7*..cq......tQ....vV........t....K...1g......A.Mc......!`..kSf.G..|<...ga..`..D.y..t...k.,.~..@Y...`...G...&...../'.>rW......W..?.9m...IX..)'......l./..%.('...?..?y....6/.9(.s..d.8b.....0.A..;.......0[..m...P[zq.....m..@5...2.....K.1|LF...... .f...'.u..m..Zy.s.5a...Ff..t...)...q....9.RY..p....-}...+.f .......X#.,m!....K.B..1}..9-.tU?}....~.....`../.....YRs...o....t8$.-....D.K..GMNO..0{...x,J.S.......jP..;.fk.i_..@kI..8...?p@.<.3..I%......fk..D..}.c..m....EX..+..AP>.....N..P.O....:..o..r#0k.....,;.B.L.Y.C.x...m......5.?.".a..I.$.....tiZx.1...b{....ao.6v...Rer.X..........f..>Yb..&....."....DR.x(..7../.o.1.f+...vt.TW....6.L..wBsq.....,./.g..>...z.n<......f.r.>(.%F)..o1..>X....."..mc.Zhv.X.(h.n;...&.:.F.g..3...i....e.....\.s..C.......Se..|....6...ABzI1.n.<..MG...{[..:F.!..`..d.....~.t.$.T9.lg..m..v-0&.h.[{.EE.P....a.u...T1.cID....|....@..r$`...O.......6i.t.....I.f..PZ-.8...B.I..CH.d<.In.ZN.o....&....G?...."...8P.>.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703050v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1725
          Entropy (8bit):7.893076059193928
          Encrypted:false
          SSDEEP:
          MD5:16CD39E099244F16D958E393E38C94A6
          SHA1:F1A3DCAA064FC43055289C41E0DCCE141033BE31
          SHA-256:0F16BF041E19185EBB82F3D1FA1E18829DD81E26C3352419E480CB2ECF5D8EB6
          SHA-512:DC81828071A92E733E5CE4D829812199E67ED0ABC835AADE5200E0E84A04FA970141C0D49B30B4F6A75A4E017F52F550A62A954C5F1D7594EDCEC9511AF398AA
          Malicious:false
          Reputation:unknown
          Preview:.<?-..&.|.D......|./.%.DH.p........F^..`..%e..|A..erU_........^....co.bn.K.....4..z...T..../.Aho!w.,..*........b...)63.)^M..Jp5...l..#.wK.)!..9.$.)..R..}.[.....s..TE..TU.O.X.%9@..mkK..\6..#I.<.Ws.`.ovR!t$...j%....x.:)@.BFPT=.....o.,~...2j4f....[.=6.:..Ukb..P..+...v...XD.?..3................#*..I.9..z..3..MY3.0...........r.B.$"....Aid.3...4Y...M.@....m.7...oJ.%C.4.9..sY.........M.8T@.4R*..^B.?...Gs...2~..3..qK.....C$...y$..`3*7:6...K............t...)s:.\..."r_r..Z|..h....m....b.i;|'..".3X....o..8...i.<.z.......iG.-Y|B.......b...!e5...q..c.fX....l........3..n..%..I.L..$......`z.*....LB,.b...%..in3.R.E]..$.a.v.....)......-S..e.Km....2...Oe...O5......@S...,....v&....z}b,.....m...}...DY.)."ki.......nS..Dw...h........y...1.'....h!DK.a...!.h._{!4w@.f-.&..r.....,Nw..w.Y.(G...B."'.S(7@._..H....2.&..Dc([..V...."|$T.WI4.s...jK..<....C........./......Z.d.:.lmUpU..Ku.n.2-K....n..1.a{"..Y!..............?.q."`...a.{o-N....me..... f..w...<.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703051v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1762
          Entropy (8bit):7.897943634804297
          Encrypted:false
          SSDEEP:
          MD5:5C4B9DB4E7773E3F4C462E45EFD1B426
          SHA1:58566631F35D663CAA7159D0680D16F0E5B525A3
          SHA-256:E42BCCCB0A88255352AE91D5767B13877C7E919675F25651F2E84C09CD605213
          SHA-512:FD6C9462E11A4CFB3D944B9FD4443B9418976D6C832136071847D03355DD2973B091260E73F4FC2B9B6C2A0E7D604C0D7FC4D293794129E3EA0496E661982563
          Malicious:false
          Reputation:unknown
          Preview:.<?P.@g......b..........7..)../.Sv...\g..z@-L...y2l.8.....a...(..."...i.8i...<*RI..<.#.....=e{.EJ...J....K..Gn.=:.F.?.....U$...,...C.H~......VH..+.n.1.-9..`Ra..o..9...o.Tz......`.g..3.lm...'..r..Pl.t.n......0.m...U...%2.fM..V......*.U.`...#.U=1.d,A...9.3O........!..O.....@.....^..Hs........l..$9...7..+.X..+...P../EY..._..vd....O.......6.*.$4...b.K....N.LR.......j"...S.>.#.w..|D..`6..o,.|.=(8/E....5.9..I#J?#.f+tV.........j.tf)..$....%...7.tN.F.....c..<..2.. ...3M.;...N....h_.e.........S.....&...Lo:.Q..{..YBt.....E..{0f.....u.%.VY."......p9.5wi:w..R.x<wG.s-...BU..=`.......3.*3...M@}...).~.....|....P`*.....?{!,. ....$J..;... .U[8O........C>)!}..y......X.X|.....1:...Q....x...O.B...$.O..?g.....T..'"?...Q..P..k..._.?..$..6....|v...N..".|.x.$.)%.C..B......+..&..c=.>4j..\.!v.OCy..z..w...H.o....9....?5.&U.d1..1.(...S..kp$R..L..5...[....jrk..cs.+.e......V..B.Yc..hT.H.SB...w.|.j..B'..e Z.g.*..m.....@...+0..,....Z.q.rL......u.xW..|..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703100v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1690
          Entropy (8bit):7.875328946004733
          Encrypted:false
          SSDEEP:
          MD5:4DE1DCE04CEF0E007EAFEA27C5C0FC81
          SHA1:4E820A3F5800AE6685C45AD12E61840A5FB98CFD
          SHA-256:FC2EEB2BEC98E5443C8A09809214BDAFE5BFC84F33BE4B60061FECB1C170CDCF
          SHA-512:81F5BECBFC7A5502C8C08D06502A35504773C8C0722EE21D2B9802829A5AE2C7C87207A4D801EDA702E6D1176DF178187193735E3D8C27F1B0763141D2C38DAA
          Malicious:false
          Reputation:unknown
          Preview:.<?.9).6.i.F,0oj..O..e..5.hxg.c.^.A.G....i.R...Y..E.y..\.M.m....[.....Q.-HK..9`..-..#.;~!.6.8.u..:.xEv.+.../.......q.V.9..g..W."...0....m.L..2......N..g. .]........*.h;K....[...C.l...S......w:..a...b..9.'Goz!.H.*.l`...<..E....4.........zy...Q..a.~u......>.....S....&...2.=..u.'.V.............#S...$...[').Si...o:Qq....N.r......3.....)f....g..U.:.M.j.2.'y_.3.{{[........=..bP..."b.a....).....F...a...........2Ft<A=)...~.k..:.M.....`........\.C..;E...&{.#..:l..Ra.G..f!+.X....F.d...1*.B.H.. .@..Q.......IJ.Ce...c)......Y....M...i.l\.,..f.....q..e..&.IP...4..r&...j...c........S.M...A....4......)...H..[.....R..|3...a.i....;&.7.I..?"K{&..h..{.%.....bN...Q\e"{..bI....`l&..Vx....B....@6\7zECf?.\.7.\.[...*..!..%.a.....~....K...D2.G7 ;."..=.'.`.......b....T.~........E*e.k.......V.....`HX@G....O;.`%...s......9..J......2E..y.BD....#...t\h`.......<...s.i....p).t...{5._........A.I..C......p...A..*3...!.....H..L.u[.i............[$[i.s..FS...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703101v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1727
          Entropy (8bit):7.882462283054577
          Encrypted:false
          SSDEEP:
          MD5:B489C2A8B05BDD8A62D4A9355292DC70
          SHA1:043ABC0A843F2DE2463416E24977F56E4AE86CC8
          SHA-256:8B0AF03C0AFD427B91CE24277D469D51401C465E29BA3FEB6FC204290C0D9F31
          SHA-512:FCA45F26ECEB144FE4819E6207A1D2FC876044EEC9F45B21DDE636FF1FA410B3D6419AEEC9C52BFCA3F0D2C7F9F4416F018B8A4B792DDD409BE624143F427108
          Malicious:false
          Reputation:unknown
          Preview:.<?...B.a%...]../.6.....Q:.o.O.?.....%....3?..Q).K.4;.t.'..W3H.... .....mw.....5Ga.zx.....*.}.W...AQ.........;"..f....'.$.X..tDg.".>1.s.:...i.....7..B..%.....V....#.......W.}.....$KtB.....+.M.6....{)..t....z.,....b.!W.......O..C}t..#~I.o...@|&}tl$..yB.t...H.]....k......0....w.b&.....y....R..T......9g_.j.i.|..GWs.4..S.....*.>.Q.....x..[..G.f..]...S.......B....Cp.X..U..T..T.>u.o.Cs....T..X.........l..:K1.(d.N..E.....fH.>j...........E}..}..6....Zv.;....nA..B.#h...%.'.a....55...2Ai-..A...&...Jc@..!:ff.:......q.;...>(M...(..!3Ty/.M"....i..n....)..P8..]..k<...:.....GP....7dd...70.&.2l*..}.".Pd.jS..9..\(....Nu....rF&.t.....8.w.......0P.........5.8......R...o2{h.....@n...fc.fK...5|....8.............G.oA..U.n...R..f.t.0..G?I.,.....(..EW.Y-P...s.M..b..|.f#F.N`.B.xs.2k".T..ak.S.]...nMi.V.22..]FE..2..L...n.1.t1Z....9... .h.V.i.Bb.[.)P.b.....)G.}4.t.....j....V7.@.Z...f9.0.2...e.o....[.i..b-....dTF.$.7...}!....$.[.Q........YB../YZ>.4..QR.....n..B.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703150v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1708
          Entropy (8bit):7.890713917012957
          Encrypted:false
          SSDEEP:
          MD5:7670B2D3B7E3F7A6D3460B3104CE82FD
          SHA1:B8BF35170C0D7D82AF97E9D575E367EC0A8F2EFC
          SHA-256:C6377E7CC407F34291EE15260FA5E328EF1CCCF0303A140070F114CB3BBE8882
          SHA-512:64BF3DFC5DE0C6B0E61D1BEF9DB3FD01E5E61CF4302772A0F2172A51810CBDE6BB0B08E3D2A6DE941848758373BAF352FAD2C2808E132DDB1E1EADC4FD60A941
          Malicious:false
          Reputation:unknown
          Preview:.<?_uv.Jztx}..AH......e...h.L..].....1.J2..r.<<....D..V..e.c...E....:...+`..8........f.:2..."U.?r....vj.4r.h.....h6..h....Fc....b...u.#...o.on....+h.B.....P...^e.6k.W.....:......QD.k.E.J.m....o.,...!pnS..~G.J/....2a.:....v.._s:.....>.....m...zE...[....:....Mjt.iBkM.8..l?./0...R.&..V....md1...N;anb.t:L...qJ.2,.....N...|..V).I.'}....Q.5d8.F.n/..S.S...|.N.]J..-X^.78.V....o".f.......t.q.?...x.M.Sa......OR.f"%-... Dj.z'.N.I.t...es....H......*~...:..{k.N../..psm.^..'j.I..'"..){luf...28V|:\..k...fZ|.../.....y.m.H^..........^.y..[Y...%I....R....P...ih..Y.3.S.D..gL1>`..I...|..rf..l(.T.muc...~.q..w....!.R.z.;+H.....~hR.M,.P.....k....X..2O..v..$1..}.J0~.;...b.4.G....uEO..W.......m./.ai.....5...v.P......lS>.]....YN...^j.C.2.X.?2w.b..$.o..@e....X;E...?...:Y...._.........V..y.f.8.6&..y.3.6..s.....I..\...N.5f...^..W.N....,...,.]HA.wF..m.6...L..l..x...u!w|\....j...V...>beT.....3.I.r...@....BQ_.#...L$.d.o.....gi..Ub.B*...:..-=U.g.p...m...b.7..!{.....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703151v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1745
          Entropy (8bit):7.8781781348055135
          Encrypted:false
          SSDEEP:
          MD5:1E422F2B0B56197139698EE52367B340
          SHA1:4BAAEE7FC5AD0897160BFBCAD97D94E2FC6E22C0
          SHA-256:77B8A51900B60CA87A42E16BFBE769C1E1847B7F59ACB6A5EF357D052A6F2A93
          SHA-512:3EAF6B55F4C13C70567A3039F3B9E1FBB8CE9D588FE0FDFF285B44E426A0D31FB1090C5857A73288D4803D6572FE7354F7D7F5FE378A2DE6CCC95C5973AD73CF
          Malicious:false
          Reputation:unknown
          Preview:.<?.0.y..D4....Q..}Lp.0.*..Y..9..`.lZU..9..T..~...*Q....2..e.E.R..-......W......#.G^O?.d0..j/.1......]}d-i.p[[M@..^4...mX...,T..^m.IS...G..,......=...@.J.2....fM. b|.|..5.m...s.m.3.2.6..L.s..wK.c.P.C...7&h..R^,.....;.b.a'.kFq.iC%...Sp.0.#OLY..sR-._.-.V..S.....7.....a9.##1[.y......1.4....J.....:...I.s..6P..G.a.1iI.s..1.....MZ7..W.}H..b/..c....o.<2.>.1f....$...5....u. T..f....l..'U.Hw...D'.>.8.<..*.^7....2....Q.<q.....d..@.X....EJ......."....V..j?n.?.../...E.3.wg........s....L.jk.J.....JB....Q.KI..aBRps...s.9...!R4......`..<vZ.g..W..Y..E:&..+...t7........h.&.;...Q5y...yt..Zt(.^...Z(..Z..H)?0.[..C..lii..4>{..........\w..}..|......}.Ee.Q...C..C..Pc-..`.B.2W..%.....{4...\.M.?.....[....$l.#..X.....P[dZ..Pu.Z....m...z...=k....;.k.H.kL.. ...V.....\.:P...Z..y.z....Kk.. ....qA.|c...o?..1.b.9..o.=.#.{.zo...2....Fj?...)....r|.VwbE..Z../O.......k8H/......-.B..1...<...}g.<....|.K.$ql.c.7....n..b.{.&P..T}.a..\.vL. .}a..E!.[....E..t.).....}D..V....LO..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703200v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1696
          Entropy (8bit):7.8855263889140685
          Encrypted:false
          SSDEEP:
          MD5:CA85D59C8C17D3CD177E0AD3CF6A893A
          SHA1:5E92B48CB0A5B9EEB5D0B88942C1C72DBA216E96
          SHA-256:71FA473A4AF6A4A6F14D28DADB55BAD687770D9376F889BABADBD569636FD5F1
          SHA-512:F21208CAB0B0E90F8FF43BFF6E40BF26899A45D1298387B84B29D2B8FB49D265B6C284287123F83453ECFB8AC37B02C04242ABF82F944C6AFA4E368E7617E654
          Malicious:false
          Reputation:unknown
          Preview:.<?U..$.'g..........Wt\.`.....Q....YT/....q/s..n2h...].T...v.5.Q..O....V........i:#..7q....xo..._.9..7....gj..z...x.=..../....../Kp....[.....!......+/._5...u.>.?...<.S[..hm...R.KhV..]...&_....$^q../Z8........f.....jsZ.[..zD4...z..b.@.]..k'{.].!>G..........4......s.2....j..0Z..............rk1o2..........\....L.|...~t^.$..C.8,@.....qr:..|....i...eE..nOs.E,..7.c"..Rz....z..H..2r1..e.lr.C.y....V..(z....i........I@.IC..[.U.^....Y;.{T)8..=..;tJ.LA..KA....[0.h......)..4....|.N.....k~.....@..kr.p.....W.VWc..5.fSl.)..+...di........h0.=......X.h.%nG....u....`U.F...JZ.......?/t.y8.r..WG~n..).....z...D....-g..M..P..j....} ..T}..oI.f.;"...3...+............f(VCVh,..F2\~........9.../?..T1$..-....e..@..-t/...D.jF^G....U....3..j.4&2.w......H...+....K.g-...Gu.e.':...J..w..~...6...iu...y-c3l./....Ls.....jM....}.`....T..eSA......&% ....,.........! .....>E....-..&...G..n..G.......4..i..`..P.Z.I4.......k.e`....3i=|.@._...E03D&...>+....X ..r..Y..7.[>.|....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703201v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1733
          Entropy (8bit):7.881682984530001
          Encrypted:false
          SSDEEP:
          MD5:F7CF339812BA33FD2AF75BE1118951E5
          SHA1:5683AFDA56C41ACB83BC23A69A8EF254164A57DC
          SHA-256:C0912721C93344565FA32261042B4E0A1CBF6A22D1305E1CBA506D8F14CBD84D
          SHA-512:E89BC645F9AEBCB7EB5360AE179F2DCB9190D534913AAF999E0762EF4C76662D70415EADD4E4B0FE22D3046DCE004B7A798E9FD44C9EFCD6805B2277E793E711
          Malicious:false
          Reputation:unknown
          Preview:.<?.egy.]a5....d~d.....Y.h~.;.H!\I....<..l$&+.8..z.5\..........a.e.uC..%.>..0u..qb..!...(.g....3...6dzw...-9...W:.1.A...m:.....`..K.n....,...'..!..%Z.{.(........F......?.......A........?m.D...e.}.#..k.......m...L..:.....o..':.......H.P..L#.L...0..W/.?.LZ..=.4.vy..u.}..Z...(#N.o.#YC.......D..ws.....(....N...\.,...L..f.2..`.9IN.GQ..:...q.,cQi....y ......<.8..E...-*M>..2G.u.V..v\..M..)9....w.......N.....+..4F.h,..Z2...|^......._.....'..I..`..."_J.+.Y..%..yt.Q./.K.{...^.y.3.-C7C.^.9.\.......A...[.>q...?=p...K.D.....>..J.R=*U...B.%.L.aMXq.W.s.....^..A..+~.......s.=&.-^.....R".(xE..J....f.j...V./fs"d..k.F...9....5ob....M.E{....{C.E..\8....^.y.....a......@..M..J .F.y.D..Kl.k..T....w..;..G.....&`..$..9....oy:p}......uE..=.V.v.^....x..`..Nq.y..hX..3.Z|.6......(...v_uN.x.....a.."...7..qy.N......7.....E._k{.J..gV..a....G.0..Y.PV..<M..u.?.#.W.....v..v}.n......../.J..Tz...?u.......x.U.=..,.1"_..u....5.hF..i.)F....P...(dol".K..!STa;..cg..-....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703250v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1694
          Entropy (8bit):7.880399552580794
          Encrypted:false
          SSDEEP:
          MD5:DC8EB445D142DC29B91BEBC7B927C93A
          SHA1:B5C988C28CB4C63927F9A41B45F1675FC14A277B
          SHA-256:A6F3F62F91C03F397ECDB09B8E3ED8F6513D0AED7752DE49E7C8E1677EE05C5C
          SHA-512:92E6F959BC4D57938E10ADE0C7369569B854F84565F32783D84B0991E97E4AD0FBE9D3EF74A60BE1D6DADF011CD828EC58C6E2F1B93C6E64669A4DFE619D6FBF
          Malicious:false
          Reputation:unknown
          Preview:.<?..L5:.V>I...Y.../......e....H8;u.&...z.[\y.)....b..b....Bf2.......\..i>y..@.9 .....9.9D........y.L...L..9v...2....b.u...+.`y.d`S.c..x....!TV.ZP..3.++...z1..Gsy....5..8.~;:NQ........o....?]......=.j...v..T[....(....G....x..=5|.$I(...S.D.........,..t^.....g..$e......Rt..m..\.1<...d..l.|..Rp.....u.#7..w.T....U.;..l..{.B.....0...B.KWEx..,.2....F9.e...&$.S+..._.-.jyV_dY..8...{<...<W.0.....ns.TKJ.+3..|.....#"R..<...TZbAxu...=..>..Yn../B...u?.Z......O..Y.qJC.0....pO.$F..EV.(.$.A..>.u.5.rP...-.j.3]6.)...F.._.N.(..M..g.W.);..QDtq...iYW"\....8[.....q.30.....V..R.%;..kh./."1:...............*.8$.*....x..D....Gc2d.....y...sl.......:..2....X.]..>E>...#?.x!a.M.xc...../.....%....(.YZD....f...Z.Y..RR.h~3iyAC...oX.1`..L..Y.0.i...t..8~o....W.sE1J.9....K.=b..l+..V.N..L>..E.*...*..<.9_..)e...y..^F.@.."~...-..+..&....O.|f.H..;.$...8&q.F..53...v[.<.}.>.)...y...y.._*.g`UP../1.Xpf+/.U-.zc.....}.D..C.t.....4..X(..s..z...=Vv..7...$!..#.Ir...J...{n.<..._.w

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703251v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1731
          Entropy (8bit):7.8831327992274645
          Encrypted:false
          SSDEEP:
          MD5:1877551D1CC5B3926E61E1E695C035C3
          SHA1:288FBE1C30F0A03791AC28559C1CABDDDDB5E8A7
          SHA-256:ECB1FBDDC6EA31B13CD728A8A2EE84335B073F7E4698C1575CBE56F8FEBC05A4
          SHA-512:2E88C693AD3549C67668DC8CBA12D9DCBDE25B8554EA2E1FFFA5E3B162A2D965CF7A31B5B47500A8B2AB6FDBD76EF00941C5BBDF2CB84974CC545CA7605A109F
          Malicious:false
          Reputation:unknown
          Preview:.<?.^$.t....f....%...J..i.a..... .o...<?.Y.W.P=$.1.x....-...;..?..oU.A. e.E...k...c%...%j..T.0.....0I.Ff.. z.#?y.Vupz..V.....hf9s`..Wy.....C.0..-...q"?i.|4..\..e.ed....n..OF...5P%....q...8`d..K...o..S..@t..7w$..W....;..th|.'.&..23..ot)Bq..9...i....6.C...s.....#.....v...+Lw.Y+;*?.n.f....5.,.U/ .v..^l.%`.>U=.Hp..p..O.u..X.tJT.9......I.CAr.k00..=%K%...~...l..;.\.`.K.......:.-S.....,.......8..i2.L...].....^.E...}5..>....~...p!h..q.`...+. ..%u.......S'...6.D.f....?.......Q..DR#...4Q...0.n...C.dm..N(/..,..7.P.T...c...2.~k<...<4iXb.].]&.........r.>..........E$Vz..eP.l../.......t]%:[.G%R^t..T.......K...B.l...u......UjA.2:-.O..2Q.-.?+.m..C......'r...T...e..B...JR..*.(..PQ.......=.{X...W.`.M.-[..(..t.....r...v.<......2.....a$...o7..1a.FO...........`.....k..F......m..xf..KkU..........y1q.g../..9...R..5.k...r.dp..}...Y.\....t.........+.(.~...A..=*..t..N..K......t.%Y.n.#.|../......i.........?.(^9..U.....+C.!..'.!.2n..._.x>q..=....Y.....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703300v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1716
          Entropy (8bit):7.896328202911529
          Encrypted:false
          SSDEEP:
          MD5:32230BC609EE25AAA06E61E912E3407B
          SHA1:335F3C1AF7F6A80A8C7B510CC544D56D57CDFAF0
          SHA-256:D6EC43C3E2BAC35D34DE9DEB6961FD0E87AAB3CC657B90DAF063FA8FFA9733EF
          SHA-512:C5CA1FDA93ADD635E055200A5555FFA03F53FC3BA52147F2414BF6B19248F79FD5581E3554F6EBCCC2A5BDCD8EA29DEEBAA7B1C4639C876EB10C4502438C1224
          Malicious:false
          Reputation:unknown
          Preview:.<?d...^.j.$..NW.wB2d..LV.b.M..........1Vlj.xETn..........h...h........;...q..7L.< ..t.&..8.."Wo`..(r...4......r.z#..A..o.W:.+...f.ZBD.^N;%C...f.F..D4]~'...[....J.._............. i..|.. GY......e....M.U.p...H.#-....z...^@.R.T.0&../....Rq.X..P>Lu..+.}.P};..J.HXs.....h{........dU..=m.$.H..G`.`~.Q... ..)..N...]H.......'M.}..`?l...l(.=.#..QXn.s.'.61.T@!..B.8.....k.....GL..@J^..Ca...<......g.3|.E...n9...C}G.~/...K.k...fIKn.B..v.[e.K..j..P..N......%_!.+o.Ai..`......-W<=.<..d3/?Q.?..F.!...#B.....S&.#.:>A..S..]..m/q'hg...r_..AZ.5...X3........M".x...&.naq....q~..h6.."......'n:..S......*.P..,rXB..Y.V.*7..1.}....6.l..O_.-.B..S.3........ .B...\..V.[ZX4.=R...b2..X.3....3....i..UQ\.._.v8..'F....P......3....pt...V.gc;.D^....VS.....|..j......~.$d.....*...`......jT....w... .YC.9W.)..`..!......p....j..)...&....wN. ..h.H..Q.......!bh..1..sd..%..G.}s..8.o......./L.M..N..La.<..6.Jx.?.8.}a..m&>j9...zMu.y..G../...".~.6......O.k.5..v.Iw+-......)......g..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703301v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1753
          Entropy (8bit):7.913980509894029
          Encrypted:false
          SSDEEP:
          MD5:64E35A92688351981D57204D9D1D90DE
          SHA1:773257580C4302B712825B9CCC7B8D33452031A1
          SHA-256:1048D4791157941B806F8B514B2DD1B725228B0A80990906368220DA827DC6F9
          SHA-512:56FAF8014CDC2D991092D1FAE3B1CDC4DE3B2D6C5CD3D9F205465D51723B140CB2B5CD79043A973F3106ADC03F89471A22D03A5969532DC9E548120FC622222F
          Malicious:false
          Reputation:unknown
          Preview:.<?...^.F...l3.<.wp.^....xV."r.KY....>>a..W...;.\..^!.F9.....&@........Ffn.G.KI..e.....&.E...YA.....m...y").N`. X......':.N......pr.J...@..q.[. Y..w.'.9.>.. .i...%.Q4r!I;s...+.*?6.....k.......x.....?-`?y?..(.WD..= .j._L.1vr..@.pZDWc.'.._..cJN......P...ik.G.k.,...;Ap.Lq..B ..o.*B.!....k...,..F........Ex.P.B3......t{..'...l(fx.y...I...9XY.ee.:j...7.M...FN8..Q.....,...~.zb....o:..;.h.,5"...EN!Zw..t./...E.wK`.,h.....'...F..3...t....fW.../2TQ..e..%j[..2....0|U^.g..g..2fS.<{P......#..n9.....hR..D9..:Z.V....$T.S.."Fu~A%..i..t@.C.Vo..U.!.I=.f]..........>V.?.....V....W..=%>.U....`.wo..U.(.2.....z.6...J....Zx...tl.~.I.n.....1.b.%..&.hQS...'.S.fr.Wn..E..'h...'......-.....`...5h...p..f.l<....j\........]R.^.O......V.(...?.....Mn .....j..;n.......~)y..A.:.6.......ka.G...#.&........>...=,P......r..t}..?K5.3...`I..1N.*.......) .K.....s.*I.....U.....\.(..y.h..T.f.<.\......i..h...^oJ........W..Rv/l].g.w.gx7,2?3.Q....n..\a..m#........!......A~k..[.m......$.X

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703350v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1700
          Entropy (8bit):7.902672754698098
          Encrypted:false
          SSDEEP:
          MD5:070AF96618B372D971B6CBAE252BB8D6
          SHA1:9239089DF51F4F39AD5D9A5035E616E7B31D554B
          SHA-256:9F965B5C7610207558F00E7A38FED093C926B059C4C42AAA0D067C993CDCA6A1
          SHA-512:C9FBD4A47403FCEF4AABE0C01F766C0959106A1AF18F444947F19B9EA7AC4CE360E82438D49A7EC590A5BD225C48D7B1AF3C20C0EBDF63A970F3C215651DD5D7
          Malicious:false
          Reputation:unknown
          Preview:.<?.3.#.,8+"-[...S.E..O."n.....?Yo..T...g..M..#...r.....=..I.W... ...C..+K..1.1.6..jr.......f.y..C.X.t..pw.U.....q.s.h..jo;..'T..$f....Pe.C.Y.q7.......I..B'.E"...9I..y<...v..p.E...G...M....l.iG...o...._...6.).w....._..$B...h..>...u...e.&t9.......d|........5./o.Q......3.,4.>.'.^;P.zv=..n......:vLz..........O^%J.N.^..%.....z.l...I....a.@.....s..5...=.y...P..\.M..6{..Q.t.7....s.`)....T.n...O.. .,q.......*l...P.Q.z!2.W...u.........8.... .+....$...s(.2-.eH>.1............w).>T..k..T.R...|.ZI.....F....)...kZ...8.@.#...r...O.b.s...<..N.4...S.h.R..q8^...)...xG.c.#....g.qx&..{.....~m.G....w.=p.`.].Gu.....|...3jp.4.g.*...s.........C...VU...J...Vx)..|HK........o....4...&L.....g......W.2Ow...2A.n....@..M.Z`....Z..{......P....T.1..6wNg.y..X...L.2..pz=).....mw..o./...{ee.D[v...........0u..l%pT.y08..C..U.S ..j...|.n6~v.*.)..&7,...&.....p...E.....[._....{t$.KL}n.b...b.b)52.}R...GqS!.7D e.......I.1N,vIQ...)-......(..J..+.0.G:C|.-....E...oH...>...u.h

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703351v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1737
          Entropy (8bit):7.86819801896141
          Encrypted:false
          SSDEEP:
          MD5:E017B9A09AB043DEE1FC02CC2CA27D0C
          SHA1:73A66FCA3F67D5693CCB1FBFCE5C3952D5C00AD5
          SHA-256:3BFD1AE4913DB0A474BA2E45FF3473F99340BC1A9A9BF12FA20B777EDCE5DB3C
          SHA-512:9404A2F64A0E8BB52E785E8B3B04586AD051277648E88C3A542F574B2A9669AE6DE74F879354A0926013350934D9442503695405E37B1F4628E2B73F1D801B60
          Malicious:false
          Reputation:unknown
          Preview:.<?U.>.A...I..UA..5.Q.B..\Uh;...Y%-pU..........vKD{8G..J...;X.!.,y..j....v....ZQ.....s....N.. ...J.N.<.....n+.q.A..?bV./..,....O.....+R'`.....oU.....w~.0.Z?.R.R....A.H.Q.......".c..u0...^.1.c..&z.iP.n..s@...,...8K....k5d..TW.z.gR.:.r.Q}....n..w./. .q..y..D.../.Z%v.%?...n9,.q?.%...........h.B...e...Py.m"~....]...._{.1..i..k..N.*m+|..W........8u'F..9=.=`..2..B....b.-....\....9.$5.%... T....O8/xQ.^.py..U@.}..pV.B...FlQw...UFs.ae . yLI...c..ZC..^M.;s.S}....{...c..!#.....`............X.-..(.V.^.!....P.jk.O...^&b...h..x.9.....L....#;.#el.S]...(E.M&TE.,.5..|.J.f.lUf6. .....0<....L...|.*........x.P}a.J.I.c..Mk...0.-V....V.....*.>....4....O...*.#..[P...01 .?..Tp..W`o..E..`.].c........D.[{.Eh....t....J+...O..+{~.`...%.a.n......r...-..Ru-.J.{L=.x.j.!.....A.]A...e...l&h..Tc'...x.DRY...n.D.U.<..>:.....\A.P..T.6.E^..{..+%..|Dm.6.}\....w.."...1.$....LHj....%b+.Mt..!..Y&Cu.qEi.t.a\6/.c].{..V>....=.6..B.G.#.[...].]8..B...AMN.....?D..ei3.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703400v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1722
          Entropy (8bit):7.881843115673319
          Encrypted:false
          SSDEEP:
          MD5:553A77125D161775562616442CD6369D
          SHA1:554C99EB2FC606A4CFAE51896F482159E1B499EC
          SHA-256:2AE96C0A94061210D2EC1370C3B9B670CF8F0B6C43A00E146A4F68F1D3E162C5
          SHA-512:7C1492B298B8F683A5BC33F54FB426A1D27490622E37CF580227439B92A9E3BAB2BF9C26F51CF7B2B04CBC50D7BFD18AD35E02C8C378E4D1837574487B3A04F7
          Malicious:false
          Reputation:unknown
          Preview:.<?.!....,%.....+....j....].6.f./.......F......h.B......w...?...y...>)..@.5..BloO@[dE..........G.......U....^..;dv.;J..[..P|g.....z.&.AmDT..0....G..V....n......!.zU.o.C.I.....ik.S.= .#4.../......Vt.....c>..L0...x...#..A":...FXT."L.k..h2.QCl.D.........#..U.rd...+.28/{.L..B..).}..,o.W.C..[..).q.......V$B5..Z.b ......u.E..J.^x..q.dkw..).. .\...a..h..h.C'GFf.>.p./N..P..(fh.P..X.....}...(!4...}7*.|x....>..'..;o.v .c.C....D..eF..i.:.*.v.....oY.h...../.nQ.6.|O.br.......-...l..Ott.).r.q..x%..#...M.:....*..OH.tfZ...<....o*............. b03.tj.'.;.g..H.&.F....O@d..&FJ.m.z.%a...[.a...t..\e..H5..B.'..A..#..v..H....U69?F#..\..f.N.M.s...6.3.h.q...Es.i......B...-.!.)..#xU...7....z.z........TE]......*....5..i...0}.?........Ym..?.g.T'....`ut..AV..i.."Q1~.Q....b7..*w.%.....X...p.aw.fR...c".../[...)J.4..w.b.....A.!*......-g...'..c%V"..VQ..#E....@].]...[.fV.y=RV..D.4...gj%...m.-.3@..1;.....w.o...|.H....{+t.[W..L.............X.;.MV.yuu.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703401v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1759
          Entropy (8bit):7.875765953068561
          Encrypted:false
          SSDEEP:
          MD5:2F29D164D224DEEDB5DE35E8034BBFE9
          SHA1:4A17EB21C981DFEAEEE16F94A11862CE0190A650
          SHA-256:08899F4AC48645560C55875A40F7E4D6E4DD40281DAF9B18F0E8B2E6A4E6012E
          SHA-512:4B4286A028B7B23A32E8016671AF9AAAFE832D662E6DE3C1278F08A2802A44021058B04DD9312542D7F2138B179AD08E1DA166A24CA5A307DBD378D20950A203
          Malicious:false
          Reputation:unknown
          Preview:.<?.].Qf:P.vt.uX.....".........../a....t.2.T1..,Y...$....(.>.Py..5..2.RP.M ..u.......... ......#..S...~.ma`.3.+............d3..\.95.-k.:UUn.=w$.v....M.....J..qux...........X.+{..@w....&......Q.h.{?.?.>..8Xp...:..Q.gX.Rl.{.G.....^...+...K9.4......p..O..^Q.p.W.#9...X*..9...]...4:r[.*[-acf;.....>..>..!b.N..!<[.Q.v^kKoAE.W.uK..eZ....^..j.. ..&.Q.._...>...rB>h......Jh,d...n...........$~....G...=l...:...TcR..b..@*y....w.xN.!<B!3.}....?.h.....UG.*uY....s..N..T..N.....&[$....o$"U,..+K_.^./,..q...>...+...B.1...pik..8.[.._..X...h$.G....q....y.9.h]...m..y.t.R....Q8....3.6..%..E.m..E._F....l.v....5.4.....i..Z......F._G.`.......s.B.. Yo.a.......B.(6,d1L._....K.7_....'*.#X.&..r..-B..5.a."U.@.u..9...q....].....?V..%V.)J!:..5.P...Md...1c..J.IFgx`..Fl~...4jJ.._l[$8.....N!...'.....CU...B..jc.M...'..x...aP..G..8..B.x...4..R.....j7..1Pl..'..B.pW......,..q..?.9....Rf.a5..............{.U.j....3(W.p..h.....0=..c`~.;UdB.#..d/"<+.b<..LWBO.....~.v.e./....-.i,.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703450v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1706
          Entropy (8bit):7.879037199625472
          Encrypted:false
          SSDEEP:
          MD5:B2A7DA4EFE375AE85FAF2C177767E1BB
          SHA1:5FD37C241EF925B142EE8A627E2BB9495E1CA30E
          SHA-256:1C469E2C4982B7B08998E6FE0245B38FEBB4ECD06AAF9D9CBC450250E95D31D2
          SHA-512:E9114CF9FCBA27A6CD75A6B910AE6F212752A5A9666D22B8934A10032377CF2487A4CD35E0FC3EE888183CA400B29BF3396CDDC39D73EB724F6942373A33B680
          Malicious:false
          Reputation:unknown
          Preview:.<?.A.vB...%b8..G...........B80...g;.!....i%.k.{?a..:...R5.!...iBJ.@.c.)4._.?#N..J~....."W.H...9.._.n... .k...5.@= ....OeV.~..P'. .o.$ ........M)....Y.<.J..2.....J9YW..6.$......c.E......l.~...M..>.....y.#'B..>DP.;.G..u....>...........B6....C......OV......../..c.M...........)e...oU.G..K....mB.Ox.*"k....}..w-z..Q.a....q6~.Z..'*.2.Ix.....Q.x.3....+..".....b.;....I.O3dp.q.g.y.+-.q.*<..]...^E.Y..C.6...+.N..J..5...lv&N%.bY..e.G.PI..}......o.;a.s.7.<....}...]......^%:..$..._<....[eD.......O..."..GE4(.#../u....'.g*..q...X...D...8...*.'.C....[...<|uj....\.9l...........i.Az....T.wx.....gI.G..Q....:..2f..@...[..F[.?v...jbP.1d..Q8oG{..e.;...T._.Icul)...5/...yA......Tv.......vXO.o...S.c....4.6[N...qg.u<..._.*..}hM..Q.V..#....WG..E.s.\..[..P..tNLe0f.Y..Gf.b<p...E......)....^.....9..Y..a.m.5 &..b.G.g..@6.....^.2a..V?D..p7.@.....X...(..{."%L.j...S........3..P...T..t@.9....$.cE.k9..Q@...]...'.....3.*......l.6:.4...o.s.#.%.3..p.g;e.d.v...H...2.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703451v1.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1743
          Entropy (8bit):7.875105266111824
          Encrypted:false
          SSDEEP:
          MD5:EB8778E5EE37AAC8594B987377ACDA08
          SHA1:22D6EAB69D68833A9404772C5D536DDD02F692EE
          SHA-256:0BF14460D0B84A8A790FB8203EC3DC29B0A944EE9A3A5B88DE41F5E0CDE9E94A
          SHA-512:A91E0298CFFF996A81AAB39428A9942D55599DD37DD30F4B334AA4EA277D8D4955F796FBE1B2C0D67904C77CA3A3D8CAA6310103C97292897F2DD29DB2AB66BD
          Malicious:false
          Reputation:unknown
          Preview:.<?....D.ET.....x.\:2..C..8.....x`.g...DJ.J.H.).{.3..>....^c.t..._...,.._v..r.-.tl...lV..|-h.......m..`Y.......K._...D.DU...N......Cm^.,...dl\..z4..\..t.2..2r.....7.......,.u.n...mY.gl......-z(........[j....n.!.R.....u..RT5FL..xm{_.t..a _.5.vtW....^.j...u.w.K.....'............'l..a.....;......:...p...`....B......!.H.6.."@....9..N...X.S3..O'..pT.G.... .>_.......q.....J.E.V..w!.[z9.....a.;k?....R.Y.|...fI...*..7..5b....A{.....cK*.x..5...2..U...@.%6.nXg......^%..K.5..Y.W...eMG.N...N.....Jh.......U.9...03..N..".ga.u...jE1.e.g...I.....]...i.d.}#..$.N...3..1Ow.. .$..a.m.c......}..x..H... .....M.<...../Nf{;..jr..Cl...j...7be.<Y..O...#.\..u.#k...[....) ..Y...|i...3.".M.#...U.>........K].h\. .e..4.....P.....M-.?.....S. .....XB.B.o...Y....qz..0.w2_Qol3J.&.K...w.j..+f......A..e...x..t.6...ly.'k..M~@.]C...i.;;hV..-.........~uj*pr.qi).V..\..e....Z......h...z;......h!J...`...4....j*.\<.I..."1....Pn...#.....W....i.A!..........J.,..,.w..UR.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703500v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1696
          Entropy (8bit):7.89408899165237
          Encrypted:false
          SSDEEP:
          MD5:53E36B2D1E9EF2AB03B19BD0292D0329
          SHA1:BF297B70DF3297BF11F01B3ED6FFF88A58E571BE
          SHA-256:A9A10DEADB720CCD22BB1650F91A0B1977C499B2723C61CC2AA7FEF778E6BB27
          SHA-512:963835822E412B68A78A1F961EC428350816D39F3D49037FB7765E08099D9A8B86243175889C764FC70129C2D2BA0E1089457470EAF1FD4BE5F5447A48C93DD5
          Malicious:false
          Reputation:unknown
          Preview:.<?.E......M..tzVW..Z.\.3.R+7..."..........av..{........N..R^.....[..~. .I....Z..!.f......g.*..G.(j...bI.#T..,..... .........Ep.S.N..d.h%............V.h......sx....$_}x...gS..8-$..98...0+...D(=......y..y...,.....y...*...jB.`..h..@.wF.....L.R.#W.g..G.'.B..&.......C....H....nEJ.c.,.O4.....<2.e.....z.\".W."=..n)...5..g+..!qf.x..$.z...'....mx.....\Y......{x2........F.`...$1.O.x.].JA.........^..s-....K.....V~"r...y..T0.Z..;.=)...ms..c\..VH..@...........R.YmM1.....s....0B.7..5..v.h>.s..R.x...-@...-.u\B...`_.s..<I.....4n...l.5........=.\.;*..[Ba.##..x27...wEF(.....*...R1}..u....y.V-."...K....L;+../..A......|.....{.bAP`pYW+.3.$6.........T$.c.....<.| .s.`."ln..I.......]B.O.1+......-@eH..d....2*..Fm6.T.b.Q,........>!.m.....i.z.r.t.gG.._.L_".$..q..G!c..p..p]h.....P...i.(..Z..I..y.b6(....=.e...i.C`...oC. ^.["...k.JP.9.s........'.....R,.V......-.....-.....L.?.,...y....5..|..Mj..w...TJ..]-..@_.T"LR3...G.r...F..=...BVZ*dK.....L.........PVr..I.OAp....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703501v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1733
          Entropy (8bit):7.898588491054599
          Encrypted:false
          SSDEEP:
          MD5:FE8044CB4F41D2111559498A03AF99BA
          SHA1:095E6C790E928147FE0612C50386EF0C850EB1BA
          SHA-256:3496209B9F19514C03D96CEB3104F07A0CC46C65361E261F8944D3520A2F08F3
          SHA-512:84B4D9B3D6D802916C5417A9A60A59E6E664AE77C25638BA02FA456B383E32C8423A5466A1BB5A25DC3214969E2C1BE55339C6D4F0542B4E8AA2204B1270BAF0
          Malicious:false
          Reputation:unknown
          Preview:.<?..#.......~.X.K...,.....&..|....X..?.....pb..A.......Ko=..^..."..d`.7....#{.....0Hr.n..~.T.J|.....6..>.j$j....p.L.....){...?PFJ_..k..H[%M.5k,.C_.Q.Q|hzq....A?...P..G.9E..f....C../....n"..~.l....&.!....-.9.h...zmO.j.[...5..u.....F.H.g~s.N..P..2..x}...t{/dx.w....`.Z..s.OS..4......&|.[3.>.....{.bR.7..H:...^.....jp..Ll.L8Z.P...I^..0!{...bL\X..c.N+Y~..H.....j.....d........'.n9y..U...D.7DE.n...0. ....7.......RfR9.EQ.n.d\.K.M47B...rA.wn.3Y....o|!P4]i0..#...*.../....F.i..w....Ky../.....w`..V.....%>(,T85\...9..N......'.i..?.^..|...g._i*3q..=..C.O.._.i7.........8.I...........Z../^+....O..).i....Ky.Ff..h..>.fj..HA>.JW....'....!.......g...]>...m.7.2Ka......X.W\.d.....NwV...s...o..f-1..W.\.2H...p...9 ..]........J.....`.:.m..._.7X.2..F...!....\...G.BB.......+.m...n..Ed.:.=..kY.&.O..(...Z.....R....n2....O.Z.Rw%{m....j..]}s....+...A{U.......iD...2..y.~.....!.[.g.u0.....5a,.....F.:..5.o...4.:p.W...s6.%Pi....W.).....r.........%...i.be."...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703550v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1706
          Entropy (8bit):7.884614844422015
          Encrypted:false
          SSDEEP:
          MD5:8A5E961C0B4F1D0CE3C1C48F326E8F37
          SHA1:BC782F1EC10111936EB3021226F394C9D4524A83
          SHA-256:C0E42FD4E0F77584ACF82F566AF20544AE6011E89DDDF66905256AE4CEBC7CD2
          SHA-512:DB77947A508C25A28EEA002EC6B1F26F6D562D4131F541492D32E73486489F46790A1575A83A74FD13C2700CE209984B04DE61D7943AC72B01BCE39DDC52C9F3
          Malicious:false
          Reputation:unknown
          Preview:.<?.B.IK...YW+H.i...+.y.d...o.k.'.y.|U.......S..C....."J..7.......e....R..:c:*...s..."...u..3.U.,..\.....tDJ.!./..m....Z.....p&....].!.`Cf..<......b4d.I...}Q.XyC.@...y.\.w......(..S.G!K_.....I....`.S.&.J.;$+..m.....k..a....L....?...[..tiE'q..\sE.[............E..'jPYph...G..mV.R.Z...3...H....H.u..d....Y....Pyc../.h:..9..W....m......-uS......I.)[6....4$.8...c{..r(.V.=....x..[.......~v.?4pS....6/....}.K.*..h...k.n[&l6M... .]H.w.yq....%...'y.edd....`....e...`..2......WO......L.9....O..%..D.me.....<..!^".0..og.!pp8..I..-..39w.nHnM.x.....w.....g..u+.....x+..,.........A..av.?......D..v..^.vE.'....f..z.a. m../..q..^R..M....~-mS.L\,.Sq^3....x@.1.2l.b.<...s/8.ZO........1....Q..Q.v%..Z...<......#T.Ce-P.5.mQ..sy..TM...g.YS....M.|.vmn...l)a..H.N,.$...}.?..1....u.C..RW.-..lD."Ad5'..}Z.e<..nk..#c.m..............@.6.5TQ2s-...95...{.....H..? c..e.5..q.)T,q.......gD.ob.p1".FOt.x .R0.KV..|.J.8.\.@.E.~v`..\....4.<vN...I.R..o....e.{Ai...h...Di+rF.vwIyY..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703551v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1743
          Entropy (8bit):7.88463149867926
          Encrypted:false
          SSDEEP:
          MD5:47809D19F231A1E71E362E2E9BDFA7AB
          SHA1:7C1796B6091E63E997BD07FB93981D5EAEDFCEAC
          SHA-256:33E1FC9661E678AE4DA71156B4CC163D65AA4B5773A0554B697CA2296F46B8E7
          SHA-512:A302C0A0715471AA3EAF3280E28E70A34463F5894F89E58580A0FF91C408FE0A9DE2828154E8A6F28E65B138A1C3326D85DE4E871802FF3993599829538FAD73
          Malicious:false
          Reputation:unknown
          Preview:.<?ShH.3|...2S..L..g...Vt.k.Z.C,......#.g...N..8.;.#....C..W.C....9x...d.$..f.{.W..`..6.....V...T.....\..$....;....v1Y..K-...D..A.?D..#e.....i...Y.-...!/....]z5,dY9v....%.n].s..\...#.0.\.F...bV..o%......IV.....A.~..o....@...wz...D.....!...5........M..M.....]...._+......P..|`.."<._;Y.u.%.3.[Yb]..E%8ri.i.#.;..@...0..>...-.H....9.F.B.X&........CtH...n.\Uq.c.jR.C6.:......Z..F!...Jq...Q..G..u;..T.E...t|.....e.1...u.A`.....?..O._..y.A.`...Je-.a....LV.5..~..Uo*V.d..HO..Q.w$.?.W...b."+. .F..\.p......W+..CQ+2.z.N.n,...c."q.D....pJ\......g..f...R.&....H./..7....$......P)..)...._.&A#.#_......l....2@........T.:.@..E..t.X.spz...i.9.3S.De.Q%..$R>?z.*.! ....2.?..S.;....i.|.oB..A..OSj.<&d.....-.Z.%].R..Z-...5i.....u)o....d.9.q.....4.....(;..q..Mf.F.J........s`.o....h.^.C..~......(.N...-......N..'.......6...:..wmu.......w..:S\.^.,.....W..d.!.:....nu.U............'.6y.......$Z...HE.`..m......h.-..e.V..Ut..o.......`.T..@.4..T.s%oE....B.c)...2{.^#F.~.........L

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703600v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1692
          Entropy (8bit):7.880271506760666
          Encrypted:false
          SSDEEP:
          MD5:D2A27D3EF4EBC156C56D089CFB7AC021
          SHA1:F3739DFD48A935F629F02EC79DCD24D0966C1E4E
          SHA-256:0AB82C25B69EF765A194333712F22B85C5ABD70C44CF2D3F428AADB7F116B8EE
          SHA-512:C84F282CF5255B6830F648EBAE7FBE94DAF16EDFA2ABA23626D83FA65DEBF12DE30B554506D5D5E5AF22861DF6147E3716F5C2757D3210507D25D5F8CCDE5603
          Malicious:false
          Reputation:unknown
          Preview:.<?.z.X.w..M.=W.1I...8R..@|....[)...c..A.e.y.xD}$'..^..1.G...}-4../f_..".^...b.6.z.UU4|V.d.X.......\.n8.I6.a....IC!..nF.i.0E.S.=..#6.&..omt8.-.S.e....../.c.[r..........J...@...AM;....2................G....[u..{a|..+.".(...'.=.K..G...L..+..Y.f..jrV..<....m...a....U8.8...r..V...b.du..RsV.p...~^..r........h5...M..7x.B.U/)dK:...: .s..c'|....nc...X..'rb.a...: 3i.pNoj....[... .c.q..}n......^....kb.ds..n3A.$....B.Q...y....vLBZ....7p);...N.a.D...?.....Vi...i..\..h..k...A..\.\~O|.?...c..}E.......8&b2..@E.u_....-.../hr.2....../...!..T......=..%dW.....'.[%g..:<..x.v..|...Ik..R.d.4=....I0.;.X..>8}.On..$Dq......9......[.oWFX..M...ht.A...kj.)K/J.g{.....X#Y6....$ r..mN....G.."..L..P.....>.)..5|...j.3......aK5.....R........E .h.0Z....G=....oE.7...........b.+3p.]!ZR..v..YBS2....4.<?m....9568k.cw'.<.|..L....p(.{..._.t..i..fT..9..0...F(.HD..?f8......mu..}...Q...v.....,"e...r.[.......j..5..F.......0....s:..DI.....k..2.Y>2....B.".E.h..........vk9

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703601v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1729
          Entropy (8bit):7.887966623735536
          Encrypted:false
          SSDEEP:
          MD5:A387976EF154E701730A2FFE5010935B
          SHA1:3429A57B970FAA94D5B0784E925FB76BD8DD0412
          SHA-256:81531EA83653015EB2ED526F1BF0CE774A2A3BAB1DB851E5546693ABFAE6CCE3
          SHA-512:62CCD9E86B5FEB2C650B134CC95BFFE089F6538BDAD70EBAF7A53BFBAA76567723345EC92322C322D26DE83BB85012C1EDC3C2EE15AA110F13016A884F282A23
          Malicious:false
          Reputation:unknown
          Preview:.<?..).4....S.04+...hk.......,...:M)`..G.UMC...........GOW.o...;;..$~...4?...Y..`..<./0c..^....`...;...VPq.T:....MP..B...W...%..A#.I&..N...pc.....KF.i 5e3......&z. .....8.@|*..D|ae.V.>......^+.,.*L.y....+.8.W.1./.p=v#j......H~..I..]....(R)\].!@..C3..5j.......*X.'.....6.(.8.O..s..9.]..Dp.qb..(...b.e.....1..m..T.\.&.v.....$.Xe....0....j4.....v.+^.Db.,6.T^.D#..H#..=.).k.ZB...J.XRh.#.6J.."..V..R..!...h.... .H0..O#...8A..s..e....'..A...]@..ND83..P2.+.....nf."2GKd........N.gf.Z....."p..Y...l..\...A.]..n.....b..3J.X5.....XkX.../5.^..!.....u.6...r..o......fV.*...X.k....YS....#...-....{..V.%t../7.....zrJ..:..6.@.{.}...Z...t....q@e.Z."..]l6bkO.g.9.n.v...z....K..a,..6T....$;w....W]........a}M3+.......,.9I.....C...D..[F<...1.....V..g.I...6#.<+7w~.I.<SE.Z...8R]E7~..,G...4\....Ce.6..sX...B$s...x......`8.1b..8.Kc.......9OBc...0.a.u...T..3F3h...l...1.......i....|.........7x...".._.#.%......j9+...-#g...|......e+#gG..C.....H.J.Nu[..`\.?.J......0....b...^]&..%.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703650v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1694
          Entropy (8bit):7.881574007902077
          Encrypted:false
          SSDEEP:
          MD5:7B94097BBBBC14F44F2F0FC66C416D5A
          SHA1:FF1B5CF329E354023789F0A7AF7A64FB41B3A30A
          SHA-256:843637A161529A39C028F9D36B17D10FA3026CC6E9C1A81E1508E7287E9DD94C
          SHA-512:6E1BEC485BA93957682E481CA8D826E7770839ADD95CBC61C1C9C5E60437133065EA6188B4C4BC2AF877F45BE94876A1D7088B663B6C5B914FDF516461BA4994
          Malicious:false
          Reputation:unknown
          Preview:.<?.~,.....~...=...S...t....\...]...8,.I.B.>d......z..$x.;.sLWf....q.A^..Z.'x....ZZ....b%....1N..D8..{!.-5...m.x+....`b.M.7.S......^..8..I....@....|.h..=..4.k..z..,....Mo./..HsF..:...).....q....p.......>..A.,..v.......R.y.......9..4..@......b.e.X.Y.n!..j ..l.9h.oJ'L./....:15s..Ey..=K..6.un...'.....-....k.s8....m.............l..5D.w.b0..LhPC..m.R9.C~......5;.......^...:.;..lM...D.9...sT..9w..n.5.ot.../.z.d.;......_..?e.. .u..J............. .e,..F....R{.........K........P'\Xm.('5.......C.U.8`Mi.~<...ON..V.g.S...;...n..C......W0.+..r.`N..._3..O.,g(.*ZkI.r........$.;JLR".B.a}E.U..<..x....xK....OH....g.+.1mV...KP..Y.Y$7%5..%(....*.......+.'z.W.T...#.T.t..c.. .,.<U..).-1.(C.X[.<..c.Uy..t._..&.....Q3R.)B.+.._..{ .A..8;..T..>UH....X.....Q.t...*S...]...im.K0.#.K...:..E.]..b...i.t..i"..O./.....(.....M.&t..6kr...V..N..c...n..`.....ta.5..d..#5.?._......>....#.../..T.....\SE...1=Hxa?.nd..`:q@....'6Z..f<..[..3......G.&....r-...vy.5.+....`.......%...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703651v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1731
          Entropy (8bit):7.876217392087858
          Encrypted:false
          SSDEEP:
          MD5:7E6AF1F252CC798F99836CD0809962BA
          SHA1:01591C06A317A3BE7A3FC0B092D3091812BB2081
          SHA-256:052A2F80A1A862C78EFC3A97D6A21CA476B94EB3250B5C63D8A35D529BEFE0A6
          SHA-512:9B18B99D4E6D1AF2BC7E61255FEC407627F6EB16EBD81B631557087EAD1822E8F5F06FF51BE43C3E0DC56E4F61F035B69D1FE128D36106522B00BB4A616C90A9
          Malicious:false
          Reputation:unknown
          Preview:.<?_.t.1..+....p.^..+FK.6..`.....(.?$.,I.z..'..%k.z%..!.i.....dR.`n..[.[....W.+.zh...Y6B2...+......R.c...9G)..L....t....R.)..l.W.<.!5........U....lxR.^....>in..7.;..D:GV...E...y..V3.....C..\.....2.f3il...............&E.W.?.o.......s>|^.]Q..B..W.e..w....Np5..J.Q..{."J......DD...a.......0f@..A....;.6../i3.PR.5.dd...!.....TD!.a.....i ....o.Y.;.~?:....&.=W........?1..=.8P.n.&rg:.p8*...P.S.....A.5.`.U..I....i...N-....6G..:..t.<....8^....g.".....$.N..,.>F...z..BX.vP.m...A.9. .o...wNd.SL..u%..s.R...........4|..ZFA.t..=..\-n.9..E...`.........@.Lz^.$(...].`.sMO.c..h..s.U..{].....I..>w7ck>.u...p....ct3.......n....O.A.h...i..8.;3.L9k.|e.+..d<.Jo....6[.M.P.Umuv.U.......f.e.........)..d$f.._%.{.V-...+hw..XE...J.A...*M.j....~..lt.....".G.@.....R..^Y.\.-..@.b.p6.."_.y..x....+.I..,.......<A...........x..e.:Q,.$...G{....x6L.w........NR6../O7.7...V..P...O...3/AH......[...(nn"Z...lK..88wh.nG....32.~k..P.9+..LO5:Pl..{...'8=..93.L......U!.....P.....| K..~/o..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703700v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1712
          Entropy (8bit):7.897556098650097
          Encrypted:false
          SSDEEP:
          MD5:EA0BAC120CE3BF91B9FD2DFA29A42B0B
          SHA1:D512E5E92A8C083CDD885B508EF5D8CAE77D7070
          SHA-256:E514015F74AFD9F894230B8FEFBDDBC03DA9C5D12C0976A811D54C7B036E0BDB
          SHA-512:2C7C8F78225A3AEDF8E61C7042953D5D206E3428AE778EDBC817093052BF7F9196DB66D79212BB58EBBD3E33DA84EBF75824550AE2C63B177C0194B1E90D6D94
          Malicious:false
          Reputation:unknown
          Preview:.<?....u|.;f.....r.........[.".:A.K..0.Uo...^X.....8.......z..[..a.......F=.>....r.{mkF|.............:&.R#x.~.!.K.......};.xw...$f...>|3g.x".EFW..M..l/.!.V......~^dD...x..3a/.;`..]..l.u].l.-?..x.k=p.I....ZU.W........uV......Dy..X....<9?H..=..z./>.6M.o...........X......}..{}....e.F:.........&.........r...r...*....W..7.o!w...x..G.|...Ln......X......R.....z.!.Cx.{Y..*.N".|/..,.q..^&t..b6......v.[va_.H$.A..)...<.tJ@.t.^L;...,y=6...A.D...vJ...g.5p..C.... .$j1q.5.j..r6@),..6'2'.5.ML.V..14..F..j..~j.......w.."..8.".].b...t...../..:,..6...66....@;.w......u.%N......%..[{.M.)..w'..O.......].G....-...O:....OM`1..2....H._>:.3x......0.].b.....-..{WZ'.p<+P.,...$('kw..f..3..q...#t.{.H..>......sM.r4J.K{..Z......l.9.^.C.9x.gtMZY%X....V]...O+....U-O...W+.J..V....9...ceTM.Uo...ff......F..i../H.:..x.....W>.._.T..en..3..[..U...%......p.t..x.TK.mBZM.(`T.....[/Q....B.0..W.U|...DvL...L.[.v..u....Xw.7k.".<.?....... _../......../5.aZ5....l.7....`vI.....1n.B90#}.[

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703701v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1749
          Entropy (8bit):7.896504365899006
          Encrypted:false
          SSDEEP:
          MD5:679D350C0EEF872ED580BB917E7923F6
          SHA1:2ADC829E92ADBA46FB5749020531C60DB56BE162
          SHA-256:462B4FDCD5B2CFD29FF937D2DB67CB5F0FC7E6292117FF20F1F137EB63D082DD
          SHA-512:19340BAD5681B53CF44D9F13392503B4ECF45A51FA9471A45428F35A2DF9D34E732C5C5D3DD3F326399AE52A94B5F7E33DBB29EE90724C85265F9662608F80DE
          Malicious:false
          Reputation:unknown
          Preview:.<?.i...N~......-g..n........)O.!......^..>."+.............Sy.r.dI$.H...C...(......;D.._.b....pr3...&V".T......&@;B....=.T...v..}./8.s...h.X.5y.R..b.}..8?.,..b]...Z/.=. 1....{..Y.k;......k@8:..X.f.u...B.T#...v..t...0-rAE....^.Ym<q..R:.f....O..<V..n.X..L.L...9.,..p.5Y.$r.5kh.../!.(...d..&x;..R....r. .W....k..2....[.E&...P..^}n.O.U..R...A.........O..P ]...OSa...%...b.Lz...p...5k.'|].h..cz........k.J..M.n`.@.9 Z<.I64l<.F....=Z.....9.t.I..n....Y...fN.`....3.......I.Se.S]........o.~vS..."s...O...;.F.z0..bF...d..[...L,<...yFy/.......x.y...(..P.y{..u.n.....?......%(6.Z/..........;....~A9W-......d....y.J. ."xB.Z?...C{.v.7.c8i|Y......w....k....=.%c5f..&.E.......F.........%.u..a.H).v.Cz.y.r.f..85.ar....,..z....&Q...w.pcg.q]z.t.R...wK...p.N.Z.;.....HX8.LT..v.A...S.P9U...g.F.O..........n G...:I.N.\....w0..EV.N0...L.L.&2.En.......k.=...H..\....?yf]L.....v;.s{8.0+......7.d1....[..0z...D...c...y=..I)V;.&....x..-.m..M..../J..0..p.. ..Og......1~[.sw.o.A..>.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703750v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1734
          Entropy (8bit):7.882613858846086
          Encrypted:false
          SSDEEP:
          MD5:2F59893B7128F75FE0450A47CCD78C04
          SHA1:5FFD1B15404A186FD36CD5370DCD036C298B9795
          SHA-256:47246CCED4F13A7FD4F0C884CC3985714D89697A86FA40C9C2A6E8F32DD47150
          SHA-512:D0B3464BAB2BA2FD016A7CAA7E6B70C8B62E16DEF4795A959C692D9104194BDEF2E71B50B906D79BC9EC618EAF5ED321E2AAB1A6E7C369593EB6269E15BD9ECE
          Malicious:false
          Reputation:unknown
          Preview:.<?..... N98.M.A@v.]..RD..Mq...`Y.>...7..l#.1..<...X.Oe.15.*...;[..&......$]...O...............?..|.".g...m.g./.@..]- .lx...nO...y..F.i...C.w....1....g8W..%{z]..^A.O.._F|...XS.........e...0...|..9...b,B.._...<7..a.EKU...).V.D..wJ.DW.v0.Z.m...9..F....z...-..t.....J.4...}o.`..sC3..D........8J/wrv...F|J&..[....... .}<..C.C..).).....8.....E.<.DBf...a....X.E.....{V..@..]..76J.Ww.........#/~...'....y...C..X......K|... .@dm*.W..5.n..$..n7.9j&./.W^..Q1....&._d.........t..,J.........0G...}...a.d.[.....Z..5..8.;l.i.X.0..X.....Hy.(.D.sp..@i.5|L,.:.Q.(......S..v^.....M.J.I#..em.cqj....`.'y.........PG..z.\.)...k...a.c.......M.N....NV.S.p"..1|.........7.3...;."2SJ...c........C..O.Q,!.;..{.~..^.s....2fj...?...v..1.....d....f|.\%....n'.._T...q..6.x..tF.M....s.!A~..f.kl...!Z5 ..aq.E.z8...B...-..0Tj..t"..hW.>..x...d....T...^?......3;.sC3.O.I.\.....y.......<...."k..-.S$...r..o....x.p.0J....R......faj.....ke......@F..4.9z*!]F..;..^f......f...m..0........q.T.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703751v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1771
          Entropy (8bit):7.883641222008811
          Encrypted:false
          SSDEEP:
          MD5:B0DCCC3A64C0859031F17578D2860D68
          SHA1:4753C895397772BC872F6336BEE95E849501A7B3
          SHA-256:3869E1BDA1F032EB6F58AEC7BCF91E3FDD7CDAFA7A542FB79C0638A5FEE4C7EF
          SHA-512:552D50BE1B073A31DEB90B15376C8BFAE9BA8A881D8EF086A2C553E1378687E5355A8E6CC6BA60745CA6770BFDBBAE5D281459FBF2D31C92955B01D57BF7A638
          Malicious:false
          Reputation:unknown
          Preview:.<?.@.vzx.G?t.fR.{.X^p*.\..3w.w....g....^. ..a..|..9f.....+....8<.v.#S..;D...G.K.<.[.yn5w.....o...x.L..L..s.$gD..d..T.o...*_kUB..%..%.l.k.X:..M..P.#...{......*].....#?..............Q((o..W.V.....f..\D.n)pzf\...r.mA.8...I.........R..%..W{.r.....=......{. l..,.]U7..*.GkR@........R.......E.^..q..q.f.......>.F..3.q...i.w.*. l.C...J.n..9.....o.!.]......{.tS.........2.\.......j.....u.....A...E....L..v~..M....."C..*..Ms.F..~...-..`.{/S..\........,..6..8}..V.....d.?...uDF..ba.w.l..K.,...F.r..@B.?t.(d..>....,....cB>. .....@......L....N...........zMOd.......-..p....tQ...<^...z .5.P.r....z....r......:....(W+.#O.U].T"....'.0-........h.....^.k.ep...9I..........?.......OL.H...y.T......s....M..8......X).......o!H....a..$......S.....F.9Cg@mBd.T..D... ..H...gDs...z.d8..m_.L,.....P......j.<.W...h #..gis..S. ..r...1>....;.....^..T...4T..K....W+.^.......yO+'!G..2..@.^.BR}..*.).i.~.....d....3......L..IG..c...'`.iLBf..om.g0..&.Q......z...Bwj.,..4....V..Cn

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703800v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1716
          Entropy (8bit):7.895195526929284
          Encrypted:false
          SSDEEP:
          MD5:A3C86EC56903410DEB7BFABDD0033F35
          SHA1:4FC2B7720B56FBDB83DF2F9D7AC9490DE6D19E86
          SHA-256:1FC51D9DCA80AC094CDCFF65B8BEEFD637A8503941D4637512645DF50EBE9A3D
          SHA-512:E4CA43373401EEB2997AB8AC871E58B7370C2F3AF1BD3F7F3919DCDE4C67DE26879766E2834170BA9081BCDE0ED98B3A4DFF6538C56140A81092C7194F909871
          Malicious:false
          Reputation:unknown
          Preview:.<?.>.....s).......|{..v...=.W.b.eW...N.....w.e....M..%x..z.}?a.;....t..v=<..mI..W...|M_........_Be".$u..Y.j.Z`.z.^..3...+.V[x.k...(...l...x..`.V2#z.t..t..?...4C.}...).v.J,FO\r...R..DY....R..4u......v....VH..}.v\...kS..Sm.....p..od.VjT.e..U.e..\.....Cf.T...x...m.....k<....e,#.....K..R....X.B..._.@.+....4..$.'..)M....>..E.......Z..].....&y...cHd...bg.[QV..B....P...ng.,.^.....J....X.c....+;4..B.mS.R<(...^..G.....C.q.....y.....=.....`..d.....a\...-........)_S....+.......|..bB.E."..PT.. `..C....T....Y....<.*.KukD..>l.b.j4.s].4..hT.f..........e....P ....[7.4.8..+....3......4d<.f.vH.\:..M@i....7 .."..O*..`_...}..'L......>.Z...].HV.AC..B...}..9..z.6)...7.C..~....jOFQ..}4....x2:.cy.;i.r...`..$.,R\.....}........y..Z0}..|.*Z...}...%..r.lF%..[`Hy...E...(_5....u.....Fy....H[...,8.F._y..dd.l...;c.....?h.u...<..|h...7+X!..+e.g.jnq.".......PHw...4/a..._..'.....I.T...b..P1.fQ..'...._[...7S..~.mn.T.PV"...lW. .b.....po3vf]....4Idk6,.....:..k..Xf.h...'..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703801v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1753
          Entropy (8bit):7.894426005702664
          Encrypted:false
          SSDEEP:
          MD5:CE033FF08C2CAC7C26BB41B6AD2CB033
          SHA1:B77C685BCABE6B79449B4081F464EA93F5EB5A19
          SHA-256:61A84B48893F7F47838F27D74688FC4DA9F1085A71A9AF60AA4339B3E7FC8C8D
          SHA-512:E68D0F886B4B3C4A47F5E386BAF7466104B0095255E755EDCBED73C7721AD5E7906AC5407E5A98A67E92340E2D83277CA584CCE09657A48EDB1500B9E91D4F91
          Malicious:false
          Reputation:unknown
          Preview:.<?;5...n!eV....;.....b.A....6...q..B.*...=J.C|!.....R..Tx}...vY.l=.q.J$.c ?..Sf..ny.......Vx.[.%...hT..Yx..i{!C..r.^T.....%..&....@....q........1.........v.f.j.%...G2V...{.p..A...;..A.Q......;F~..5D.S5....B..I..H..db.....=46.KGQ.....^l.h@A;.(.azI...&....%..{..Z.W}.|...'L.TH.....,s...^L..@..'.....y!..R5'+.8....$w.D\..d..$U...#.....O.....c^x-.-o.0\.>....%.D...u.....M. ..+.\.4a{....c..`u...1.T...(.....j!R.!.:.h.....YCw.z.D...z.\.e.~..{7.....!.s..Lz...#..}....5....Y..9...r.A..\s..Q?.:.w./.Y..b.Ly...?i.....p\.V....=.....Y..Rt..).x...w.G.$)Q...Au....t~;1Q<......2...~.-.....8...B..j9./..@.4..~'............NU4..e.$D.`..V....@j..7.%..lk.....5e..D...`...........t...d.D/....w.....&kyf......T..j..:?|...l...xX..#...g..(w.-..d.;...qf.)}..#......z3....>#8....C...3..'..-.W....>R......"...S.y....={..<....c.wXhJu..B..b...`...K."..w4fviq..daf.v@m.T.d...?[1..).*.X..2u..J.O.?..c..;....WP\............@.ZP...b...Z+mvs.J=.4U.W.,|L...^s.o...\@.M..].)...cF.n`....

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703850v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1739
          Entropy (8bit):7.875374700781478
          Encrypted:false
          SSDEEP:
          MD5:474860DCCBC764F632BF436677D3169D
          SHA1:6906DABE9CF37074CB8D5839F2F00E6DA6F66C99
          SHA-256:B0082BC44858B5EFE13442A5738A7CCBB020E154252291214F3F322A3583C8A8
          SHA-512:3B6F26D4DB3F425B5B6FCD58044841589FDA697B6B737E8C36F3D4988BF39A385329AF4898265219A0BD1AD159D15B8126EAB763D53FD2A80CF5434F09F1D416
          Malicious:false
          Reputation:unknown
          Preview:.<?.9./>......t...8X.M..;.a57.}h.T...CH..G..b...{.....C!.......:....q..O?.....l.....[u>...K.n=..Z........n...e[p.si..49S1...-$`...hLm.V/.......p.f%3.....<.d...........{....n..-....}..o..l.(...P..0bywH..FZ..~........1....x.....Q.(,.(.hP.....4.C......'............6.WV...u.#."...}>D....z..gu.e"........L..D.{t....ue...E....V.!...N..B.....W....L....1......@..P.C.1..ll..9-eU.X..,.no.1.Kp.L.i.l.~~,%..z.%|~..y[./...2....%.W....e.*#..sHE.5..._..~<e`O..yB.p+_.......K............q..}6]..C.E.....p.r.v..G....D.Sd9"I..>y.....8.;.K!..p.'uO.o....9A>...Pd..%.'.W...E......@D...$...2.D...I.@.J.|..].....J.xZ.........B_..ps`I"@Q..8.S[..o.........~.)\...Yq...q.V.r+Ex.....nn.....s....j..2..5$._...s.o..p......$.H.....=Ta.Ew.$SiA.p.".........[.^`>^R.7P=..B.).4X....%..4C]....N... ..3|..?..I.9.=..8............../.M[./...U..&y...W.v...c.N.*)..U.>..0.4.C....i......d..fLj9..J.g....#{M..tA..Q.=?.ffm.K.E..V7.N.3/.....jp...+....=.=..U...[Ot.}.R.?..N..h.l.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703851v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1776
          Entropy (8bit):7.891415487566932
          Encrypted:false
          SSDEEP:
          MD5:C978092B8BBDCAA69CE8F140CD3E42CD
          SHA1:1B8AE86092F3250833C0CFBE065EC324FE91679B
          SHA-256:4FCA953F14402E9F4BCD638063F93B9BF61FFFFFB18188CB7CD2C6E8D7A04B76
          SHA-512:2670CF6E00A5D1AD4A6493759E26AE09E2756D3F9B978017C39AE8D552BC8D6FE192037426B3A2A3121E9CFA959369649E5BBB0B8E8A063CEC1A58EB18AC6DE3
          Malicious:false
          Reputation:unknown
          Preview:.<?.V...3.w..}...(.>....T..A..9e.?..M;...F.$]..R$]. 5sZ`.ra.............]b!...w>.@...........lV......G.j..8..&c...?`. C.D+...Tf....M6kv...F...?<.h7.'.X..u.p#..Gz.%.bk.'+...#JFWe...d)W....%'......*25.f^.U....~W..G..:.A\...eQ.^...........\K....u.O...~.]..../....I..[B.Z.HCYu.%...}Fd.~....wT...h....e..Q.?~=..../!.w...z.x9..$=...i..)<.S.....P$....c..v3.:.&.'..$D.#.(..J.... .Q.F..~.`...$.S.....E.y)..o.f.L...*tj.=e...<72.9..H.......".x.?B.S...B....7g..h....n....nOX5h...>.~....oL....h.9c...B2Aj...I.6.r..p...@1q..Uh=...V@...>.....?.%..s.........j1@..v."....J9?!...L.E.......S..........G-@ ......?^.wL..t.N.w,..$[g.N..wX.{.......M5....D!.t.Wnx.l.......~cj;...s5e,.[...9.o..7...M.wy6.4..&.1DV.|..=...h!..rC.....a..5....:.........}&~?..Nt.|...=.d.%<.(.$...w.0.1..V3....%..m....#.A.).>h.....}.....2Hs....,...U.b...b....b.Sz.E.....C.'.u@.]....r..|.=,...I..1..=....Q....$.g........@.~mx>".W.F....Ca.I.c6-.......'R<..H.6N...x%6.H.z...#.0?..Raf~....s.........1.-+

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703900v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1724
          Entropy (8bit):7.905984266388859
          Encrypted:false
          SSDEEP:
          MD5:33367ABAB646C511C91FC375AED69F02
          SHA1:B7DA1AA622511F986072214BE0AF342D8E9BCD35
          SHA-256:977078CFBB5AAEF575E4229094D77EC59F7207D701246A4E194C8BCD8C8EE2DA
          SHA-512:D4862203315228CAFD5D8A0C0BE0D9FFDDF90214D07112C7FDC554FC040E6E31F44639E5B86808CF62E412806251FB1F002A97B4CC00B4A3C9310E06E800DD78
          Malicious:false
          Reputation:unknown
          Preview:.<?*.+:....K..8Qs.;.....,;f.]..j..C..,.A?B....9..U...2[....~[....eb.....0......8..s..@..r.E.##.S......5L...cE...6...p..55..._.~..u..U.D.6..Y...b...!......i.E....Io....Oq......9.!Q|....?A.E,.R..../..-.9..Y?+^\]..F78..k1..<...~....):r`...3./....z~....np.....{*FQ.z!..a.W.......C... .M:)..]&%(a.D..U..q..........p..H.fTtr.D....).p.w..De..$..Q.~r.=...lH...... I..U+$......3...t.28A.M...}.v.L....Y...Ym.3.."..h..4Q-.7n...;T..,.u..@z....?l.......M...y.k..ON=..qb3......e_(....8j.8)...L.......d.H.?...H..LR..3. ....W.E.b?';z\.....(N...TN..z..2..IJ)....b."......n._-..@.\........ 4.+40....?,x..j..}.M..G.....h. R..G."N...W".m.....u..%..6..r........^.E.8.>......U........$g._.7..nO.#...KV....G6.C..V.=1...Z......F.R...D!+o.. .....'.A,,.t@3...(...8.A.w...X..&.d.f.X....K..q..`.+.+...5...Qw..E.)..J.F.r......`)......9_J.rP4.2......y...sh.KP...XD....t`]v..K.h.V.7.....>..'...U"..)v.YY\........`5&4....,.f6.l..!Qm.0tt.........2....p].L.1.L....>......[

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703901v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1761
          Entropy (8bit):7.879747729851215
          Encrypted:false
          SSDEEP:
          MD5:C26C4B7854B6561966FB5B97A45B0AF8
          SHA1:7B58260D78ACB3336D86D0D2C7D7C2510E734EEC
          SHA-256:BD03AB724102F415C4A00E2B991D4D8B497116BEBAA5D2A04BAB75BB6965ED1F
          SHA-512:0EDFC278F85A4393434A0827660F1C046D668EE6F3751660BA810245756B14C77F3671E75D79418A05684F4F47A0AC99D8D180D619FFFFF55838809936DB531A
          Malicious:false
          Reputation:unknown
          Preview:.<?..P..<.8..j.|.B.7.WJw..L.!...........94.(.zD ..p....=...g.l......?3."...N.t;._.g.r..[.?...A.m..75...M..k4.v.e.3.gNA.5U..& 7.,...]w@.fc.~$.\..&..]S.....}...+..!_.p...\.Zw.....4.z.8/...r.M.9i.j9.0[.|.&..o.{.]..E>.,.i!/...l.....v1m..'.tj3!(.:d..r...rA...$.{..lT....C..5.9...[G..[y]8..."E.p|.Q.g.0wy......;..&.f.!....4..v.?.z.../.:....5Q...{........).U.{Z...OM.$.....GC.6...@.M.oI.".Q.U@....l`+..jL'4.F.)....J...\.@*........^...K.u...-.......0i1.../.........u|.....d..{.f.>Id.`./d.yg@.w.;6./T<.<.(..pr.......K.l..J(..l....C..6/d..U.,.i..0.....0@.....@.%.....Z5...0..{..!>....Y.5&....5.:....."...\..\Pc..A....Ob..ixf~;.....c.ma..'..z......r.U..r4..W....c....Y..;C........q.0.wI.!.3N..>/....m..x$...{.......g.={...cJ...d[.C....T...nD..@v/.....-.E..kV.....".D..3...oc....&.b ..0..m......>..S!4....`I.L.8...?..\*........^...t5V_.y|8K.AV.m.r.@y..^O...yQ2...sb..(...C........p.. >.....*u.......pX.NFEV#..t.w..m....Ypbo.. g.a.b6.....\$..q..>VP[....I..m..r....F.j...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703950v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1700
          Entropy (8bit):7.8977102960204455
          Encrypted:false
          SSDEEP:
          MD5:AD082BAEBD4D8FCF8E76D6205BA30BD2
          SHA1:FA5045DB7B82FC3888A4E68DC50FB275CD725C98
          SHA-256:873425CEAB1D014F1C520CB82DA64BF60354C99D41252E5E16BE9B89A595F5E5
          SHA-512:7AB2500F94358F2F75ABA46F4B6DD380F76BCCDD70B9F98B491D8450931305C1F3CCA160B2DADF5AEEA26ACADFF9E376D0D7F98FEECED1797D3C8D76A68ED7E2
          Malicious:false
          Reputation:unknown
          Preview:.<?.Yq(..c..T...:.{..e@.......}...+<.$...*..6e.!...'..a+.*.{751....X.Y...ju+.b.j.a..0;.2j..6.....`Zw.]..Fk..x.d.s7.....I!?......Z._....o.)..?5.y^..:.~........:U.........{....!..HU.8.;(w.t..A.# H..!..._W$......N@..:.{..........E....#%=..MP..S.....=WQ$..D.....}u$j;......Oh>..h.........f.............!U...\DQ$'..;..O)CD.s.H...H.&)....\.Qd..iL$v=$....%X..$.p.E.f..j.....g.$z...6...T.4..?.%0i.._.....;8..M..*...l...J.k...L.%...'7.p.....].26../M*G.q.*}......,%..2....=......=.n.>`...Yq..... {[....b..F......89.l..Vb....0=P......v.-t..............+X....-...zKr.=9...<c...O@.....A.C.I....mIf.,.P.....A..B....$.8...9WT..<B...."db...@4....hi.E.{.+.K....X.z;m.k...........m.nW.CV.7Kq.&...i./..G.g..%...=h....`...!....%.}S....Fs*".=/w.rH..4.T...e.[]...V/.F9....'.k&.S..43h%....,_l.k].G`k.{5.a...#...,.*91B8XC..U.T.G...W.A..}a.n.Ial&.vL:2cv..].R.|h.#...;...=.g.I:.....U.;./6X.x..|........@.A..W.}..w.i..n..M.[b..@<Y`(I.?g...A..E<~....;l.....>\[Um^

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule703951v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1737
          Entropy (8bit):7.881969162224424
          Encrypted:false
          SSDEEP:
          MD5:CA742DE8CC57E72AEBBD6BBBBC6A5898
          SHA1:CE34859DADFB91D72FF84CE0FF20F0D834E7296B
          SHA-256:DF4D9507BB961174FE2A301D2B3F650DDDEB1F9A9822EC546B51798160521D57
          SHA-512:F74CC228F817B9CB5CB57E696A5313B69549F7511CC2AB5061AE62C3E8729441C03AE7F9B203FB6F6966B76E77934F24C675E6FBB8119C3CD4FCEB783865BD2E
          Malicious:false
          Reputation:unknown
          Preview:.<?.......I...`.W\....HK%J..ki.v...cV..h=.z..?.c.d.j.zWz.Z.".g......|.0.k.7)h..M..u..&-'.8.......3....C. 6..|c}.......R...,.D.J...|.Ow.av.#v.<..o..b'-.7......5.2..}YlS.J.c....p...$..!..y.q.{.=Jc.^.{..u.....wLo...".......Z.KL.L....b.J.RG....0.yn.rF{..?..l.;.v.9..Z....H.].3..#.[?8..{.X...S....0|[.>r.T*/l0.D.2...p.Y..k.m..Y...iaVE.0.....S.+g.h...k...h.3bd....h#...J..2..g...-.....7...0.k.D.F.......$...X.O.gz.j~eTwY.8..W.N....@+bSL...n)e.Z:=Y..#5<}."..'..`..5.....d...b.?m.>OH.,.(...GMK..i..G...ib.5bC..U+.N.9..K.2......z..E]*&..87..T.#GN\...Q.....50Zl_c....;.P..3.%.(.(}...iS......s...E..^.k.0 Jd.....V...,@E.0...,$\+....J.......v..k...t..+........l`q.....Cn"..{.....w....E.*..Z.z..lt.(t..._o...R...K.W..N.f...#|e-..8i.PX....<.z....t..5.vCtp...V@.Oj[:sp.J..N.(!....^......n.~+.....#...G6..Gb.$.t...'`0MW.(.;..@.......s..X. ....E.qX.fFK7Qp..K?....Y0{$B.D.<.....dy.U..T..[../........U}.f.?L.~.0..:.E..=.G=|S.jx....%..a&../...............K.q.h.}Mt

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704000v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1716
          Entropy (8bit):7.889505850341784
          Encrypted:false
          SSDEEP:
          MD5:A1769F3B5AA8DAF48FBA159E7C43118E
          SHA1:F6716510AA39DC1907CE05EAFA94FE8BA1FEA32D
          SHA-256:ABBA3F9A09A5F206820102727C047E353A1063A75BD79848AFD653AD398E6A9C
          SHA-512:81C8572AAAFCD16C0FB69B407E023463B83E571AD9EFFC5680A3C1114CAE3EBF3DC12ABA43B8E04850FBD2DD62DA645ED61F489ED1BF527C7BE3A0072B345880
          Malicious:false
          Reputation:unknown
          Preview:.<?\w..=.1.<..'.v.Z}.V......ou....u.{A2po..e..R.}p.:....q.k8..p.c%..+@.\!P.....,;_.?.......p.J..w......5.q...Wsr.W..s.;'..&c[..dR.dG.,z.!u.Le.v.E...........&}.#0ygy86.}s{d.........x'.....X.....h./..=&-.t`..?........n.N?gj..I.Y..5.......=...c....o.N..G@....C*@.._.{xs.-.zF8..py....Sg..s\..V..%..X"=...m>..."..UHp..R..(..b..._.;..H.,"..}1...}?._....`F...F.B.g..I0m.S..S'<..|u..0."P;n..gQ...l...&@...EW.........~ .Kg..I.v.&.qk^.gj.......E.....T.A..U..c.}..%.!..V.|..n...B..H.6.....Bz.\.vN.A...n.....6..{...9>...`.|M..8/.kf..0.hKp...(..7..45..sH7_..\M........8.8.../...\..`.y..4.l.g.....g'.....$~i...f...*..m,nld..U....J_.,.#.'.f.!..v..tXG.........q.-.-.5.r...M....,S.t..<.<]..:.Vg.......QH...!.+....s.(.!M.0q.......|6.......c.!......`+..0...c...g...h....(.n9.*.c.*f....x.8..P..J...g...&.......'n...NZ..BhJ. ..L....0...P.x>.-...#.-..mL~....t.i.......7q[.=K.baX`...RS#...'...[....oIAh....~..]..WO..s5c./.:..eND.up....;....R..2q..J4..3X.K.c.#.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704001v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1753
          Entropy (8bit):7.891570059920034
          Encrypted:false
          SSDEEP:
          MD5:AF218456EA3B6E36536DF8933E69680A
          SHA1:F3C1304A7EB9A9411842FA10AEEEB6E6ADB23F2E
          SHA-256:6A8A7521FC4421C41CB677258F392767E61E666824AC53255F9868BE9CEC178A
          SHA-512:4AD0D13D17AE71FE340C45251666CD436396679F563AFDFE7C18885EB8082ECDBA19CCF6EC40646BCFA1CDD8F44DA78B21BD33D883D17A7234B32C2603A68B00
          Malicious:false
          Reputation:unknown
          Preview:.<?.@.r..0..R.B...Z..i......7K.........;A.El+.......s..r.P..=,...<|.xV..g.js#}..A..Y..Y.F.%...].].m>...\..\Jz..#. ......Y...."R..r."... ...d..t"e.l.....+ul]....58.lz....u.........#.....l..9\....\5..t.._v.....|TO.S.%r[#...p../..#.p?.&.*..y..`.9w.W..a........f.1.`.J|&..........7.].9.....2'......5..Gn... 1.A./.U6.,..Q.W..gR...>.../R.:..0K........v.......?....#...o.6.X....V?/..@.n.JL5..Iux.....k"...b....t..E.>.:`t.cV........v....b...Dn1.;..K.c......Ioe.h..-.Q.B...j..(..xa.?.5[...L....(].{G[C....L^$/F...o..~6.yeQr.'.g..../V.C...2 .Z...I.L}........m..8.....+...nt.A....`.Q.F..+..S5.R...U......2...r..h..;...?.]@...?.....,*.o...7.k.C.lt.3.7.f.&b....t.LN.7:I........@..c.o.>......5.u..s...e...9../.n>..}..2..](.B.~...di]+...M...{......?.,.....A..g....{.!.b... ..Kc#...f%u..MBV.$..t.?..lp"..2.#.....,..S......H.'A..]B..@..w%.......U.#.j(6....j..x..... ?+.p......76...v.E._B.Eh..-. .M.R^..3_}....m..3...<T.r.^..i.y....!.t.&R?.}78...o..-..6.t.$.-...

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704050v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1690
          Entropy (8bit):7.878617456129412
          Encrypted:false
          SSDEEP:
          MD5:A33E329F2288F56A0A89DD0F2C2CE1EA
          SHA1:B27417EDC0E2DA0F860254D8F5F2B805127838D4
          SHA-256:FFE2776983398AC2F1F32F1890284BA27253C00DF9ED3ED61E78179D840B3988
          SHA-512:588D41295ACBF8AAF758CFA01666D440705B7E184AFE68F339F0D395A49CF4A54922C6E8EADA71C70299ECA3E469B4877B9C80341100329A0150A10E8E054245
          Malicious:false
          Reputation:unknown
          Preview:.<?......D.(.6hE..7.....=..-v.8.......>.5...(:..R....V....-\..<G.u..K...%....:...@.}iG\..]7..<. 7.?..Z.$'-oF.^.].$g...+.|............Q..X..Iy.T'..%....?sf..K[a..*Y5y..].?.1...r. 2..."%.g~....v..-L<..m>.ks.....wV-J'.i@ ....J.rRh.R..W$.a....9>F.g......I3s]..^.W.E..~.,'.>.iJ...,..l1.....-....Rj....3;.R..?7.u../.'B..;.>..D......h..,|......A;8.3ot.x.%n.Qg<sv.^.g9..^.2......G.o..'u.;....(bw....D.o.Q..#.)(.C@.....}.}...i.|b.,..cUS@#.....(!.k...f"4T.c.......2..*..#.C3..=..mS.<...._MH.4B......{*.u..B..).U..Mi..4...^..={5.".O..)....)XC....,....OD.V}.2.!........s:...^(.$.A..|h..c+.>h.}.....OA.h....,..F...qu..3..@....=.0D.N.J'N....9,..."j6...G...S:...wH[......,...b..C.B.,$..-Ta6.........U..D?.4.Z....?OZ..@~.A.k.c....fy.o{L.2.).......I.a..j.W:$.1.5...v|.t.6.s....3.-C..Z_.P..&t.^..4j*.I.YFCG"..F...m../[...n..D....C..y..N.H>l..~.c..>n.r.....4_X..c.CGB.Wx...%.y.'..acLS...%Rw.......M...b.......PA.].../..^....,V.<.'.5.:..F....=f..>.?...........a....}w>

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704051v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1727
          Entropy (8bit):7.90186532638588
          Encrypted:false
          SSDEEP:
          MD5:FAE3787459AF4D3FBFFBFFF31DF53889
          SHA1:C824D11D7DD9E8BAFEFB9E50B4B893CD410E9794
          SHA-256:5EF238F912EC15E88799E3B6269EFDC89D19826AED9DE3E7F55F8996EDF2FC00
          SHA-512:36699A9B977B813A53FDCC310EC0DF608797567BCF81660DC25FF3CB109455685CD81768D4020E97CF54DD3D95A560EDA47F18909F9B36EBCAD638E4A3FA183D
          Malicious:false
          Reputation:unknown
          Preview:.<?...5I...d...M..r.er.oD..#.....S..y....d...(.Y..#.R.B..%..n).g.....,.z..Q.C.`.....I...e..F....2......M._.i....@.UfF.1j.?".t..'3.ny..:..^.2'....d......C~....M.s.V.v...s.q~i8....]...R..*....[..x'...B..g...'....gk.w./.}d.P.J....$..V.%..z-j2.3|..U....y. " .$'.3.sC..y..z:....gm.6.....L...e...:.Q....E.....xZ..)-...^...W...F.....1-....\\z...ts..V.../>;.Co.....f..B4d.:.U....?.=.oh.b..Dp._E.mK?...+.]UE...E..^1uD;n....y.....M........J]p9..J..F..?.o.>.6i......s...s....(.i_..X..|..)d.C.u...g.....+.?........+....K.\\.O.....h.6#..P...NQ.r.k3*k.:..+...gE..n).2..'.."..4,<D....7N.XS2Q.....^...v.%..w..t.J..j.".."......f2n[.....}3f<I....i....<.2....l.....,.Z.......|...}.f.4.1c...9.................".e-.9.&.....1%d-B..=.8Y.[.g.t....c3...!A.rki..Cb..&R/.`.....$.n..E.h/\...Y.....n.75*...p._....)"!.Ta......ax...n...\5b.!%.....Sd..V..Rh......-.J....-=..o6z.z.@.6-#.Ks.....zE....e...c............p..I.]...z........\..J...S....H|.T.....l@.X...c........X..;a.n.|...%.

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704100v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1696
          Entropy (8bit):7.888531704287782
          Encrypted:false
          SSDEEP:
          MD5:2648E0302E3DAEACB8E5B88CBE30F9D1
          SHA1:1A14F88C6615B330B633BA00E20142DE24132C91
          SHA-256:A8087BCD378AE5F387946D05157CE56AD8EBAAD56FB9180E22BAD9DA2BB6BBF3
          SHA-512:2FA2809813CADDB03FE93428D5BF4A78E64625067C088454D2850D6E58CF6EE79871F8234BABFF86A18B73ED21C6C567F0EAC93401142F9479A08006665D4ACE
          Malicious:false
          Reputation:unknown
          Preview:.<?..Ur..c..9.[...f.pr...C.....Q..~.Z.....q..Z....... AW.g.'..(O..~.n.i.D.|\}n.&Z..a...Fq..f....7..U.....{qJ..._.h.N.d..!f.QS.Wa.1.....I..X..I.....$...m.v......0...E..az1..F...^.LB.m.Y71..\.X..~...j"...!.8c.\5.R.....*.W'.:;.{.I}7..."....F..wO.y....kL..-TN.@......$I."...U.|qm..........q.8.?F=:6.j...%PQ.i]J._....._..".....3.!.I..()[....=...S.-smI.z.9.w.AFY.."..'...H...<y....h. nNpS/.k.N.....c....n1ph...>.qN...&..V...8O7...!8&<u../$I..%.8.........kcag.^..z.....A.u?......&....].....^.......FN...o6..V....N.%l................~T..o.?....+.%.Yj...'..(.........j/.<.).M.....a.(.um.qH....\...V...;...?.I(..~.{h...#.....V..iA.xN2UO,....L..Q....q...6.._.......M1.&5..........}>..E..5.|..J@hG.(...#w*.....l<......}x3..0?..7..0...J......UE).O......F..0m.qA.J......,.......u,.7.5+-......E..3.J....4./~s.....pV......K.`....2..35....TZ...D2..Ax...Uq9.U....m...Bb@b.u.....Dy...s.>..G.a...g..H+......0:c."Jid...'T...E\-.......b.....+.P...ajk..?\XB.5..k..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704101v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1733
          Entropy (8bit):7.884111418204817
          Encrypted:false
          SSDEEP:
          MD5:2E40559A69C4D2D3960C3E33DA090B6D
          SHA1:B37869972CDB4C3BF5992772D96AD4AC3556B744
          SHA-256:5935894018AC6B575E2E3F2018A52931E56C40A7A96C0530986E0798C6C75F11
          SHA-512:DB50B9D11111A66E14F6D671829CF6F378BEDDAF6418D23B66EBDB066A20132957EC9B3CB8E72650D28E63872E0133134F225DC9DB149ED690EB5BECFA12FD9B
          Malicious:false
          Reputation:unknown
          Preview:.<?.)..vCL.gY.-.t{.<...j.37..ihp)H....,..TX...C...."..k{..'....p8&.,......<Ge<9+....d.x.S.......d.e..'Z.-.^.....Q...%...e@,.2. .......Y..m.z(`...sN.U.c......xI..v..'5.....%S....KgdP*..K0..n..P...A..IW.s.F.....fF...H./.../...{_@=aZ.J.m..A.......5.;........5...>.e.wv+.S#[X..$;7.G`...1a.s.......b....#...i..;..>..G..BH.s..'..#......@c.i.A.0+.....(...e].......W^...)..a..y.[.f.........kN&.4.....vv..%...~.Y.%..q..Y".>..i.e..E=..5..~.|5.l........6;....-..&.S.W...r.b.C.....%,.'...E..".......H.|.. rr.r......,_....h.\.O*..T...W.3"...s.rS6..8$..v.z.kF.W..;...b.......#.$...}..+*..O......>.L..."....x1*0.r`..........zec..~.%A..@.....G ...........c.j.7.^....1G...m.Oy...^N...d.yj.E-....Mc_?..U;..cg....@5/^A64.C.m....j.i....0].H`'.s...'Z+pX.Ey...@.>...>..1.h..M..j.V.,.7G..j..P.E.;...x5......5T8./.......F.1P.D...hX.. ...tEf_./...=..z.3....*..6........s.. ...Ht..._.....G.4VI[C1%.......i-u}W..].1.o....;.3.oR...4.X..@....7.ck.8..e.0..Qy#.$...r

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704150v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1696
          Entropy (8bit):7.87329403071525
          Encrypted:false
          SSDEEP:
          MD5:44F55AD6F8E81169AEEA2D1061E1377C
          SHA1:62465BC147AB40FC27E35A21213F74277A4F0451
          SHA-256:C28E62F1EA104FA71109E75F8791453750D6F8F63C6C14B984A776A12DBFD637
          SHA-512:7F4B77EA5C9F658DFA111225B4741CE2755E9D7E171FF430D6ADFA73C01EB9C1DA9FFED5DDF060A4CE2ADA358FCF29849DB692E6267780E609588290497BA850
          Malicious:false
          Reputation:unknown
          Preview:.<?..).1T....%..p.1.T..Z<..?..u/..s..[.....t..O.>....he...:B..u.'_.sY.F,.M...s.V._y.....h}.Cs..@..2.......6f...= .......MT......P.s....=.oZ.R.h)y,..X.<].I.g.].%>p/...W.".A.7.[r.......E......#.dl.. C.......G.....{..(.XHpI..v=.!R.$.'n.q)>Zi.^.......B.1&..k...eB...J.+..M..2Y....._.bF...2wO.........$.4....xI.......Q..7..C3..g..v.?..C......nob.......f...}{...I...N..m.6"-....+.b1.T...e..t.Hv..~._.Wx...6A5Sc._.*Q.j.,>;.p........R@..@<..;hrK..A.....E.Od.....=...!...'......n.+.{...........!....).C.Gm.{..D...a..]j...%.d...g*O......T[A...PI.....w.<...#.Yj>>.N.V}&.....a....e......'.x..wlb...@M.....V........$...;.a.\.}..T..j^.....e..P]f.J........=..R............./..4.yTW....;f.f.p.;...3.=3.:S.q..h.... .(t...>......_/.=y@?/s......Xn.V|..L..Xx.ks=...V.5.k.}.. ....7..m.dM..Q..>.u.. K-..6.e2....i..]..M...-.....1g....?.F.],..S.\xy.....-H..niG..Qt......'h...xn>..)0.8%.#V.a%..xM..(_.p.fb.T.x..2...o&..Y]h......w......gTo..x.,p.*.A.))..?.....c...\..Ld+!

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704151v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1733
          Entropy (8bit):7.878277333033029
          Encrypted:false
          SSDEEP:
          MD5:0AD16AD198D532366028A1401D004548
          SHA1:FABA179D402728B4363849D9F4F2B452D88E0601
          SHA-256:539C9F8F73F6776FD45CAE1A47E3EE73FF327E18467DDFE956B609FB6CB9A870
          SHA-512:7F462E793F9D05EFA7F53C29D98D76DB574ED139B18E3C4193F417F6F11D7F259ED1D280A4DECB2859167D025A5363966EEFDFD7D48EDB6DCF58C68BE5269A1C
          Malicious:false
          Reputation:unknown
          Preview:.<?.VjN...N....ZM"..BO...b..i`..><G....|..\.Ht....w9.`.T./.*K..N.am...3h..<U..A...HZ....0...G.-\....Y..J.;D..aF..d.....O.6.q..L!&.^..%N?8F.N..?W7/..K5y..'.dL^..En..H.~{..5...0VQ..7..$.L.JDUP....j.S..oKj'U.N.3x.>..L...'U...cd...m...='..]..........5&..<.lL..G...,.#jC..Q..%b\.......B..%...U.P..,......%.J..3.*.txv4Cy.oUA*n.......K@.,.e'%lh,.9..?....\A...w]F.55..1. 6.V....HX{...U@P.kI...@S.8..L.n....9..,..{+...2..bf.....8.x.v........3f..#.u.&.g2S.....s:.L.:...2..A..9...N...H...5...?Q.$..i.-U._. P..>0e....C.&G>.@n....>R.M.av..A..U........a./.M..7..G.[;`..A..oe0...b.j{>.E;....#....p$8........'.."......H...Fu..rs.1H.a6..D.!...+Jq.AV5K,.>..t...|=...Y.r&E..V....E.M;..<.#......'p.........%....zm.....I~{.^.J..>...T.L,.#.....j..o.q.ec.vUL..e..5...:.t}.0{.%Q5..i......}..K.xx.f..._.Y].6....z.F.L.....K`l2...G.%.l..].4Iy....v.y..S.9^.d=...*......!Bo..-.2.=...T....C-y....].w.sKG{..1....?.:.......Q.7.....h...%=..<...D...^M........C.(.....hk..?...Y.#

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704200v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1714
          Entropy (8bit):7.887604674894248
          Encrypted:false
          SSDEEP:
          MD5:5E6FBDA2E6C3B39E9AD715CD32734236
          SHA1:C94EFC88A61CF1989A3A7C08D539B6CC0A4F9685
          SHA-256:C42A4BB47F1F87CAE11D7C9FD57DFF955323F9D908C144761CDC35397EEB5BD2
          SHA-512:C05673AE76B54E33A1F6555B9E349F3E10B2C248685B69964BDAAE742E88872146C4EDCC3F82D17BBF8D457F339956141D6473D391959DCC562C607EEC7D0F8D
          Malicious:false
          Reputation:unknown
          Preview:.<?...A...){.*..Q...\&.../.........\dGq.Q..v.../.......'...R.W.$.l..]$.....a..\...K......x....y...Q.Uf... ....)......w..~.s.X.i..n+$RH....6..}.9.QuQg........EFc."j..Y.,$^@...I..(.{...@q?...-.hMb...... .....YV.tLH.5..Q..X.P..\R.z..y.G.Z.....tEs.t.4.x.,". p@X.Z.P....W.O..x../..b.$......:./...0...B..4..s...8]w..go~.I!.5*........R...\{...7....T...,.......|..._...V...G._N_..r.|v.X1o....c.4.8.2M.s.+......lM.=U.C8.Y........4.6.......m.B>.B.O[S...O.cla..........5..[.....`.A:..L.E..'.Y.u...b.:.?.w.%G9.6.%.y!&.....;.bl"@...r.M...$...A..p.i.6....Nu...K...(a.T~.l..Z.-.......#.3.....a..~.8.u..//.D.V....Tu_....q.W}..4..h..W.y..4.#....Y..N..V#l7.jJ.......f..c9.7.g-............b.....Z...$X>....EV..pz(.......Cn1..C.........z..(C.....].....Z....K`..:....$.Qh..H..V...@8r.R..9." .6....h.......B...../.3...._.iU~W.r..;(qn..;.-:@.._...};T^.7..q..0........x.?f.rGn<.....$..Ge-.s:.._.2sd.3`...&s{...r.f.mo..lk.~.....n...[=y7*..0{%./.h.'.......H...N..w<......

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule704201v0.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1751
          Entropy (8bit):7.875990914145748
          Encrypted:false
          SSDEEP:
          MD5:2F0CC2766113512A0222958E94B6385F
          SHA1:C4D6FD22E7298396EF6FAFB6D9928D5B156641C6
          SHA-256:277BCE1B9AF0367C56841B7E02AEC78E2E59C8C95ADED9543CD8F5C2AEEC2DDA
          SHA-512:280755873DB68FD19C4F40E2DC63D841805A9104EF7B1283770BA2F5FF78CE87C7A7BEC7957042F6E2A9DB8D35C11600E45F9C0B115BD8E9ED15172EAFA2A637
          Malicious:false
          Reputation:unknown
          Preview:.<?...."T.e.^D.L.q..|l....i..w.....sj.U.#..(.~r..QO.$3.]..Q....V[g...F.jZy..>,...a...|".W.....VQ.L....Q...Dn...i6d..mC.mH.V..C.]2+j.c}Eq5..#......rt..an+..C@i.Q%fRh.?..w,0AY..t.....S......h...........X.>...d.2.q.5H....`...-!.4...o..=.....(".G~.O,.v...@.^...."..^.).....0..b.......k..t.y.M.G......./.c.7..nc_...L[R.R)vl.5.H...p8]..%\....N..:...[]"...k...lDfD!.....*QP.P_....96A.Y..6...9:.X&.zqm..b..a+M wt..2.<....X`...q.....JZ...a......~.p*Yo...[....kr{.}Y<Y.N7$"|...[.vbn2.A.~qw..X..~..#lI.@..+zQ.M.JE.b.V.'uR.v......y2.MfR)..#..T{.G...[.....)...D...#J...T.........ts.0...%p.!f....$A...$......Fy .).v.!..?.A.....|'SFc..L.P{.wY..Mw.cp.D..-..!...7 ....d.a.4.`.>....t....i....CJ......x.O:-N...:.We..}_./_;Z....k.....$.. .B2..hO.M.-.m#...CK....0..F.a..S.x..{....N(..S....(..%.j..G.~W.I.............H...J..`s..H~#.L....w.g{..&s...G7..>...<..\7.~........N.0.X..S..x.K..@W./.a rMO.....&.....-(..~....E|.....;...h.?\......%.6.?.:.{.-5..1J.(na....d#.c/.u

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule90401v3.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1583
          Entropy (8bit):7.87898469869122
          Encrypted:false
          SSDEEP:
          MD5:38C95B8193D37363361DF6E1E8EBF85F
          SHA1:851C9CC82ECB5E275BAF89254DCF7B5DBE1C9302
          SHA-256:AF9E1BF9C35B92BC274A737CE2250B497DA717A9B4AE70DB077EA81DF353AED2
          SHA-512:5F572C458C555DA2B099E1C922F588DD80053F1E950DD4BFF7C8ECF2352C681D3E93271F34B9402EB99367F6F9C224A4DC97B2F6D38CBDA712F1FA49807F2426
          Malicious:false
          Reputation:unknown
          Preview:<?xmlDVS..i..{.@^..s...A...o.=_..C....U^...m.T.l.%.:....:....i..dN.H-5....)+.W{..h...Wx.....}R..6..6<V...n"...............o1!...sWk.....L....W....$..Q.0..?.}..X.V...T..,.>..d?M.tf...Fe...9....._O..d.....s....w.T.K,...._[.s.L.+.TN.....7v...[gf.)L/..2....Fg....0.yH.2.".-.?........y.6e...S".9.+..p..E..4.:..{bS..%.!...n.w........( S.4T..o.M.6..*........_.[.o.zQ..._.WJP..'#..[..x.%.1j..D&.e..G.....R..i.....%..".J......i6e>"... .|g...?.N..Z..0.-.g.....&..Ia1_H`..}..b"...Z.=.....B.{.o.Bm...k.V4..".=p..Z.7..n........%..ns.y....E.....[.9.....%.\4...*O..{.......=H.d.?P..];a.S.7...qE.O.....19.|&....8q..~.:..1./.n.H...'.4....9V..b..S.Z..].r.N...*..\bA+Qe..V..R....fq...E....u?.5.c.....J....'..K...9=......YJ...B....=)c..6^..p,....,...Ydh...%h.....7...cv......./].....E?L..3t..............,..'..K...3..L.. .3O...QL...<...+K.. r%.>..;..c..c..\^.....9.d.:.H..).,?^..v...5D....BP7.v.Z...U.0.l!v.)Xl.h....GMFt.OR(.Q..w....<..J.T..Oy..&...?.]..\.k.R..cZ.P..FY.Y.

          C:\Users\user\AppData\Local\Microsoft\Office\Features\1-7FeatureCache.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1098
          Entropy (8bit):7.759908825260053
          Encrypted:false
          SSDEEP:
          MD5:894D80888E8C2EEEDF1E589D7689F6D0
          SHA1:D40E17544576FDF812C79AEA9D7093F8E13A2408
          SHA-256:B3933F789F63D90FD63B9C0898A5D30335D1720AF64B77C77C1D8EB149DEB0D7
          SHA-512:53D3067FC3AC3F6B06F0A64CEEA7B88AC9963327D42A7AF4B1C7BE441F183CFCD06EB96FC0C67D8796DADC5AE953F5FCB3A1192D7B6E8AE0522527C058C30468
          Malicious:false
          Reputation:unknown
          Preview:3.7.4.aG........C.6.3G...s.........@.F..5....1,..\.w..K.D~.u.rP.&D.o1...c.......&.jM0....d.r..^..N..o...]..o....J.B.._..*.A....GL.U.L.}&s..>..P+v..&....'.5.i....K.D.D...........Py.......q.4...=/q`....t..w...%V.OT..}.D.VS.[...f*.)l]...1.....Bb.>{:.......__...o......>@.*..D5.?..>..R.v.n...6...}H.R...7...d.6.....F....LF.1.`).z.........._..AT.`...B:....C...y.[.V...\[..*.t2.5.D...<mv...< {#..$4%.U2)...$Y.....k..SH..*,L%x..._..E.c....aW.....S..Iy>.Q.v.Vc..).(0..Y.S.#{2..W..J...4!..?~I..Z.S........#.l@}.[..3.fA..u.?.~c..g.............z]..>...g.S.u.Z...!..i\.Z.@.^.P.8.#Tc..J.@.z..=3......v.......>..X.....T..Ec.V ....zt...+a.yJ..b>\......c...g..A.....Wq.....y0..aM.%..t..u...[....g.>l..l.\.5Ij...%....o...4J...b5.@K.c..@.q ...4..........U...|.|..a..y\.V.[N.58.g6..A..>.....I4...P."<.U.......W...M.O...=].W..^A...../`..T...4....E+..\....Wn.{cn.[..E.^r._Wc......Q.Ff.i:....e..E.h..Q\. ....[. J\...,6....FO..0B..S.?...h..~..q..._.....D-!z\..u^x.%RE\.*^

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\excel.exe.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):115022
          Entropy (8bit):7.998364887498053
          Encrypted:true
          SSDEEP:
          MD5:21578B794CCDA68AADF652555180184A
          SHA1:551B4A871FF19DF17FFEC4F2B3F6217B04A5CD5B
          SHA-256:F0577C95A2EAD2BA1D8E2AC1C231B10B0EDAD636B26850D60FAF7E9E84D411A5
          SHA-512:5253E25BB18FAADD1D7C73842A319F5EEBB63FCC197FF7B6E00A04454ACDD8CDA3532D1F63A9FF4A08B5C562C280B9F56CD4DCA62A7E8EE06209BECBA1381D64
          Malicious:true
          Reputation:unknown
          Preview:SQLit.%...$...rT.1...N%.'QZ..4./.T..)........@LW.x.C.<..;..?(....++..d'Co.L.I......i_.g-(.)..?.*.=....d...0..^..&...\.#2..S.S.|^.....e.Y-..sT.(...U.<......_.l6.....x..M .[...af9OE.....Q3...........F.Y.|...n.........4..%.ck..z. ICr..............Cz......b>d.I/..w...&d@@....9..0.Q..8.....k.ag..,...|.../.v.S....q.2.s.......__[{.....><.s.......>T....J...`..MZ>S....4.G.<.5..V.CZ.DE......."ji..uA...?e.u/.f..p..D.o.R....d...>.I....x..[....e_...J.k...Q....3}A....2..8.........;..,..wl.3+..z....@Kd...g.7*.1...F{..a....A=2a.(..%HN.^.,%?.x....X;..qk....p..0..Hi....3..I..RB.......@^...G....0.{......Vh..EY:..#.....`...#..V.y.a......$.7.w.j.>m..+...........x T....=}..a...}fx~.Z.A.0...q.C..+.&...S..6k@X..f.*..1..........~.O..............b...V.jh..`." ./...!/Q%RK.G.T......j..?...k..d..7...../.HgJ...G.y..~....C.....YG.i.{<..h6..+*zk.=..8.{$D^vJP&...?.f.....f.......Cf.xB.+.....?...X.b@l..`...kj.../..J.A.!.R.....w.ND....j.vW.6.........p.<.b....R..A.-

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):24910
          Entropy (8bit):7.990971267024182
          Encrypted:true
          SSDEEP:
          MD5:0E383BA898A5FDEF379384C241787832
          SHA1:D6728EB0511E96843FAB1B956959A852239AFC79
          SHA-256:8211960FF82FD8BF4D956114FA3082EC5658AB0315EC0B758E847BD0219E0E88
          SHA-512:9C1B31C05119A3624A6023D7408C0514E0D48CE79BFC322B3E028E6DCA4A756F25B48F282889333D755351A9ACFF41AFB91A6432D3169E1E9CFF803A68EE6EE2
          Malicious:true
          Reputation:unknown
          Preview:SQLit.'n....,_t........X%@..hh..T..}.%........h.........$q..1..iS3S.9x..#]".8...i.....6...S....l..s+<{....6.+'I9f.LK|....D.C.=7:.......A..p.h....t...}eW.-1djb)&.j8tk.]..,R6...N...X......X..KY.....h.=u.....G....8U$.M.......tHZ...}.P..Y.../.p;1,.W~.."B.X4........E;.&..D..44..(..]6.a..#....<b.(..XcmE.*w..-.....a|.c..s.&...m.{.d.@....L.5.a*...&.vJ.L.7m.. .c.....Z.^u.DJ`.&z....]NB..(.u..).A...2.*,...s.?.C..C6*..%...7y..Pe..Ap...W............B...jr.....#.....).x.'...O...OW!.s.<.......RDi..,K..|$.Qi..O.r..$..L.t27..P>4..zxa...S..C.R(..{.....)M....m..])..cB<....Hb.=...D.....z..\.h.HA-.......~r....#..$.....{.^&a.k...W....d....W..4....J4T..#AS.."O.7..O...y.C.P.T....8.y.........@R.=...Vj....X'.MM........4.c*.n.1..8.Q.....4...yU....)4@.B......x...m...;.}..r>.79..B.....Mx.8V{.ZP.d.7...P..T.Q....C?..@.N.|......kw.......*9........I..s|..a3r.}!.....l.....(...q~.I....Q41\.R.g..E;|.......V[.;..s.E..x..*t.......).....k;.....nzF.....9.G.1;......R@..g

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):24910
          Entropy (8bit):7.993045567349183
          Encrypted:true
          SSDEEP:
          MD5:E518F8CCAFC147A3D9F2D6FA119F36FE
          SHA1:19865E92E98D2678D418D5397BDB87885F179123
          SHA-256:4B82A30DC4EBFF3F45AC11A1B4682BA76E51E27042B24D3CC1160D4641CA07BA
          SHA-512:057B7D2024CD8F5AC5AE73D93AA738814A7F0783DAFF4E6158BA4ABDB050945D10E85662F6530A096EEC69F96C917E40DE835111975B801DB49BE96E91BAB735
          Malicious:true
          Reputation:unknown
          Preview:SQLit;...%......W.wmN=..+.'J..g.n....4.f....y.u.......&m-...f~,..c..k*.`.FGp..\...ey......,..MF..o....U|.....]v..`V.Ob.~.Q..R.Fm..v.V.in?..Ma]....R....7/)...=...,......LW......V.R..t....P.,.;.S...2._q......gKW@:<..8.X9n.E...L.}.8.?....p...............v.._.?1.p......W..`...Avf.R.....`8'F.J.H.)..T.4[....$..S.v.U.....'..+J...6}.8j.pE]{.98......&3V..*K.}..CG...lo=..._...v.*.<VN...`.............hx..G....B.y.-....n\..P.......N];e.5ab;.%...{d.v..y...tg..1c/.Gs..&T.{&."..Pj8...E..|(...m|..........xq$.@....zuC.$...J.b...D.m.L../..%....g).......rJ..d.1.idB.B.t..Z.y........}....$...{.W.2..#L.6U..@vR.q.,..C.s...&i..>.T....>...2..!....sh.V!m@.?..77..T...x...S...Ju:6..-..D.KR8.%....`..$.#F...J...k2..de........3P..U..IG..5..$.vK..w....#...lZ,.w.q.E..)yt.....x.1.A.'*.L.y.E[...%.5_.dm...1.")......\nS..K(O?~r.<."...d_Kr..ns....g.*....8.f...+...K.p.M...Cl...+mub...W../c.M.Eu@..)!W.5.wv..Ik.B......T1..'I.......F.(..-..3:$1........*...L!.y......vu.

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\officesetup.exe.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):24910
          Entropy (8bit):7.993386363968412
          Encrypted:true
          SSDEEP:
          MD5:3324C807F60E815CF7687ED3016F5835
          SHA1:089B9D6587F3C6F2358590DE67FBF5890BE8F943
          SHA-256:A2653A46A658AB79D5F8A712587B877375A151B60CE1BD0AF35BF84EAF831DCF
          SHA-512:DA09B79E8715AA80C75B389A49C178B464BADF0A0EA201B0B36BF529B320898BB9831EC72D9D9A6FB4F8BADEE92004A0CC727B1917F0A9C087C0080361CF11E1
          Malicious:true
          Reputation:unknown
          Preview:SQLit2...2(.]M...a]v.Q...I...aD... A....WY......Ha.|.|.l..9.{...c>MY.'.3..;oRf.U~...x.d.Z.....(.9...b....M=.".t..|?...Gk..d.D.b...'<.4.6.)j{..M3l......f.A.....B..}..>u...=.#.u........q..*.l94S>.\..g.}P..\.-J...U.2..p..M.9.~...+.kPf....M.^f..l.8.O...x~"beD...m....F....E.B.@QU..b'....c....&..W.....K......$T=F......EY.x....7.0..P(.4~..Htk....O..d.Wp.m?AZ..Y.......o.....(.O.k.A...R....3a..K.t.$.Sz3lGU...f..+_..{^0.x..9..q....P...t..r.)....26....l.n..\.Q_.@....#;BOT.+`\.Y.ivv.15...V..V...k.y.T*.:...K,....8~....b6...Xc.....M.rn........r..K6..O.......y6l%...e...h.~...6..qB...i.>.k.w..2.i..]-...Y...I6.....u..#8.x*.OH...V.r.6..1.&o{..n.3n.....+..../.'..p~Ec...fG..Y.3...=..+_...W.S.......6T.L@A..\............(.t.Ox.&.l....4.oq.G.:...MX,...McjB#....].l{...l.-lW.YJ}l.. 6*P.l....4.....<F3..t..M.1|6..gg.....Z.2....=...4..."...k...l.6.w.F.a....z..5d..Rw.....O..y..EJ#.O.k3dQ.m.J..f..P~.......S.X..7;..v..Q.?.\...8.H.j.E.S...............a.H..".

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2023-10-06.0944.10116.1.odl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):1.0431882496124985
          Encrypted:false
          SSDEEP:
          MD5:77F8A932020F8111B374838C3A3DFE31
          SHA1:D6C9778A4A522BCAEEA88DAC4F42C0C03804C73D
          SHA-256:EAE9F0BE9A59E0A33AED35B3E0FEC6A08AA50185C065EDDD5649526AC66EDA4B
          SHA-512:BAE30465420CA7C4346B2AEDFA8DA0478813D076E3F1816C9BFE7099C743E553061348822BB0E6EA21DE1212CC8D7EC5DBE3EFEB1ACA17E334F1A42F824AA51C
          Malicious:false
          Reputation:unknown
          Preview:EBFGO.[...`...7.m._...]....5.y4z.q.^.%C.![q.%......%^o..OF.f...O.U}.BY.Hwx...Rk.....e...kP..../..M....8.!.x..2.2l...$}..?F_a8...u-..R...x.g..O...~. H..T^.....*...0..iV..bv.v..F.o.T4.>.x..%.........]p.I(...9.V..._."..k...T..(...>.i.Ow.q~....q...&.t............V.tP..@.==...'.%.7Y"........k.~.4..].....*i.Y......V..}Pt<..?i][....y...#V...w..2......k .YC..A...)...i.*..3.Nz..........R.6...s...."5...g..p\....f.|g]#........../.....4...@.....A.nq(Mf.I7..".H..o....=.\.......af7JU.@.....0........`.J.....cM[z($...d[/...T..{&..|z...t..`...........B..]x.[o......|.....&_..#....9-3..v..\t.K^...a..PC._.L.Z3b...a...sW.w[q...C.V`h..Z...9P.7<Vz..`....i..B.......:XV..%..\.D........3...%~...%.Z}...4...F..t......+....i.x...Y.H..\ .\"Q.z.(..U.ULt/.j.0.j.>.D..0.......zE..c`9....6.T..F..H.s..xq.,..[$..K..'T..t].....f.^_...I..]b=......Y.=.^....0...|J...]Ru_L...=.9Y.M.0..I30.%.o3..F.S.0.O.8.wWx..,.h./..X...w...+.Cms.b..)W....ht...:&.I.v.S.#.H..'...k. ..m

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2023-10-06.0946.10652.1.aodl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):1.2798031389913138
          Encrypted:false
          SSDEEP:
          MD5:FA9015BE837A69D367CD6A73717C1856
          SHA1:042C73767E05360FCDC80D7565D7E6D43ADF6F8D
          SHA-256:DFB6FECA402639263D45B6BA5B9B340FDECDD72D675ACFCABA291E8A8C004EB3
          SHA-512:001FBCA8E83F8C6E802068B88969FEE8C45795ADA58F7760CDE2DB4066D3F7621FB0A2D72B7B7CDCA7315A4D00F299C3BF1C25F8A59ACEDABC232A5DADEDA554
          Malicious:false
          Reputation:unknown
          Preview:EBFGO.....[Q.#._.N.m.z(C..|.&..2.*.k....4.A>!.>..]....c.T."n..\...;.0}..cUx|;E...T......d..y.c....U.$..N.V?l...e..OE..'%..<..i~..R>2.A..C.b.2(....?..:1*`...%.4.y..,ag.....&....h.H.e....Lo.!.M....$.5.x.....P..<pH.=.l......k..m.iZ3.\f....V.3.1..T.D....kq..'U9y...{....}<.y......\m.~.....<YY.c..P2.\.WP..I..%0d.>...oAJU/@a.C..r#.P....T....Wc:.....8S1.'.g.3./.C5.........R.,.....x..M.~...,.A9..0=w.j.....}NHM...t.D..>*.[>...!.Z...a..&r..\b..8<V.n..^U~.v...O..p.....RZ.!.>...h.U c..x..6......k.a.?n..p.<...M./s[.v.W......o.R........R(.......y.j.q..R...W..r4.Y.G..0Pq.Qs..X..N4O.RC......'.~.../Gj`>?.0vQ.iX....%O6..r^...%.@....^D......#4...}.Vbs..M......W...?.@.../.....LV+...~.i..:x..\.|.....b.3.G.%^...\w.n......0.^.D.iL2.o:^wS.=...............a..{}...(..&...l....../..u. x...i..N.Al...Tg.3b>. :..=.......p0..tY.:i.s.y\.J....`..L<BYA.y..$.{.u{..c. ...0.[.....yC.......5.Y...N...@d1..kp..].a.x......E ..A}_G.......S...."n..?Z.LC..'L....C.([2S..+..LX

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-2023-10-06.0946.10652.1.odl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):2.8960714262833576
          Encrypted:false
          SSDEEP:
          MD5:8E9061D40C76A4C5610D6F24CA6894A7
          SHA1:A261BA2EDA0E5CD66C5381D39C9E8091543A3630
          SHA-256:0E40EA125568E4C3FBF6B7B346B062718337AE79573B43117D72B69B56E93EBC
          SHA-512:D718DF27D765BB9918AE64F31EF276A523F9EAB5933DF4460219B0ACBCB77095D155EEF7A3EE17B5C42F8E3384DC1CAD2B65B7860919457EC7338B62DC14DC9E
          Malicious:false
          Reputation:unknown
          Preview:EBFGO<?.x..'...P.....p.....;.?r.....`[:%.W`]...:..+_..'*.p.uAHg...i(..@..N.,.9..N...C...l*....t..h.&.I.h.;......5..@Y...@..@..`p.._'ml.Xq.5>..4.A......9.'-.$.B+....E7.d../@..eyw.}.hC.}(.YK..f.X.;.~}..#J+c.\f$^..|>.X...:s.m..I...1..|U..^...N../P......mz../.}.....`....I#...x..M...."...-...B.G[jC.1KK....+..W.n.#< O.v@..M.P.z.l....\...M.mA#....p..0-.p.s..'2..16.....1.V...cD...F>....eT...9...n*...s..s..tP.........J...o..g<..j.?.k?z--%.|[C..g......m..~l2.Q.O....-....].WI.....E..C..rA\.t....:....!1.g~.y$.a<.....~y8..%....ap:.l .p.*!..O?....Zq.D.....u..T...(..K.!..)..Qc.6.`x.q.......br.).@....XZ........)....ez.}.Swo.-.2..J...>...:..).3IVZ6..,v}..C.S.)...2...Cf...4.....n..CL..lR5...%s.P.`j...0?O....tq.q&G.H.b..F.}.....Cs.(... V..tj.C...\'..r.*.+E.............>.....~...l.L.....wr....}.b5vY.....D..)j...A&}.8..]..U@-.........k9O.0.?.qo)..g.....k5.E.gur..C.!}l.J.....H.M.h...w&...g...7`.0..&.A.G'.j...D!..... .(.......[.z...hvmc.....i..HL...

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2023-10-06.0944.4260.1.aodl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):1.0118474959303712
          Encrypted:false
          SSDEEP:
          MD5:AFDB55ADD4D0C634C1E5855CC26EAB43
          SHA1:CC06F4F165BE124029734B9296A9FED8C75EFF82
          SHA-256:6E148977AD115C6D02E8C2261BF950A94800C25F646E04B1F70AC8218412551F
          SHA-512:5EDBA5B54AE39A06E15C8547456573DFC3874BFAEFB28BFD786854BD5EEC69C8F4F0846A8D825E4BB3728D2F3D14A23B027D17212DDF0F8CCBE326B689431364
          Malicious:false
          Reputation:unknown
          Preview:EBFGO{..1/....0r^.%R..LW6......J..?.=.D.ST....,..N/..Q...^.......G.S.;.n..B..%%6....>...t...2.{P.5Y.P......F...o....?)..X.....r.....pe..r.{.5.c<.1#...un......6...sB.q...b.a..5*..L.k1m....t..\.Ez.0...O.hl~#..J...>..I...Y..x~a.TR*x...&Gj.6a....ks..^T.ff|.dD...X..[......~....Tf.;.W&._.2.*..dq..2N....T ,.w..,L..K..^.K..f..Y...J.:D.}....&XYC.."j.~c<....h.P!2...P\. ..._H^..($;.......O..~.C...]..F...n....i.A..$...]...>Y.<D...V_......-W....x:.Q/.._E....`\..l....m.&p.....+.....r.f.Y....L.A.....6/.X..........E-.......q\..)..JM.:joZZaHx..~H;.......p.Q.}.Fk(..hOF..Ew...V.Q.M.6...]}.&.QS..jQ-.[/....._.J..Vw......N.....=.F.R...3qO.;.Bi).na+?.}.2;CF. .Hb.L.......h0.k( ....Z....RR...Q@9F4........!c".@..D......um5....a.`........L.e.In..j..\}.Oz.......%.......'..E`>f.y.r...Zz.S....9...\?..h..h.b.F.n=.-.........>n..w.n..T..;..O.V^(....t..z....S....&...)a<...;.....$...7..gZ...m...N......7Z..iZ.....s&G...r?.....Pa{...]. ..v/.V..6.k......b..,..i.F.

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2023-10-06.0944.4260.1.odl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.2062699632272516
          Encrypted:false
          SSDEEP:
          MD5:3BFA87A1829EB3FD5316DA789B5AA351
          SHA1:8A8BB9112E70AB03CEDC9BF8303C7D70F7840564
          SHA-256:114F928E88B13ED6A0DDE346F99D1173408F9DE6CF29785C3777C28FAEACCA52
          SHA-512:783F3A440F92007CD2D3F422996124D858C28ACC186D9C849C9580CB9BE260179E5688346DD29C761D05FA917263109E694F98D1362BE69A7CFF6F33ECB6575F
          Malicious:false
          Reputation:unknown
          Preview:EBFGO..(9WS.Y......7'...._.\m..K.R[$...,9.d.Y}.$..c.:.......&......3.....N.p...<..S.j.G>...fQ./k....w..n...6...;.Rf..v..:.v^r..=...Z3;zr.......U.[....F.x.-.X5...'..V). ...y..A...........w...F=Oh..Y.S3N.)....u.Uw.H....ka..V..@.B..X][...:I.S...]c=..."sV.$..3a.5..Z...b..{C.p&.-Q1.To...p'.V.R'..t#h..N...A.........X\^.."'K0....._F..R...g...sVC".+.7"...Np.0.{q......C2....y.Gh..F+b...*G.q.(.Cs{...xQi...A....a.Y......_d9.I....v.....k...It.Aw..C...'.........^..NN......8-..6B.f........HGD2.T.e./jA`....hA......Pl]Sc O...7.nD.Y.....{4.8....j.<.R......&Za..g<...`..X?........&.<..j..:B..2.c....o.+n(?....................`.....\.w...y..#2,.)!.[~JX.\.......g......!...\.....=Jpn....[........[x...........I.<./...e.K..U..,...]..H.d..&..L.+.^.#6Z8"v.&iT..w.......^c{....(B.W....<.8....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}........................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2023-10-06.0946.11208.1.aodl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):4.665787595391387
          Encrypted:false
          SSDEEP:
          MD5:7A4E73C5B0BF41EF81ED218DE0C562EB
          SHA1:F8525043C02DDD18224B78A10C7966235809685F
          SHA-256:B11D499DDB8C19EB6F0E7608BF7F017BC1CB7C240FCF393C5669E09AC6F5D4EF
          SHA-512:396A81E09263C74C92EA8AA481DFF067F636890F7B6E2F046C37965822E7DEBC374CAED114CB3C37BFBCEA5B16331E10368FFDAA29CD60A4C052F988EE374C44
          Malicious:false
          Reputation:unknown
          Preview:EBFGO4.7...Z....k.8&2 ...9.kw. .=..HZ.M....H....?.3_...{}}..a.}.."I%..5..5........._A.]..A.......p..<.>1%..B..}.9.|h..=......'.N6[.`.qR..e...!.(..NHs3.........+J.d..7..&.[..X........O..7,E .{+[..F...6..Vt..U?4v.'.Cuw...E-*m.....T...(_x.4#k.5.k..d..q<.XB..%.....I....l59..h.5n]..>.R.=Z.....M...2r..).. ...<.~.H..t$5....{....`...p.Z..0..^.=r{..{...X.t.j........?...5x.kU..EY.9..=k#..y...S}...z..3......VE;..._.}..'....y..DRv...P@..P.#.....!.Fr.....#.L../.F.......5..`.R.......M...k.~9..+b................,.I'.....MinA%.F..,7m.......@...J%.#...{.M...j|..A)*..Lp..M....yY[........BF..I.I.h.(3...3..U..=m..e.5/.......I?..9...uv3"|..,...e.HC...\......K......y..O.....&B.xU..o.[....W.E.K.L...N.+I.......&Bs.$...T.$J1..(..=g...Q....S..~...V..E.E..#..?...u..-.:.H.n.A.#..."eW......{..k.....9c.V.B..u.3....v.......'H..]-...k..m...J.%.....g.A..<.#....s.7uzb.w4..nA...kf~......B..\.>`.............jN.J.....Y.S......y..?2hf.A....l..ko.%O?w.....h........$(.

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser-2023-10-06.0946.11208.1.odl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.30593923628049763
          Encrypted:false
          SSDEEP:
          MD5:D21D119F3A5F8FC064DA7C6D2D19F312
          SHA1:B356060865FC44D0A9FE9F6A8DF9510FC1F5983C
          SHA-256:2CFD27CE430FC236DA32D3600BB1F82756D68384B5F0A07AD8CAB4A4D2E4A08F
          SHA-512:1ACB24B0E11A65FB2A9C9D1A6F68E24717951C0A92C1F944E039BDE8B88DD26DE6958F0FADACF17300A290BF2DFD90E19E9F0184BE92D2864E165744F5831061
          Malicious:false
          Reputation:unknown
          Preview:EBFGO..........b.,Y.......#.1...D.5......X...../_..3I..@._H.i:.:i..R+......3...\%0o{....?... .RK..;.P...IhH.f.yX......E.yU.Y.B.f...4X...u...B."1..CT...WC..f.C../..w...U......H.i.c.).<.GSMP.>....]..ew..2....L...%...h..-V.Z.@.<.....3L.$...Q..#BG#ev.......p..j^.u.O.z._.3...*...rP....h.bj.~...W.,F..|.4....|.......D...n].D9..>.m]$.....y .{.H.q.:.|.<US.....f..1.w.D.......dN@.+X...)...\\..%.BeK\.>.K.nL*j&.C.!.v.....Z.F.y..4.5....}..-.G..[....)..}.............t.LG.}S..=5.....f..n.}.fI.5...H......z2.p.h.Lg.c..V7.L....k...B....v.o..1..}c..[mI..q...~.......%.*,...<..u-.w[......qt.......^...P..L.'+.=..D.G...p.\....i...*.!z......6%.S....4L..j.T....Yp8..vh{.M.;V..,|...)z..u.-.....$..|.....h.2.....1#mN.gK...].....|5C..H...D'Y.....N.^.(,.A.....S....b.z....l..S.#oZ...-.+.....+........{:l.]o..t..!2.|.r......f.i..e.k......q~4..k....CZ......j.X.=9./...z.N..!.h.V...=..R.%...;...#...#.-...t.0.[cg*.i\l;.f.....;.ls.Go...JW..o./#.TQ(....J.....I...h.L..!.|7.H.-.-C...4-

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2023-10-06_094427_10a4-504.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):131072
          Entropy (8bit):7.920455978356373
          Encrypted:false
          SSDEEP:
          MD5:3C26EDC49FE4002173F41D399E18817D
          SHA1:FFCF5BCD6812AF75D578DB8C5DF161FA9E2FED8E
          SHA-256:4805A85C06E2EE5AEBE4F46F66211429CFF196E19B974C1F913DFD8046D14683
          SHA-512:66D6C8CC1803373FFA8EF6CAD360E21AFA8B9605716427EFA968E7A6D69360F8D66E85C6919CFB91D9CF7955515F19C508CA1C3B90E3055F134C85B927E5CB84
          Malicious:false
          Reputation:unknown
          Preview:1.0./......+).v....G.OT...l..#D.V...u.......>....*...+o}.(l..'c.f?.'.)d.D.q.......H.....E..=.....z....i....Q..$..%...p..|<8}"@...aV...24..8...el..QU.S|...o..!4.`.a..w...Z.... .....]....%8.@...zw..J.d.....C..7.].[y..r..j^7`[".[......nE+......g..>...>9....K,(..O...$Z~2.k...Z...e...8.8.."..!.a...nK.R"ws.0AP..*2n.&..O...S.=.P....y|..2......~./..IH....=.....N.O:.....S.%...7..A.../0>.d.D..R~./C.F/L=.bUnt....bG0....-.0..R....^...+.o.W....a>...,.....?.*D..J...$.*.. ...W....\.@..aRqt.:...P......qu..uB..i...V...p:>.7.......lt'9..+...:..\=...=.X.<....=..V?!h.)...L.......w..D.8.e.]...{.8.a...9.....j.z..$.A.{.&h......O.^.N.h...I..t+1.ZUU.......i"<.KiW-......E..l\`.36.....,I8~.8.].p..d....-y..........O...p..\|.f..-6.....)=&.P.)U.-.9.(|..60....a....8.|u*....CEr k..R..y.(...9d...kb.X.j...M>...R....E...S....|.i.r.I.m..=..g..1.e.N.......v..a.8....%..R.}.|..).&3.....s0AW.'+..B...M.p..E.u.sGfd..}O...K.....@K$.d.p.0.e.............3...q.h...6L.t....b.~.....N.

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install-PerUser_2023-10-06_094602_11208-10840.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):262144
          Entropy (8bit):6.809570963948724
          Encrypted:false
          SSDEEP:
          MD5:238A020F1BD9FBDE6028A5EDA3A5609F
          SHA1:B16B289AA70D349E0F251F21422A538144E914E5
          SHA-256:5D0D38143C14719C65605C31091FBE05F92145E5A4112FCBCD0836A822AA141D
          SHA-512:B321A40632221F4E29ACA7358D299F7713378D7576476239D754C3C22EDE7D1A15183288FCF2A5910DA4E068D29E5360BF9A9D6E143BF0F65C5073F640195100
          Malicious:false
          Reputation:unknown
          Preview:1.0./...C...._.<2.a.w...B..f..n..T.4.Q...@..)iC.....v....xY.l0.>...$...N.d...d..yxj..l...t.Wp`v...5./...@yw..E..._..+..y.Q..,.W&......~....$..O....qR3..D..g......}...6...d(..k"......h....H.....wt.B{.S...Z...7#.'}.J.|....J...'.(.X..l..%...;.z..0..G......{-(E.Y.....l..w..G......YLe_NUs>.`.X:>J...'d..Uk2...K.MJ}..e'.@........tn....-.\..7.R..fH....x....z@W.....@C..'Q.+G...M....7...p)p.|.GiA.T...i.>w.\.b....P...\.1B.bm..kzJY.&..W..O.N..X..P....d5..=6........N.3.*.....`.....|i.G.W..f"....>..`r..U5...:D..l+..../7..I8=C......y7..}..x:\..&]E.f....C.Dk....i..Is.....y..=..a... .6v.ZD..g..'...2.EVh.r2...A...........Q'+.F.d...:C.7....1.......*..l...X..E...\F`^W..RM.g......l...a......Q..A.F.E..w......M.JH.[..j:.}>j.a._....\..N...N...+`.U......Y^...<~C?.........>B_Vm..6.,.X.?.^..h.#..@>YP...f../....|0.....O.xMz.>.Z.?-.1f.}..".\...B....q..3u-9^..(.8...1W...3......>......lv.~d7.......i....;M....,.=...%z1.#w..P...>..g..rT.\\S_V..4.....T...]...i.;.:.Zmr^.

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-06_094423_2784-2798.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):30262
          Entropy (8bit):7.99427343940921
          Encrypted:true
          SSDEEP:
          MD5:895975A27FB96ADE3BD221092DFBA59F
          SHA1:44B504F2579B0D48E951026CAF821767B57F86FE
          SHA-256:5D3AB16CD6D217F0479BA5E8EF3E0672CEA50C9ECE7C3D2CF0D4C1D79561D2C7
          SHA-512:74C2D9FEE07DF394BF45F053C8D8FDCB30F1593C4F179C37EB7AA9D812E52D640A47593F62E5B817269E415997B75E3CB0726F225D61DBB0CF9CA6BD6FFFBEC3
          Malicious:true
          Reputation:unknown
          Preview:1.0./e0...Mr.x.SQ..uw..+|..e.B...0Qe./...S..$...&Rz...f..o...i....:G._...........w.7...I..8].rOk......@hts.....yg..'3..2....WRKn.'<....T%..v.y].WJ...$.q}.)|l}..<Z....fl.......U..d.5.|r:.Q..C.9z....2...xvi.5....%S...N/S..V.....fW...=.kV...i$.....`..3..E..]...$$5.=..g...^..3Z...&..C..8.....S.... `.v.a..u.m.,..g+.L.a.....$.^......n...A..DU....t.P...|......f.B..M..2.?.?\B....]..b.....xw.S.....Cs..c.c.+....(.4Ih.I;F..A6.P4.......w...*....$z..lPE.zPMq'.q......q.f.e2P.m...4.S.&....3.m$..U..g..*H.sU.'..j....%...\......-..$..(....2j&q.=C\.z.!Sv.<$1>....3..gZc(_{..s..C..%...(.....uf....o.N.j.....2n..VW....^.......5.].q....9X..L.Z.:f..C..U.b1PT..)...x.2.....lB...a&u|!.n.L.h$..exul...>..PY..+@,.C..W.f....o?.6.?.N|T..n..L.......,G<~..A';..g~.|..`k.;..ld...{.h.f`..&.*e!..gA.....&y.`.b...F......N...f6.7...?S..p...H........M.......MoI.Y.+..2@..5X..:mp2.]..R...~....h.W{G.(..`..v.#`2......V}.t..>e.".....P0.e.`..6.n..i...p.....9.jmI?0.}...'...KK

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-06_094600_10652-10672.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):4.52581429270622
          Encrypted:false
          SSDEEP:
          MD5:B1155D2A2F7ED5A595C3F022A8B35A57
          SHA1:A3F722A1B3D42F2ACFA585ADA458143DD9DBAC5E
          SHA-256:58BA7235D36A0D65AC60A6D8AB84EA1F90E418B93051B3BECC54BFEE6C66D49B
          SHA-512:6058E09E6B9F54FD343F0EF348EF9100DDCE6EB2FBF46A5B313D362AE482064AAB01C0B0323D35B1F55477AEE5C09638572645DBE4502C84B015FD7EE995FA3F
          Malicious:false
          Reputation:unknown
          Preview:1.0./.#.I..0...Gtr69 .[.....ol.)y.c......,.~......d..~.y....CR...T.<~....GUh....L..L.mr...I"..kyj......v.....-..9C..,~....&=.n.=n.v../.F.....Xi.@B4......@N.[-#W....K.m...4.&.......@..4k...7..?Y.....hG[..........3.F....m.c..6.m....,.t.t.....R.G.g..n..8m7...T.j....|.>.,....}.2....g.....a.T..3l..QX.Ik.b/.......N9....u..Z.E 6......K....V..r._R.Qg..U....|hc7.?.K..9kW^H.z....F.."....1".*..P.%S.L.i..g/_jt..."b.|.*..w....:.O...<....,..0Ag.ux.(....3...].[>.%.*..v.>......=0.........._zF{Gz...H.........zR....#SS..X.~)..U"Xy..*..>.....;.4.2.d.. ....Hzl...s..}.U.....$&...Q=a...?.'.%.?*(M,...0..h...........2.d_...@...w8Y.Q)....I.4k......8..3.)a....V.p[.....s..2B....b].R.t.7u{s....0.nfJ....(.=.......~.h.T.).R...E+z....=.KH....<[q...<.O...Y.M.|TR.>n.. .(.1.3../.i3C....g..p..]FJ.h..sh*.M.?1#..6..e..r.....s,2.k.....F.V....j....g.hD.~n].6..+....q.3..y.o-pd.=.a..AE.................*.H}.A.b~....'bW.y..^.d.q......".|.&...?u...:.F8P..mx'.7.clCw9in.Y..d...

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Install_2023-10-06_100353_5292-6488.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):2.3018943004138066
          Encrypted:false
          SSDEEP:
          MD5:CDD606BDAABC77AB8393A20738116973
          SHA1:7C3FC54D468E268205B43778F15C4F924DAB496F
          SHA-256:7552C7E940123F4C8706493BD79CB4B96084330170E43C4A26B01599E4084E3C
          SHA-512:45EFBEA97B2A8D35B3CD4730A5CCEE69D0595E9A1FBB2AD37C29412281A82FC801C12E3833FCC90AE7D924ADE2FC8DE522509A29B82059695B86474D88B6B1E2
          Malicious:false
          Reputation:unknown
          Preview:1.0./.J_b`gE..p.^NX..o...y....G=...8.R.......6..QZQ..r..u..Sn..s5.....R.M..fXzr.CPZtS{c...r#U.H.c.b..&..MU..bDv......i.a.<z.E.....,.Cg,...c......D.R'.T#....B..X..1.H.*#0w..7.^.....b.).Yp..._....6.rU%7.x60.h.Jb.-$..P.A......~..<%.D..;.e..1..`a.....J.!...........tu.nj:..y.~....d...R.|.F.B..{+....k3...Lh.9.....m...7qa"i...t..e.~p.|...}Z7kc.2.$X..Xl.....f.`U..H..f.6a....bTt..>.m<..n<kj.^.-.N. ...L..&.3Hwn.S +..$.......8..Ap..Kr.]..JS.B..Z.L....b..+V..xoM...j.......`h..qq.o..Q>.'{\E.$.\W.....g...-.CG.....U.f.L...m....6..Kp...O.D.W.d......7..Fo..t.`"..-.s.!..P..%q8..wy.%#S.v.....BlMr..h.......6.)D......4.../.Xe..eA7..P.{.J......0.........'....8.h.4..-.;.....#.[{,7L-.5KN..7..n....6..|...z.8e...Y.Z..EZ....3m.'>.T........`......6.R.k.,O;I7...>.c5R....).AEX.J...v.~..P...)r.}d..m....8d........D.....W...MWkH.....3..L^,..^.U.~wZ.........xG.!m(..;..GjN......)....:./..B.NM..A....|p....C3..3xY.......TPX...l.....r..$..a;....]....Q.k.a.@{Z...K..e...r.....x.&8

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-2023-10-06.1002.6316.1.aodl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.9671353592254502
          Encrypted:false
          SSDEEP:
          MD5:6F8D8A1AD6BCEC95F8A6358FDCF5401D
          SHA1:A951BAF425EB2009C575F12D69A33DECEC990F79
          SHA-256:E3610D0BBF2DAB03D9827AEEB15D8339E3B07A1A96D5989BF12CA24295D4B796
          SHA-512:B0C934C6BCC29E64143FD8A2B8F91BFCAE1835CDFA0965B683BC913F812FDA7AB51131B9C156BAE4EA4BB67DEF4392298163662134CE539AA0EE58CE872DABF1
          Malicious:false
          Reputation:unknown
          Preview:EBFGO......-..l...[.l.........sM.v....%P..K..D..GKe8....Yo!~..z.^E. .8...R...j3<;=...sKb(.._.Gb..e..e.y....3#3../)..... .V..T?..!.5..p#.+..z..dw..+z.3%.Q.....39.T.A:..oMfd..........1..H?r.U.SD.3............v...G-e..j../.`.....h......>.OM9M.#,`r.....k...C.=5..El....5S.....)R.Ej.j.......p...|.i.....N...<J.-.....P..m.M....lMY}.DLQL_..C.t.../Y<o....m....v~x......G-.m.......5..u..W.....1*;........qh...kj...*...-...4.......'...Q...v..rH.....vr4..J....9~.C0...1^.(y.d......1.5..Z.t..Q...c.....U.O.<.D.i\O.p.W8z1.vR(..n..v.VtS..,.. .......'xT.J.9..XpO....C.....f..o...3.....e!,.<..g.d.T. q.....?.0.i9.......,.......$.R...U.k@.g?Z.....>.r..n....\'..I...30v...Hv.:TS...LuI1Mb.1.U.....G)CZ. .i....[g!.t.....s..6bT8d.......?.-.z.(..|S.xY..j.>x...lB............3F.!.f.i..."[D.FU..1`Ph..SU...........W=<~...f..L.0@..b....JlA..=..D=..zC.W,..r.!6D.}.9..C.g..p......S?....|.l.......+.J..z.....[g6.x.R.*l}.y....&xs.7D..<.T....L..2e.@.....w*o...3..$....J..T:{;..* ..rT

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-2023-10-06.1002.6316.1.odl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):1.5619462241281676
          Encrypted:false
          SSDEEP:
          MD5:5DC3865BA2CF15D8D4E183A5153BC111
          SHA1:1A126916B904FFBEE9C59486AE616D95481A6907
          SHA-256:411A8942D77CF53C9476B21FBA4E52785AD3EEE2FCAA603B808742B0FD877606
          SHA-512:7AD4747125E24FFE481CF8252C4A56EFC4E28EF3BF56BF609A08D388B9C942782E5EE41B6D4B70D6850849FB28722804A5455AA6E3F7B48A43FECAF93A9CADF0
          Malicious:false
          Reputation:unknown
          Preview:EBFGO....k..q0v..C..2..k....Ih....Q2...Rf.#..r.t...U..gJ7.E...S..r.!...8..}...8........}.,.@......9%c.2x..../.[.W]..b`...(..~{(.=.5....4f......Y........g*.X..&s. ...zH..M.R6.,eo..r.p....G.Y~..m!.N...O.....-&....2.=...88.EB......L...q{X&.....5.FcAB.}...IT..].R..9K<.@.`...7....2.d...s.T/WX.."a.$(.....;z..Bg}Y.*.....X..4....?5....2O.6.^...$.8y.....s....]L....Nva....%..e.:.f.5..j..?z....e..PG ....S...z`k....t..(...o....5.C.G1N1........~}....a...AP.zVHj.Dw.QB7..M.|@'.d##....d;......k...F(w&5..i..2w....B...-.1..:9...E.. y.>..#...x3.&$.+...>......,...}..Ims...h....|g.......I.._a......ZD......#[.s...l.MR5S...h5NE../....#[U...dH.....J..Q....&.C&...Z..h.n.S...SV....u|o{1...L4+.v..........7...Zuf.,.(..I.._.~Q..V..c...o.E..d...\."b.T..=Na.{.!Yd.F.cB..."<]..U..<,...........>.....CP.V.....\..7&..Z.s..}...}........M7.:.....D.....J...$?.QR.(...L..-a.1...B.Y.:@.....E._d^...%0Jm!.GG.(,*|..09. F.........y.eK.!.[.J._.&.8...X0E.?.N..j..*.:%.L....'...y

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine-2023-10-06.1002.6632.1.aodl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.8650606531443815
          Encrypted:false
          SSDEEP:
          MD5:D494DE2465131E10560A993C9E71BACB
          SHA1:BCE213015E9D7895938FFC29455EEDF40FDB0455
          SHA-256:EAD67B5B4C8399ABB5B5E4E00FC4CCCAF023F5EE339CF7A727186C4614334DF9
          SHA-512:F349B9D42F475B48FA3EE654E928C71FC304F42404406F6C9CFD227B3A1A0E1C29BFB0A2E29B41B06ECA1A6FE8C8FB8E0D8073AE6235F430593A947F60E9ED6D
          Malicious:false
          Reputation:unknown
          Preview:EBFGO..vs.[.7.bB..e].E..l...i.............[..#...]<j0/g.)..{.<m;.M...^.q.....dA..".=.x3...-....`.-;...w{^....`.m...9.....s9O........i.....O.(..i.@..4g..b#..b..Z.l.f..y..d.d.. ..WVC.}.b...~&..o..e...Rn.l."0...=...\'.E..o.iC:D......&Jd.$.......)k...[o..b.J....~..bL......g.....<'c.-Zi*,#..k..(...3.M.P.w...p.....|"p...._U.&,F..N&...H%R.......9..a6.1....E.9.p.G/0~@.C.......N.....\.s.|.w3Gb.$Z.....g/.o..D.c...`......Y...y..&N...F..P..x...=9....P.,.].k...w....YT.r`.........4. . .P.J......OO.\...s...*$.9.Tj..YT.O.:....[[..r=.|`t4(w.............@.X?..*....q$.k.....3|.ga.6..Q.!4.L..fl...V2...4.I...L.#....oR.......d.......).....f.....Y.p.{..II>..{.I..+1{..#..kE..........K...k..q....;hD..Rl./.`B.ae.A.I....}.rp..j..o!.8E....u...O. .bY...5..J..O1{........l.?.Q.!......P.}.....$.....yj2....Z.x{.....;^..p.&...$._y.4|..P...|.......H....t...."..F...+'vH..;..-[..+g.......{[.8%...a.\..V....c.i.=.d-QUw.9 ^..:..Lza.k..V../ .5=f...'AYW%.k:%.`./.s.o.^e..y..E.....um

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine-2023-10-06.1002.6632.1.odl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.20641753625354317
          Encrypted:false
          SSDEEP:
          MD5:972572B9D69D77591CAC2E63BEE28F90
          SHA1:CB0A5DCEF1CCA15856C7A7BC2DB22FB6A35D4362
          SHA-256:8D76336530DC5471A53469D3E2A5C7A645ABBC40E40D03AEEB6B85E82B1F8314
          SHA-512:D87A73FA5C2A6F4794CA61EB33F20F139712C89B0262C3081336AD810933752B5BE3954791C8129BF7105FE16B6A85B14A7750014EAE7EB44D719DBCD0642DDB
          Malicious:false
          Reputation:unknown
          Preview:EBFGO...\....<....`?... .[....>lD.f..iH^!...h".7'.....g{.../.......\...Rp.0.R..I..].E.KC...E2..kS......F.N..bI'..[....m\..&W....0.~.wG.7g.h..d5.V...z.c...:f..A.0....!.?...o.U.....i..g.=5Q4s...........h[...Gx...Dg....qi......GX..@!Yg.LX.[....=q.%..5.t....@..2...........K-..hqF..W..0.......}:.D'....Px...1...U.$.}W.p,..8.(.Z....) =u.b2V.D(M}.........B.{.0...`..A!......|.:p...|...A.".C;s*B;S...p......=~..r..f........q.8&...z........<.....i7...^S..C|._.E......k".`3...k..Z.......5.."....t..#N3.q*._g..'+..]2K3....&.g...n>!...;.I .(.^......V.9..1&Y#.S.vd2.p....d(..iH...9v..:......6....ls.....;D.Q......%..........,..&.<`...ps...%L........tQe....H...tO....94.-M.f.tLI..y..re..h...s.,.pz..JD...Ni....H.$.G........~Hx.7.q.....v.......Zw9...2....f.*.BS..|.&...i,[.{......z.r9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}........................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerMachine_2023-10-06_100215_19e8-19c4.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):3.4536894220521446
          Encrypted:false
          SSDEEP:
          MD5:13AC86F848BBF1034F3169845C7C59EA
          SHA1:E979A4932A2C81A176BD34CDE48EF97E7C8A93C2
          SHA-256:3852F6525067F94E2322ED8F1F8FBD1B1D7325F864C0B8E4B3D4C21F8A118929
          SHA-512:EB3564647A59D3FEB86D594E0A91FB3DD1DAE3662D3B9A59D30954D79AD6388287C75DDEF2267BECEDA83D8D0F2C783878A79FBB426AE38472C0F85E14C1C7CE
          Malicious:false
          Reputation:unknown
          Preview:1.0./....y...G.7.U|...w.q..U......K>....5..K.`.d,.q.U.}.XcL5...h.d..C1..E......|.5..<,.V......"1n....6...vir.l*UWn..r.So.....R../...*..x.4S..qB.$\.N9.d....A":.rc..!...i..sB.2.Bv.d(....{...J..}Yl.......A.P.A`.<.|...._.Oq.I.1..L.<M+....AK..yF.9k.q.e.@.iK.....W,Lj......u.KI..tt..f.D.n.2..!$`.'...y'..6....6.H.c.p ...^W.*"..T.x.$%z[..x.T...'...I..q[.{!jQ....X...z..^.....h.2........W.....]....T..n....h.......=.Ez5.....Sm.].......W..(.F..a..Fm3.......|....kN.$...Y.Y....{......i...i(.' qx`.3...A.]n......o.....q..m......f"=0)..L=........5..0.7.~..|....Z.CB.8=O.......3.Y.j..!....gq....iG.......c...KJ..r.Cct/.B..o..u.........DT.~CIl...L,.bNZ.t.......Dez4@.p..w.!.&.B..t.X.....D'...f...,..!......@..\.s+....2...D...7(..6.[e..S...... .`..[f....`G..0.6.....G4.\.....@.%.z.'.+.....[|..K.m.xm.&.v..&)L..e..\du.k....D....d.>v..9..z..D..L:7.Cx;_...`..V....9&.....L.T.R...y.../.}o.U./.yl..! V......Pn..'.(....=R9!.T.....1j...f.....g.0.i...'(..%.c...1.'O.($..."....E...

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser-2023-10-06.1002.6084.1.aodl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.9415369007370834
          Encrypted:false
          SSDEEP:
          MD5:69BC8A7829008C4BE0E7D17ABA53D68B
          SHA1:12AFB93435C08D53A2E208E52D13C5E08D54295F
          SHA-256:8BAAF6C348149C1232CF3D7EBE5728B84057C43F23131EFD35D8105FBA20DDEC
          SHA-512:1E9D4F6D7F3DC68056ABD799A607B9A511D104A3FB72C1C12F0D7596FA02A7A43D7FE0C9C02BE075E8E1530A8AE6EA2F3364236675E29175E02DEBC0CAB67D8E
          Malicious:false
          Reputation:unknown
          Preview:EBFGO.98....N.R*.^.....WMg.X.\..Nh.Yi0....i?fi.h..d.Lk...8.s.H.t....G..).i.sh..M.\.r....8`.6.#..U.4}..d.....0..k.........;H..}._G..@....P5..}..x.S..'.....m...!N.....]....s.<.2.;n..w:w.w/.......^..ZT?.....n5..4...V..W.$*.\V.5,.U....&...x.m.t.;.0[v.b0...W<\.tGu.....s...@.N.}.s*U...m..o.....Ngl....zy...../..;.....$...3.$U0$....BP..?...[.c..p.....C......W.....ouC.\...A...R...XYv..3.Q&5"...3........7.Hb.@..l....iD<."uZ.N.N....:gk..c.b:..v.Gk0...7.K.....V..y...dg..BG..y.?e..Y..9.2P$....D..EVp..F=.`O..n.........,ro.F...N..$.x...<......2m.R..mx...B..U...Zf...Yd.4&.O..o.T.}.D.?4.....W ........*{.>..Y...R.o..$0 N.]e(;.......'v...tW6.i..a`.....Z.K...'....-..;..v........Q....`..I.[.HZv......AHs.Z.h..o......o.$..2.1.'.j.I&....O0rW...d.......*Q.qeS'......(ea+mR.Z.&.uQ.s~..E....[o(...p.. .A..8....'.q."3..q%e.........q.Z....d5.C.l...?.$.?9.c.. ..5$..........).]6........8.?[...)..z..O.P."....N...y..%...T6.T.@x..1Qa....9.@...r.x..B%v....x...F..).[P`Z7

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser-2023-10-06.1002.6084.1.odl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):0.205326789380866
          Encrypted:false
          SSDEEP:
          MD5:BC77B52B97105777F9CEC2615ADADF26
          SHA1:9411CB1AC65FFCBF467E5A774B82EEB2162F6EC5
          SHA-256:3D33F863A4595421B863F3A1FF4A5FFCC71190452F3B0D6F636F10CF6379D91C
          SHA-512:DF37785B8EC2E6FAFF3BB6180410501E7085DDED175E90692ECB40A3BF37782D77CCCD05E92653BA494AFD3C6F2F3246E370C15B43CA9B02C02763CFF2F3A7CF
          Malicious:false
          Reputation:unknown
          Preview:EBFGO ./L...,).;.c..KYd......s80..bG.0.j+..Hn.+.k~.N.I..O........\Nt.D....s...T.....oPc..Z|.[..2..&...1..z...S...7.....~5r...3.O:@.."..A.Lg.m..).].ug\2.../...'..0.a.z(.t0Ig.N&..<.X...M.[3%.-D.A......X.....UM.../^.k`.Xl.x.<.p_...9.....x].LM.....,..>A.$.l..f..<.Z...8..+c...;.f6|P..N..$....Q.....t....n%........G.b.+....t.....z....v.!..;..n...+r..p...>..."$..d.]:.MD.p..[|....=.g..j....?.Ou+;..Q;Y..|....XJi._9.....c...-...R..q...Y...ll~.0..2..|r.2..k....`x.Q ......l9.....R.SM...>..Urp..L.6.gkU.oz....<yt.....t.J.o.^.8.Td....)....)\#.7K.7..,.x..Ak..5....H.}.f...K.j.t.".[I...Q..$....)~......U..<1.Q....v!...G..[.........2=.OrC......NXrY......sJ=.5.\y.h...N8.+.-.(.h.<....a..S`...n..^q=.i.......A'.=z..bU.(/j..F..+A.r..N...p...0...*....<n<.c.E_..+.t;M.X.x.D......./9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}........................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall-PerUser_2023-10-06_100215_17c4-157c.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):3.898182206559073
          Encrypted:false
          SSDEEP:
          MD5:3DFFE7EE3443B249D57416C46E67DEB8
          SHA1:81FB8B911D9AB4800A6896ED39147CD24E612FFF
          SHA-256:BB1F8F633442FB92FC1791A9519385258063D3225430E0A4D7FE929810096452
          SHA-512:32E94595CB6BB77589CBC4A5B66F58D83E8E51D31270021D93488BB229684E493177A7C60889A3B8CBDB7E3986A1D6B42C0BC09315AE729D73E62816C4BFF878
          Malicious:false
          Reputation:unknown
          Preview:1.0./.V....E.....c.0.s.7iQ..c...B|6./.Rq...?.;AW..+...x.!$.8..c...Fw.R..f.j2.........R'!.~.i..!.d@...k.!.....6..+3j.....l+N.Y\.tx..*....e..2..gR.R.;..U:..8.r`y..m....x&R.H^...g.L..|.....'...]_.@.._+u...c.b..j.D..X&F...|...a?.....k.2..._D..L=J...;c..z.YX.+..CU/.K..+..w:Ff.....l@...5.;...*2.6......|..|&...j.....Bd..1...8.....m\oDs.... f...2.~.b5..E...n.8a.. ...W.Tf.\.i.x..>I. 7...B..L.4...0d..5....QG.&7.`....i....z....N..........H....t].j..'.g.l....Z..S......-P....o...Wr..G.P...;. .h8......7*..dp].)R4.8vN.....I.`.S'...$......0.%...gl.U.4:.n.zg.P.....G.>%+...@.;..I..N`..mBK$.[..z...;qj4t...........P._~,j.,.....;.s...}..N..)..3..p....3M.3.FE.....c..n.'....a..eL....>...4.3.!.....U....*^[...`0j .)..Q?.kpAT....m:W<.r:..!.dG.C(RzU.0...+.K.:<oR.Adf.s.R].T.pZ.C.ZW.&..?..H#l..Y=...8:.$.r..`._......qm.'.P|...c...../.h.+R>......T..X...e..q.....P9O.d...Ot....S6_....?...........X6..[..5.ay+I3.>.d..1P.@..Qm..hec7..v*.R=e8.C..|.u.T.N..>..v..a=gC.=d..$......

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Uninstall_2023-10-06_100206_18ac-1860.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):4.414455021104675
          Encrypted:false
          SSDEEP:
          MD5:79AD7538AA0E0F317938BF436C5FB241
          SHA1:F089F5974AD28EBCF7FAF8783045261669428FDA
          SHA-256:D068E13EB7ACC2A28DDF70527BEC646B628BBFEC35AE09EFB59BE41F0D8EB82C
          SHA-512:FEDD0A3EF05BCE0E0A5ED49BB4F10AFAF81E4525F1357A3F34F3FE5869D01416E5B01B3EDF2B3461CF5A103914DAECE5821CFF2F547FC917E9B63EADE6157563
          Malicious:false
          Reputation:unknown
          Preview:1.0./.r0...Z...YB.im@.L......#1.."O8./..1.+.O......S..Q.....i8.z).3'.....-.Z...x.J7......)...3s.......+.J..!.c...Z./...X.....M..T..dvE............k..`..E~K....'...Z..a.V{2..t.....P...=..........WP.....X}K..8..^....\.0..S.7K..5u.\nO..j(._C._".....R}.....2....7Tn...T.....k.3...O...X..?J.9ZH.[..s.Ue..a....`.oi..Z._...H..j7....G.....A..}#j.:......C.>,..$m.+.c{.=.CS.5B]..0.8.T6Zi!Q.7...at...........hc.~......V...Hy...c..h.N...R.....IT.R.-%...|.....[..%.s......c............' ....;C.I.,....../.u.Hq...,...{......o/Y3b9R.3A.I...w.O..]...i.......-L.).;.@3....l..|.UgQ$.Rm..]..'.3;.V.0.W,...B-.J...v..3...K.m.B....*.....L..n...V.|.......F@Z............M...?....lt)fj...X.6.yu..SO..R,|?O/.Z..$..._@p.:gt.4...D.i....WM.<x.4.+...9........^..c...=.D_....P.m.."..&.)a...?j.z...$R`...r&.F..pR.).0.=.v.\...NjK........&...#*...i."..,im...4..P..cHZ..MZ..)lu..-.:y.c.y.+.("Ae`..^P.'y.Ltt.]N.H.].#.>...`....v..!...}...%...x.......sQ..L.9_.,.W.1.~....}

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-06_094528_1a7c-1a90.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):4.555828215738917
          Encrypted:false
          SSDEEP:
          MD5:B22C0289D6BC0EF0D8E75A267CE0827B
          SHA1:1974B68B5A32FA1A57E8B27F4472F95A7655AEB5
          SHA-256:5487CE2A69201F5DDEE19543005B8C2E6FE80AEFBAFAB74FD1A3F16ACD110124
          SHA-512:870BA9942D52AA0F541048B25DB8CC43E2F64C166E174BEA22BD3C0F371B969EE5F8E6C10DD9B36AAAC453ADDABF88556D73A0181CBBCD84593C29B5AF25C02D
          Malicious:false
          Reputation:unknown
          Preview:1.0./.c...q8.J..;.....'..5...o ..y.A.n..9....t......F........5...E...I...Ks....c.X|.....V..)h.m=I.C....r ..'....].*.r......;]o(&...(bz.......w......A%....N.B.<'....G......6H./n...uw.2p."..<^#.':a../..yP>....t....b.......D..$.+I"..yh..E..gx.R.D.~..`.R=.K...(....'..7.....&.2...h.h.o&..}f.I.]..H...~.n....@..8...&6(......Q..*.L..g.i)!....b.....3...[......(.Y7E'...5.]....ai...A.\.%.K....%..gz!.....6.5.t..r...c..B......(.....R.$.....:.....\...v... `.......9...Z.W...G0.:...l...i.._.`...*...`..tF..f..".'..=a...A...J'..d....e...Xr..:.8...N......F.u..SR......1............m.Zm......a.5........4.k...[..<\.-.`....@....(".2.>...h..K.a.c.c.o. ...r.|..2.&K..>A.W..u^.;...J..S.n...( [./,..L.....wGy..(......+.U.j ........o..wS........(@:....I.& ...8..;..YP ./.\..{..m.M.(K..V4..6.)..CG.7U..X....L....W.P.@;.`3...{2..%.W.....^....f.......*n..A.w::.&.:.s2..4L..pm.|.?.Y%^..y........r^.,.:,,.).]......1.#l.JN...).......o.[.QC|....M}..p.....m.|......cD!.l..J..

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-06_094752_4220-4280.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):1.315257223740698
          Encrypted:false
          SSDEEP:
          MD5:B00ACE78683BB545E38D8903BD981D22
          SHA1:5E247ACDEE64EFF4A41491588EE8165B06C9E601
          SHA-256:92E9ED553370F50B5A425321A80EE7BA9AFCC33688C405C91256FEF4AC238C67
          SHA-512:38DBF1A4B463A5900F240EEEC57F4357D8027B9B9E73B9F4AE23CBB9B25BDE8A371901A76E16E2A1D7E60364329173BA4709A57E88F6FE62D471F8F55E5376DB
          Malicious:false
          Reputation:unknown
          Preview:1.0./.... P9..E.!.n.P.o.g....B;.._TSgg(.'.......4.TZ.7.E.]D9(.....y.R.5.k..[&..c..0...J.|fW[Q..ZfL.a^t.dr.q...*n:....*..ES.......Wt..L.6F..4...\..:..B.........8..g.kA...LE...[..yUv.J!.L.d(.M8Y...I..X....R.@...2|...@.R.:.g..7?...5,z9UW...?.>.._i|......*uY0. ....._;b^Xj.q!.+ g.v.",.....BP,.i.....qY....l|x.B...).N!......?*I(.Q..........7]U_....J....8..P..u%pa.l.....5m..x.A.k... ...,5..&j.>.........8....E.3..aN]K.Tcb.lF....q .3.;.ad.3.A.....f...6.............b..9.3.....>(..h....l........$..~.H.......M...p.9.)..6}(..*.z.vXD........ .k.....]a.U9.....p._..I......~.i.i5&.R.P.1))}..p.78...N.U.......C..s.Q.P..6..y...4..#.J].e..A!.$...!J..id<.S..n.k..a/...q..x...w.....^...3G........].46s.. ^...VD.....$...yv..zRG......d..U..7>..y4..w7.~...Ch.a.....d.?..FAr.:.;U6.$.Z..H..#*0V.._......9....{...^.Y....:sd-....>p......8...X!..:/zCEo.{.;....IQ.IM0Vno...o.....J....B<h_'...;`....@...9.o.=.. @.~....<.-.z.{...q.]...W.W..5l..L........Gs$L...36.D.W....z.....^..!S.

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-06_100218_8084-8088.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):2.7610250665148723
          Encrypted:false
          SSDEEP:
          MD5:2E270BBE517E80EFCCF302C50EE5947E
          SHA1:29A6429813B3A0387CD9A4D167BA8B79ECD32539
          SHA-256:D8103D6701E2E21A3AE7EB53ACC3380660CFAAC762C66EA158F5F65B8EF03DBA
          SHA-512:0069FBC099A8CCB6404B41E1335CA60C662085317D1E2BCB41AF23C5C258823EBA0FE97F29EA3F2549F73254C2C4E56FF0586299FEF6594FFE45483E4A2FA16E
          Malicious:false
          Reputation:unknown
          Preview:1.0./...)...> ...B.HX'..zO...O-...;?...R.Mu.....xs....O.=Q..6P.30..x,g..@..#.8V..{..m..-S..2......g..9.)......$.............;!.z....'......u.U...F0.pd.......K..r..;Q1~VC$.,{..uW..l.2:|.d.........Y.\E.8..b....n]..GQ...Vl...<..N.../D....2......7..v"J..mWp.....D...I.e.-@.)...y}...<?<..9F.5@.......\..............C...M....\..H.. Y.g..4...t;h-XL..o....M<.=.?}.."1.[..+........Lg...g. i.?..kS.,.gp..@.8....8.f................1S...[b(..$q%Z......{.z..w0E....~t..WN....t....I....6ff.z#.?.id...z/.."X......C..#.T.~...C...L.....u.7.'..w6e....,.^.M.}......!3.....a..-.......5..;..(]...T;......!.$.....<....U..Vi....c....x.M?....jM>..7A[.U.F..yY..w..(..z...:..I.....%].*D.~.....]%.|f[~....A..7.>....I....N.6....g.D..|.%{..1......0.+e..F.._...,......Dk.pC..l..].4.....U...l]....g....3.i..~x.k qkE.Zi...=..M.=.4...T..of.D:$Y..! .7w......TZ...]..;.8B....zz......o.....W...H:...fvB.)U.Q.OBB.I}..lG.D.U.U..<CP$u..0.,.a...pZ.W.........'..L1.!}.:..U.......T....'...[W.b.4

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\Update_2023-10-06_100345_6112-6116.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):1.0057632092388253
          Encrypted:false
          SSDEEP:
          MD5:790E1A79428FA1B69B871E32DBE8EC9A
          SHA1:C736B0F3CC9782AB56902D71C2DAAC7A6CCB9DCD
          SHA-256:0599E1DC84C726A74B060587AF343E8CAE369B27C1D629FF05278784A06D1109
          SHA-512:96121AED4158FCCDF4795B0A7B9179CA9343E222554EBA500C5815F816456568CA8CDBA6CEAF553DC95A1520F56308352695CEB7BDDFF52C9DCE016382498668
          Malicious:false
          Reputation:unknown
          Preview:1.0./.^......u....v>....u./z..8..x.Y...!.h.`>B.0....b....WUQP.f...Z...o>:...........]q.......f-.a.....k..Ld...9..~....?.........(>....!.......%...~...zv..X...^.q...KB.6.%..6...B.=.R.5..5....V........og.>.....zq.t.&.T........d%..C.]...g....>.#...@&...X......b5.;:\....9.[U..a....p.me...`T[.xM...!.C.c.<..n.Fc..O.8.f......>.J...Qq.....3..j.?O&'......O....Qk....<.BKwc...*egq>...yU...p6.....M.&.g(o".^nD....+3.J".W......J.'|_...t......P....#..r%... Kd1..}[.g9...J..|...2Q.Kv1#.+p...{.....C..Y...XL~.O`s'I.V...Q.b.\( .T).Q7...E..{.YY...R`.......+\.......~...o.S.....)...CO..[.gP../. .c....dd,.C.W....Sd.eP.!... .;..L'B..S_............R.J4n.~.C..$...|.....]c.s8.,/y......1..7<S...Pbw7..|.-$[..c....'....K...*.q<..Y...................j...". =d...oS.....(..l.....S....}~...N".G...N^....+.Dz.;.{.....5..&"..C.~...6..#.....\.Q.=..L..q...J..Q...us8.{....Z_EBL..p.S/,.~..A.....r...q..}$$....*.),&..B.)yD...-4!I=.......My..Hr...zq.-.........I.d.

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\machineTelemetryCache.otc.session

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):3.4249012561011534
          Encrypted:false
          SSDEEP:
          MD5:AD4531029D114F39C6BD21067D84D9A6
          SHA1:B5C466DC88A7E2416E66F0662CA8B20E51AC5CC2
          SHA-256:7CDB674E8392121ADC1D4EF135FA9BBB5956E1785C5D3AFF133BFFF2C7756293
          SHA-512:B9928EA7DB47CCECE425A96133B0C2A2ADD240B3933F857049BC72621DB7442062F4234B5DDC633406F315CD3E83ED9681A8BCA1E24415AD0E3EA46C6C863BFD
          Malicious:false
          Reputation:unknown
          Preview:SQLitF.^|E.?R..J.'.T..QY..,}0c...,...m.......x....A..#.z.%.3.^.....2g.....=.^W..!rIk...[..V.!.9.m........o$F.j..A...>hz....,....0.&)L..<.E3..1`..x..Bj....}T..r$...cN....m.E...>22,W....g.07...o)c...."....W.....\j.b......H..........|l.....N.67+.1........."q.d..T..+....Q.g..u..3Q.&..6_..0....b..5c=}b...=.M.."..9.-..R..pA.,y.....J.RD.9h...[.~j.X..+2`.R.~#..o....F../.=A.4...u.G.......1.....3.........l....7..$....y..j..J.wI....,....|.....k....)..Y..x6...;..%...~..-..t.>.^..>.....9.....2N`...p..g$.6..,.Asc.lo..J..q.(t.5....u.....cyVk.)c.j..k...T.....b.s..w..8V..{.[".Ba.-:D......j.&...){.......\%o6.lo{..z........G.0(=..?........3.9+.3.....T..y&...}...A..+1._....Y......d../B.[...<.'...@....'.....`.........U.7.q,...qz...o.).....hC}.P.H....Ei.}.....#...tma.U....dUA>d`N._.... 2O.oG.......Cg...H.Q.G.J.b)..j....\ng ...;z.^kO..D...{.#.u.F..g5T...(..{.*..H/..c..KL....n.y.J........;1."(.z......)., ........t..X....\.UuC...q..M..yO.......}..kmY

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\parentTelemetryCache.otc.session

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):3.425286876719274
          Encrypted:false
          SSDEEP:
          MD5:3CF8FFFD3D35F491085A04B85A9CC038
          SHA1:C039B13DB25DEA52F03D58D77A8AC1C5ABA538C3
          SHA-256:1B2F915020837B847EA8798836A78E62A25A401EABE65AA25C7970A7A153D0EE
          SHA-512:021098E1E35899BB3A185A63824D75E2D6C9C2A9ECEBA74F4958B7E80330D49A08A1962920F339334F3BD1670D0DA448307A10C5890727758A33577D68096577
          Malicious:false
          Reputation:unknown
          Preview:SQLitc"1...7x...W.m.._|-.i......X...q...c.".......u.nhLX.%F..[.z...!h+.ey...._n..j.M...7..T..0.... .f.BP.p{..=0...sd.X..'.......|^L.X.u.,Aih.cx......a..w&.N,...0&.6.....n.%.p..._L.....4.64.f..C....M.Y...MP7.K....<....z.X..Z0....:<...g.........Lg......n.....A.CF....U&......q.:(Z.S.b.............<...e.....+...@.....d.!..f.}.O.T>z..a....7&....;.g.....7x.O....*...YnfU..D.*.....;.e.......:......K.I.Jj.5....q..Ag.i.,;Q...TO+)...kH.&'.....?...a..TC.x..^(=.......t.[....E..0..K 1.........8......|..fm7y.....&HL..b>.]....@.......i+@+c}3.......,.l......}../.%..pf\p.$....h.v.6.z...gbu..o. ...y.ZE...~..n<{..%........)y..r$..lS......x#..j..LF.v$o.}i.E...H.g..J.c.8.w(.e.W...G.\..]..5...4U.g.y>\..'.<k...]..F.7l\.H..p.....W;...i.}.....gN.$B5...~..t.........p...3..af..'......ha....&..1.].}?.....Vg.S.M...P$.P..<...1........(..u.........#.[VF.....6|S]tSK.sA...jg...V.,d.....b..'.M.W.H@...c3...>....}.".?.-/.+7E.iUtnC..h-..S.".Y.0.}.z-.}>......)...a..

          C:\Users\user\AppData\Local\Microsoft\OneDrive\setup\logs\userTelemetryCache.otc.session

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65536
          Entropy (8bit):3.426803817025094
          Encrypted:false
          SSDEEP:
          MD5:7D82244AC81D12C85C2D7292E73EE041
          SHA1:9FCAA3CFB117C53745E73E4DD1ACECE47153DD73
          SHA-256:4801B8F4F6A0A00F2FA3D69C10B3FD912FACB2159D83B99ACCB3F422CF9AF001
          SHA-512:A222C6FAC653B1D406E811EF6CE2B26B9647CB79C6A9C92CB514EB344333FE1AE97D6EBE9804E20C19F74FD973B095A082F4A77D0414D924DB39FCADA65F112C
          Malicious:false
          Reputation:unknown
          Preview:SQLit:(.s.%..,../W..0.G5.....Zp[.>..|*=..63..F.$e.-e.+....G.rO...^>..6..zX.....'...M......}. .J.v~u.A..%&..X\....`."..cI-.ih.A'.....7..}'...|.e..|7......;[. ............Z.T.A.Kwv.Q..8......)....;.8O...<*;.Ba.$.;...%.z.1e.;.`.E?..Wgn...X........o~.1...y.cL.o.=...W......;p..&~.u.l.*.;.nFK.=..L.m].-..p.N...e.hN.,.(..Y.....?of. Y...*w./'...[}\..,.......:*.....v..v.@...H...pO$.y.*.9...$.O.t....$y.&.....x){.O...:p.:+).....p... XNx.H...yN[S.=..st._...J.q.:..x...N.r.<B.M.p"%@.p..#?e..........{-xaL..D...q.q"Jhf3...>.w..g.4......&.L4.47.v`....x.$..Y.,8=.T.{8.dh.a.j.....6,.c^.Th%... ...O=..........U.......[..!..g.0.-]._>@m.SGt+...v-)..2.....{..c...Y.T3I....L.H..O+..`c.d2...(...4.W.i3.8._..o...c1R3.i..f.6Y..L2..W\8....w'..@....S...&..4..GnW.....Y#\G........6.......FF....3....M.B .9.SZ..&Eg.x.Q...?.z.....:.l.@%.E.f.k9e S<.0..h....r..S.3*..Z..{A..*...p..d0,......j?..d.w../..|.....jI...a[.m.{;z.N...6i_.....R..y...k..{.k..F.........%.F"]...o.A.7Z...

          C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1356
          Entropy (8bit):7.846730751413712
          Encrypted:false
          SSDEEP:
          MD5:BCAB451D737F0DFB3B050DF5DD9B17E7
          SHA1:1EAEE03721A130EC6DB5FDE3DE350F3880DDA99B
          SHA-256:72BD3CDA7E680837C8BC2D06E03FC2CAD16E6D8A611AE29A8FA8DA3A1707A24A
          SHA-512:511590362AF101C8FA81705EA1E4B989D2F20B6D0A62D3B6634B0A2A992D43506C179DEBC9B2CD8EA0F5F4ADC5C698C88307EE1B6895C22996E83837903ED513
          Malicious:false
          Reputation:unknown
          Preview:{"ReciJ..=J...pnCs..J.[.>.\.O.a.X.M....U...I..#..S^.y.)~.m$......:.m.~Wna..*rG`....<..L.pB...g.!X$..7B..%....h..sj.../.U8.%3W,.6...}S..3........k....@.hvU0.#.U..Ufn._..GF.f.......|.`Jx...Z.......0.#F7..,..^..p.;&M..W...bAV......R.VR...... f..x....!4...i.7.j...X.../j....].e....Z0..AY(..........|8p...8...5.A....x].....F..|.;........m.-<.,...9*m.`";.vt.. .w.....IXB..9..7........p..<.ZJ.|..0..)lMC..........r..Y.`.6......dOWh ....u..]...H8....b...-@.t....Ot..^.....CGG..K.Z.K.....f.2(U.......6.=v...bsw.0.'..f_.Lj...n#..(....L...{.V.ke...'.hn.X...7.,&u.2..9*.G.=...o.ls..b..X.a$...:.).......@.~_o.2.W[..../.:..*.S+.|p.S.....8 .U.....$...m.U..M[..$.y..%h.,.x.=P.9...~x,....B..T...C.BdQm.....m.}....3.z.ZX.<EQ.~ .p...J^\g.J...:kzA..l..]Fi.lG.zz...wyX|.a.fF.SZ.C.u..q....gp...=Z.q.^...v...}b0? C...0.......#.7........T..1.U.T...w...#...l<..W..5.5.@.<...jgN....*....C.0..b".......Qr.pN9.....p.Q..Y..f.D.?e6...7...%0.m>'..a..wt...4...(..]...7G......7.{...

          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2612
          Entropy (8bit):7.92233511339338
          Encrypted:false
          SSDEEP:
          MD5:C33A7E89671AC5B880AE34696661234C
          SHA1:0E2281322ED99F1DD85515251DBB04019DF69877
          SHA-256:47AB1F0E65809C2955961F14B3DB5A5B1350C735D2C93E09F4F9C0C587FC1D7F
          SHA-512:BAB8E74B651A0DF6A1CA14B43B5EB86560EBEAB493EC706B322284042F4B7AC75F5609372EF4DBB5B0D2F6D7EBD7B9983BA6774EFEACEFFDF01F6C8A7A86F91F
          Malicious:false
          Reputation:unknown
          Preview:{.".T%...k......wQ'.pA..#..a...V...G..1.G.q.%HK....m..'H.d.je.h(...e.....z..s..T~..p.g..N.R~.EZ.......d.0r...Ab..h....y.......*.....)x..............v..X.y.-.I'.X.E.?....AO../^...A..X+v.X.E.5..X.v....iA.+. .B.e\9.p<Oe2.L.........(...6.......*.[.ez.';.D.%s.7E...y...+.uk.{....J6s.....s./..!.&vD...!.v.r.=..M2y:..x.i.d....+$.o.w.3m...S.u.e..|$l..e...|.}..*.....`.FAG....I..9Qq...N..x....8....}.h..]Z.C..p.............z...[j!T._........]M...H[.....J..d~J.w...F;.B...|..%>...j.h...L.z.~....b..w.nK..J.{.N...|d...bC.p...-...$...-....O...[...=..b]......T.......B..i.....W...q.V..4......*.t.@.C....6......<...yT....F..t.....#Wz.....2......l]2...Z....Ix.....;%`K}QX...1.5.Y.b..eg.=...*4z^.5....9.<.:.YD..J{.g..+......T.C.*kt-..=J..........x.....X.H...>..3.......z.n.....^U.{.....II..4...(..*.l..o.........B.X.A...5...*..D.k{.N.t.1T....F....W.l.0..^3...p.k.Z#..~...........?.]]...s...........S,.t..'A.A.....vk$@.NH.0..c...j.G..:j@.vx.<.

          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3018
          Entropy (8bit):7.947228069835353
          Encrypted:false
          SSDEEP:
          MD5:96D34C58FA355D66B3664B5E1216F323
          SHA1:6E255BF74ED455C21E777933461EFC45878A100E
          SHA-256:7F5C87EE32D5EAA973E94BBCA899D8F1DAC3B80FFE1749F8D1E0C45B49CE12EC
          SHA-512:8D6E27A912D2A3AA3625D0845914C701D8141AC6E1A264A8900FB230D3257CFA886C5D4ED6772693AEE94767517F7B3EFDCACDAA743223989BFFCA8BA239A18A
          Malicious:false
          Reputation:unknown
          Preview:{.".T..E.5Bv!F.,r......{..w..4..c.......H....BhNH.......V..F......$.u.%v.Ob.....QG....b...>".qT.....B...X.Vo.M.`.i.EH..90..d.?cc...h.8..].KR,.".J...4..Z[.AQ.*....Lq.S..<.......2z.3!..>...z...m..i..|.=.*.^...........J.U.9B..}..u.....E....0/.cXoM&c...=.n...<.n.R..OdV.f.M1.yt.dl.....d.x$.>.p..@...RP.(...e.......0....k,t..]......`.{..5.&(.7.p.. ..tnl...5...XzU.O.G..G../r.u.F.^Z..)...e...W"...Cy|.....,.h....|if...$#..Kt....>Hn.SCUM..V s...GMuS...it.....@..8PS.U....kP.N.F..N..v.}..\Z..Z......].Ak./xM....X.K...G..NA...V\.....].....t.....7........a..B.`t.I.H...N...c.)...n..A........C.:[.v$....}.B....3..>U....q.{..w.ry...zW.....y...*Z..u.%.%.C.d';H.Y.3[.g..=.r..V..'I...L...BF.....w.c.gI.ea...s.M.........C....a..3...u ..u....X...VV1......i<..*.....m....t..F..........._.a8.r*...s..IE..U......<.K..Z..i.W..d.g..id'......Lx.A..G<.,...n....]x._.g&.$..)C..4.v.6....?...@.Q..?&.u.8.J.$9...I....qiX.(.&.Oh.D(......K....#..DPt....,Og[{....[Z.n.,s....g7....).e..7

          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4876
          Entropy (8bit):7.959784919324532
          Encrypted:false
          SSDEEP:
          MD5:BED713D73C067E012C94DDEDB7A7B6C8
          SHA1:91659EEEB36495E7153D0B90663C44CB56DA54DC
          SHA-256:93442A3AE58B5D3E7C1138B3059017D5B46C55F3CC77D0FA907DBD602202F418
          SHA-512:9D3F5B4393DED15F67AEB4BA0345FCC78066C6FF7AEEC588420452E4B8374495FC936B6FB8FD636F59334D6962619D0BA4110438822C5D8830F3F73FA8ACA2A4
          Malicious:false
          Reputation:unknown
          Preview:{.".T.T.........a.Z.bp..b.H...=TGdetf.Gh...-....x>...u........;..q}U....z..3...Nc......G....f.^ ....#*i...S..[A.....4.xr...........b'.E...U...H...yS...j.$.[!(.Ge..0.."MF_.._......."...w.......1...|...#..a.6.*. .md.k."..m;k.R..UF.g.9}.!.....q..q...u....X..xQV..$..M...%...].1.;..O...;..L 3...s.))e.....79.bS.qd.....Tc..;.!V..3.i..4..$.0/.(.|C.&!.. b.._.......3l.z(H.P.....!.8..Q....\D.@^6.....Z....a..=.>.kk.R.|/TkwU.....}.c%.l.I.....u..U..u.JE.5...%p..+FB..a...-42.O.%.....Y!..M;..3.7.+..v...z..f-....Jt+..7...p...q..I.W.I. ..<T....dg....|.i.c..S.8J...}..5.v.C.z.T..c5.y....=#...Z..y.I.").....e.vu....;.....p_...RS.,Y...a......4...k2Ew./.)d..........6..l..].J7.7HG,g.;...hA.*.R}.../..0.U..^L. tP}.N..Q..vr..O...&...n?.q.J.X...X.........l3..8.. .E.l.Wb ...G"J..T.....b....7....H|...f.4C$..{.....%T...^..M....[.hv. 9..SY....i....=&.3...B`0.......yp........o..x.Kc....3.SX'../-s.m.E.o....;.>............F.`.e1.[..5.1..%2.]............k.\8....I..%G..x.`..

          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3018
          Entropy (8bit):7.94483250628517
          Encrypted:false
          SSDEEP:
          MD5:16FA80D36E38308D2B59C182C5EDA31B
          SHA1:117D91797FB6E92918FD3C29B17BFF11C2799FDA
          SHA-256:BEC95C61038012D9D6A80486FF23C979AB17823D48CD691CB449F29C398319CF
          SHA-512:D7993A46A15E8B80207B24C02A9D7BF3D143951995CAED0C94ABF229A03B7B1C232DD39F6B0E8C98345887A5B5CE65A55CE61E0065297B4E3ACD1D6A1905FA62
          Malicious:false
          Reputation:unknown
          Preview:{.".Ts`.LO......nD..:.....Q=.o....@..H........R.vF?.[..;HH+.e.S.*...Bh.r..jO.C...*W..9..WU..n,....."...Pn......2U.*d._..:..e<I.i.}....l...y.\\.s6.al..(.^.Pb...I.P...........n..O...s.U..ww.7b.ER@j...v....wq...........OXRhy2..m.w..|c.F.......)i\.ll.......!.^...-..*..h.p.hI..8V:.}..J.....%I....r..0....T....M...).A.B..,gX..Wf...A....D)..6..`....f.6.S8..............}VG-e..J.;.......~.~d(.....q.65..c-.Ce.?....t...n..!...O.D...Q5.t.h>y.............Y.&..B.%..X..+?K....V...//../7D..{V.t..V.jdE.....u.N.W...1Dx. v.C..{4.n:...?..+d..T. .|.b.....P.6...f......{.H.0.vA.....hJn..cy..@:.V./.KeP.*.w.....]..5.5q&.!b....(]..z..M..p.....PI.......x....&g.....%]{.....E...-.jI..w.)-~...{..L..3...3A.F......+b..$J.W.J'h.......v....(9U......z..j.=m.*.EOa.I.......(........~..3..P$L..lf\...f.D*..-.l.1$c.u..d...n..x*..$F|u..L..?......M..G@...~....@O.... .x1.>..",...:.6.?......".........1..*.[.A2......U....L.......t'.f....i.e.6.}B.. ....K.....)@,..^Px..y.5.i?........

          C:\Users\user\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):770
          Entropy (8bit):7.695990490958136
          Encrypted:false
          SSDEEP:
          MD5:6BEFEDB95E3923866EF90AC340F21693
          SHA1:00CF2A3E4D01F8BFCE4E36F285174D3E19DD051F
          SHA-256:8D8762F250D3816518334CFDF142B7C2D65E396A0B330EBC65ABE261DDE3DD93
          SHA-512:AADF29FF829B2E247AA0E0CF152BEFA03A06C45E5F806B98B9E08A24B8C05A92DB557792DA5B6EDD68AA5A0D760ACF83FAA31E9C3F5FBF7DB9F33890F0FE2BFF
          Malicious:false
          Reputation:unknown
          Preview:....B..R........&)....U....*Naln.....Z4S..]E.68...|....s...J..K.....8!.9..7...#..7.._...A|=.t...j+nX5$.h#c.).`....g|..Q..A........k..t.5.@........9....?.Gl:..%.a..7...V.P...0L...........r...._L9:."....:5YQY......T."......;.A.:..b%`.k.J..^./PW.>..K.`.%.P.M.;..\n7h.G|...53..O.....u...].}...%.._91N..#.w....tj..61r..9I........:.].N*...`.4.Q..:....b.~/..]..S'i...."..w.GK...U]1.....@..0..?..`.jj.:.....J.:...9.[b.mLsZg.+wc+%..6....B...b.1..vZqju..O^.....i##K...%n'W.).{*..k.;b._.+ 9.Xg.l......!.r.Z.....x.u..3.'..%.6.5...,6G.....*l).J.F.K....].-..twQG.3;o..J*.>....6.X.v....y4>..DZKZM0'.F]....$yW...O.<m........;..P.'.e_n."3.3....6.Y....a...@W.....k.f...#..3.T.....d.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\2057\StructuredQuerySchema.bin

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):424152
          Entropy (8bit):6.3317788478720916
          Encrypted:false
          SSDEEP:
          MD5:FDC967E394024031125501825C785B8C
          SHA1:DB043B0CE324591BD133BD7A3422702725936E9D
          SHA-256:87400B5899E1BC52EC3EC50531752D35D50606F2514ECFC682B7B824030CE63A
          SHA-512:E362D9A2E200DB23426A5CC9F6FDE9FBA93EF3B49B0989BAA7575BE17DDA45812248765C100D8A150610F64C60A4F103C618ACE9262269C96EFADA876068F0E3
          Malicious:false
          Reputation:unknown
          Preview:...P.`.....?....N...m...H`o...b.&Y.C..q.4%....{.....?.o.....cv7H.e...d.T'....r.|..z....vS.!.Y.-.K.$j.auI.o........m.({O7..~..ns]i..y..*......r.._.P}.i.....%.4Q...d.cP.....B.c..Q&.f.....0.._y......f .....3....>.Y#..}>s'q/T.7.:.r;.. ._..t.p|...@.Y`U.K.rv..u<q.=....Q...K.!..xb6J...I..<K;.T...J LN...%......SOw.4siR..@..:....a[:.X....gF.y..WY...P..+......U......~dADix....-.eO......},9.W.m.......-.&..o.O._.L.?A.6X..;..l.....*^.5.g.^.k A..V.56.w..s.?K5....M.{n?^.X....m.t....~.G.w...q..-.M.4lE.B.".+:.4....Za!..o05....R{>?O.{.......Q$<=1.&.<.4 D....;..F.,\.a.g.3...;.fZ...Vo`..f`...Zo......GH.-I..'e..I..T...;.R.@O...oy.E.......\1.$.......Xp..b..Kfw.......e....f......S...)A'..8@T.I.t>...a.L...|....n...v..d.N..2.."..H...[..........e./..K...4.[b....j,"0...-.nc..S...)."(h..de.j..=;.g .[.W..&../.^.....a..'.E...&........4.......A..St.._eK<....r.[...[s.-.J..#...} r|..............V.)/.|...a.1-..n..E.....x.".v.mm0...I+.R+.......-.).y...4..H..#d.Nz=......n./A.

          C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.1.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16718
          Entropy (8bit):7.989062221736111
          Encrypted:false
          SSDEEP:
          MD5:C3C22BFA461F78E9A2D22E1B4A9DD2BB
          SHA1:6EDF9145898E594071622C5540DEFFCB3B4B2DE7
          SHA-256:A1973BF02ADCCE3DAB5FCD0F32E4BF2BF13B7F4D419A8BCDF5A1A637D3D80903
          SHA-512:C468EF0170AA8FA6F50901437E388D57F44BBD19E3B5E484758B17196CAC8CE370AFE9B0311D717A852573872EEBCF87B882AC1AA47A4365AA56788CDD2EF7B0
          Malicious:false
          Reputation:unknown
          Preview:.... ..>.s....."..`....`...4...kbI."...9........]^~.C..p..4..6.......V.X.81...8.. ..o..,.%...r.fC.[1.... .......]W..<..g.c.]..W.....v..P."Z.:fp...(_.!....\...;k...fcXb.]......:G.l..8.<...+.C.d./...................;..U..*b$..}...*/..kKSmU..q......z...A?...H.:>.En;~6....J..5..2A..gf..z......r..N...Tq...8.....d...-.kf..i#p5l75N...u.3......P..,..N.. .\.......c~.......D.T...0...z.^..xd..K..+.........6..........%6..c.........o_*....Y....Pd.M..n@.....q..t.t<.=...K.".t.,....n.......\z........$3....l.'.s.......f......&....d0...!.......r1N.b.C.9s...Yz1..Z.!..1...*....7....T..........$.1...q0*.s..0^.....)..U....v.*#1.h[...q).:.jx.;,...j.3.@-y......%.#.f...&..n.}mL....k>Q.=.Z~}..~.....0...M."...1l.Qm.:.*/|"P....Z!.... .l.*.N..HGY.k.D.,5^h.}d"v&..c........d..9..GL....D.....}........V.v.%UP..i*..r..+55.5....g.<.p^:....x@l........N..&...\.I......y.fL.`.F.Z..W..=....`.0t..g..[%w.k.........m7....n_......)....?A...PS...G<.....0k.LwH...,.....+..)..

          C:\Users\user\AppData\Local\Microsoft\Windows\Caches\cversions.3.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16718
          Entropy (8bit):7.989718646596708
          Encrypted:false
          SSDEEP:
          MD5:D2D063AF9F15DA65015275660B845282
          SHA1:A1EFCE0A99EF7538A2B4AC823C5B06D7E3241F7C
          SHA-256:1FF31E24CFDE6322F9EB9D535CA0E5670EE0C18B68033F2D3B3D74FCB777A929
          SHA-512:9229E664E1002C918E8FE55E1155EC33729B7D965164DF785A4C9EC1CF3965F02BFDB32A0B58024E66C06AB0D01200BBB75C4A6C115A71D05591597D0A6A1B44
          Malicious:false
          Reputation:unknown
          Preview:.......u..........mK.<....i.\.a......j..?..\..p.g.c"Tn..yb..o/.8V.H)YM...t^...#!....,.tz......w\O.{..N...Z...SdR...7..(X...--....T...........EGY...."w..><R.L..VLJ....9;5.c-.U .....HVd..,.;.U._...C...[x{.#...PA..p.R..}...[.f4.J.s..m.3.g...(....j..a.va.....7.../..O.......C.8. ....i/....6.V1'....i...Vf:m...;...Aa..V......Ge..S.+.T.z...>.....V\.|..W..|L,g..`B...%,?..R57SL...I..1h<..?..n1....C...t..D.N.m...feP.{v..Am..t5l\....>..'........cP...p..:e'Z...}.;.......H.z...}..Q+..go.v.J..7.F....{ ~.`mq.X.[.....@k%(F...*.$...*..Z.^.....3..'7..f...u8..SC.f.......&rG._.Z....y...,Y.:HR.)........^....>..3.....t!....b.R.1V.7H....]Rv..w.7L.{4.......(Eo...l...|..hcG..i..2.A.)..`.......s.*'.]XCq...Y.zN.:,...Ut5:...=..+|.....>.v.5....q..TG.7>.RD/.{..>..bD..._.1[....~"....ru.....)s.<.S...k.....F.Z....%H..-z...;r.r.N....-S0h..0..o..6.....A}..LX...O.`..K....J........33..nl.j.$..N8.n6..?.P.jq.h.......-,.8..j~......."...w.... 1....|....Vd..06x!....ZO.h...b....g..5..

          C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{0F504D63-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):424190
          Entropy (8bit):6.332109777644031
          Encrypted:false
          SSDEEP:
          MD5:DE1DB4F0AE5F08EDCA549E231DA3A07A
          SHA1:DE8BC684238DBED9AF1207586F6D795E1932D474
          SHA-256:971D4CAD2490ADCE72F186B405EF4BB1527E0C58273C42EC80D7A4C89D709E6A
          SHA-512:4715588F2243CF630AC9037C2F1A70341065FE1014118D8363F36099735A0E3CCB5FFFB85FC772FA93EF90DAB42B6229C19E138BF0383019FE8653D77C41FF35
          Malicious:false
          Reputation:unknown
          Preview:.w.. ........id^.!......#..U......6....q.,.,..!.k.S..n...'/....Z.Q._......%...:.?u......@U....B.oO.cO,...|.u3.m.DY.R.1s.4xpy.............~.....cX..t.k........9Q.....*....s..v...h~!.,C.....8.~)....F*IAD...Y?V.....y.K...!.."........'.3...!.........Y.%[......{.......qk.^..@QD../..X.(.]P.M,..cp`E.....b...,.Q..2dZ.l8.3....8..##.H.._........ 9.vfr)^..L.....=..O.X..Sm.....{.dMb.k.n.q|.i3G.3.~...,.;..@.$.O....$2oJZ..OY.T..$......~$......6DSm3.x..O....s.........?......I.?.......Y#.......g...4.E.U2..K.....1.....\"be....D)(*.f\.....-.Egc.,...f.xl.......u..[.*.,@..4'...v/..w...W5...W....&.....Z.r..=.......Q@.-,.....#:4i.)HA.5f..W...8.1`r`.....E..Ws.........3.f|.H...G 6x<_=.V.i._...X.n3...#n.!.4..=.........n...>.._l.........j1d...R..Q.y*......L9.{..HY.W..IA...{5Aj.B....5..[....LW.+...A.E....<..%.+.O.I..C<.U;7....i.M...B.r..H$.F..Z7a...45s..v..u..-.S..T.......+.E.j.1K.?.....&BW.v..#.3k..<....H..d.].g.wp>f=".WK.Y..S..X`.....[...k..4~...@?s.....4V.Y

          C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000014.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):104062
          Entropy (8bit):7.998188484024877
          Encrypted:true
          SSDEEP:
          MD5:9E49F78344DDB439E432936C0DC138FA
          SHA1:D06D9D4CF31BACBD1798B816DD81553A9A0CC9A4
          SHA-256:C4D527205631DEC950E6F8529368334F2A6D91E353B616952BB065300D661667
          SHA-512:F927612D2E1C052496B022FE5DA474294A40AAD4672E7D2965501BE8F0190FBB77C744AF204E28D2F81616C3922CBDA13F4DC679325399C445C23EA894086911
          Malicious:true
          Reputation:unknown
          Preview:....h!P.q..&.D.......F...:\.h....#...E.^..a.........L...K<.nY2!...(....&...:%|.......eAz..#.F..o.(.k...5.>1no.]S..|.. ?.......0.f(.g..I...N....e..`..3..DI....."..k.......I.....,_).. .&JX.F..{...C..:......Ws..../...Z..T%..Y....v...Cs.W~.vo.....J..w6.X.'..|a`491.z.W.HL.2._.w...6$......}y?OO51D.......\~?..PB.....S'.B.Ubxw*.*)i.HJ....@. iZM/I.4h...v.L"....bY>.i6..{..j.G.d...#F.`.......i.4.]l..9.w.O...t).@.#...../t.')-."....A_l)....ew......V....j.{....Q...k*.%L.u4.q..a./..s.Q...J.&....A<=.q..H...%`!b..E.(9...'o?e..e..S~,...@..,.k..a..k.7* _..&"..._../?(.-.&;V.'...c.....2q.._.t..L.udcl...cQ.C...%......^....GIgn.U<.....R_..=Cg...\6=.r)...6(y..&8.r....i.F.._......z~"..<m......f.=G.sRw.'.M.?5....e_........A.;]m%.e....r<0mD......#.x..$.D6.m..!W$j...Q>.@..j..v?.'..6.#.9..}.. .3....."....o.n.Ju..v.~..._..Ao'#......e.0..n.b:._a..=E.....8.q..<d1.s5\x.Xo.o......aBh.;.(..o..6;.T..'.Z..Ss.dJ...9h.-.9.<h>...%.5.p&.o...M.Q._6..4..7.....)c..W....Z.5RP....g.^...

          C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):102814
          Entropy (8bit):7.9983814752799125
          Encrypted:true
          SSDEEP:
          MD5:56EF280298BCA6932CD2869DE3788199
          SHA1:31A63185AF12F69996890B1AF46E5E61EF755C16
          SHA-256:1C4C0C80345CE295B32189CF31C4A28E9F6E62BD9CCD4070AABDC0B06B67DF47
          SHA-512:464AD7A6DB6FB23A96B467C67C8B67E30422603E85C0365331F3CF1B89AA33410243CD45661DA77AB7200BDE17C244BCFC5D5FB61315A5A357D3559C761C88B1
          Malicious:true
          Reputation:unknown
          Preview:....h.........M....Q....4.E./..&2{z.z.<.R4|LxD`%Z#..Q.j.P..G4;......3J_.2Z..)...?o........:Ru....x9Q.m*]....)..r{vk....&..k:+F..._D5.0"....?.r...8.?..@]{e.".lSu..p.+..........g....#.....3....tx).'O..".......i...O....X3}....s.Yd.h.. .38[....#..~..D:........S..Yy.5...RZ).a.L.^S9.U...F..-R..p......+..k.._9:..N..fd........$.4..C...+7...L..Y.-..@.v._.h...`..r....\..$....c.:..k./.*h.7W.e...).....B..L.....@.......X..=ry.r../......,,../n..\.M..P..E+g.QdhrTv8.xWE{P......o....n.ad..2.(...k...U_...r....z#,...D..2.5H...Y..o.ec...[3l..p.S..~w......Z3-.......*p.WPy.Uao.gr...s..y.....z...^..@`.3...8!DwP.`.b^.....im....xiDP......U..k.".-.E.".....J....G>=Z_..>.e..z.g.<.\..C.N..T,...}.{^w..J=<..U..K.....@..|-..6...@?7Bl...U.4..q{......m.fJ...E5a..X.pp.B..O..\.....<B3.w.6E.mw}x.U.y..U...n..&@.z.P|<]<!$/..=...FY>V............7...I.F...c....o.{f....G..P..(n.E..uI-I..qfc<..q.WP...8........!....l.t.T.+.z>..|Z......eI.BBM.i..EO..5)c..+........7..B..-?.N..4W..z..

          C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):99614
          Entropy (8bit):7.998236368098177
          Encrypted:true
          SSDEEP:
          MD5:EF2291D4184DAA800F3B6BED463FFE82
          SHA1:30BD70CFB99375AB347B738DAE8D96C204F3102E
          SHA-256:D7DCE68D4139E79D594907F1A031B1EF2762180239186E277355E1B7D8061E4F
          SHA-512:2B8FB9B7C943AE8718D22DD6E438DDCE2CCA47FCD767EFF912C0363C6A3A59D4DADFD02354BBF082F8A49669059F48DC669E7F413C780C76FADDC0D47005801B
          Malicious:true
          Reputation:unknown
          Preview:.........gi.?.Gaec3....c~aG1a41..n./a./.TD..UB.Q..G.s..r.s."ec.....*.b.Q4R.H.Ct.=..R.B):.L.....L.."..fU.X9........x..<.:....E$..e'0..P....."....s)...mE.3d..Sd.c........w...s...("...9g...Fw..D...s..R...l..w...-...k.>..._H..'....>E.)J..yn.p..E.d..!.B3{h..Z.*...,.B..-..f..S..2..O%..10.]...(Vf....P.=....p.x.%.?..[.s..:z...U.g.......-zn.....J_..W.....LD.0...].F...{..kLA...Fz..8.Fq!...I(.....3...6......U.a-Q.....i5'.....i..+N..n...5....F..]..+R.=...^...............Jf..@.E.V..5..@.Y..6..V]..'I../..}.n....e.v1n..<..t. .e..2.X...r.o....)j..Q2......o..m..ze.......wg..yDnh:Pv|.........>N...X.o.5...w...{....V..f..&.2I...X.oF...G%.9.U...xL%...O....h...p...|..Y.....Y...rj.|b.].<....':.^.l...6..}T9......<..|.I.g.o..A...N56..i2V..Q....a._.....Ma..O.W.W....M.5........4..BY...t.:~...h..z.U}1(..UB..q.Y...(..me.-k/......I....N...R.......2.O.r......n.W.z....s.......9b.TM;r.#....C....<.ea.t...hbT)Q.8..o....a<]..`U.S.ef..zs..u..$.3...O'..c....:oX

          C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):97750
          Entropy (8bit):7.99825816746272
          Encrypted:true
          SSDEEP:
          MD5:09431520AA48DB1CCF6B8EAEA37C6816
          SHA1:FFEAC66DEB8EF889BA4995899BCB09A36D72A786
          SHA-256:09CE6F6A230D9CA4358B33DC61298383F0F18D112B2B9CE39B24235758DB83F5
          SHA-512:CB165D5D89D0838EC8060A5B56806C77E195C27C513932DEE9EF5556BB1EA6BD1292A38137307CF4FF6342321E609BD6763BD7A62A8E1EFAEA945570B41BF160
          Malicious:true
          Reputation:unknown
          Preview:.....u5.[.{.Z..G...}6....h....>55..h.(..(...\HH...\..$.@.q...&.r...g.8....Qj.G^.hP.K...Mu7K..g....MM.H..#$l.)mf....Z...@.j..c+..PX.;...3......e.7.'.n{.X.s.;pJ...E....)Mz...8....of.D..F....m.h...|V.....E%....|1\DJ...B....z(.4Q....M-..1[BJ+.......C[[...VOC..].?.^.....,n.)..GV.O._..pr..x'.q...F.8...../H7X\.]".ZZ..s.E.>.c..v.;^.a*.xE....(....?.....c..%.H.....VX...$......D.....X@......a3.q.....gO..T..m..N....2g....b<..=.........FE.S.]L".1...v....'......V.......~W.!.sF.0..`J..6X.cK.......4.......^8.21].a{NgK....e%.33QG..75d.x.......h.'0U.F...(..H...|.n.0..vht..2....@`.......S%..e......K.6.F{....xy...f..r9T...V6..Q7.>^....m.O.(O.T.;).NK4...Z-+?U.&0...L..cq^.gV.T....g.%sW....8...K.~....E.N.\......Z.....lQ9..F....{$^......@...766.a-%aP..0..E..D. .hv...\?HL...{TR..Z.3%*I.._..=.@a.......I......hi...J....+j....x...I3..+...WY.#.....{G'..$.=7p....oqU..{...Q.Oc....(.".?i.30J8h....O.X.y.vJ.n.m.i..^.n.IG.**.j'z.;......Wnj(k...?..ZRhD)r.....7b.._;Y<sH../;.Q.

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog.etl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):573774
          Entropy (8bit):5.771941148260241
          Encrypted:false
          SSDEEP:
          MD5:F8D40CFCCAA87B86A3F4AC38C982FB88
          SHA1:06F3D458F994B767B3102F1F87A8E4712F11C693
          SHA-256:B7E26E0F2C0EB4D1DE40CE2086CC620860DC3E1AE5BD09569472969F4B96C193
          SHA-512:D814CEF30D4E879D5FBDE99D89D716434F09B46660F6BD9E1F616AD3B74F67F8B907CBE04A00B19E14B4B149B69D417C6A116D161DA4055A9272910CB165F520
          Malicious:false
          Reputation:unknown
          Preview:. .....7...8......zj...T]..ds.d...'.K.....H.7........I.}......%j6.....1}........B.}.8..Q..W..8.bX.W.d.2..-...;7..y+.....#.d.!.V....|XIBe.:.......1cA.....au.-....d.q..be.e...u...."..n..d...z ..R.*.....n..L.m..~.....x4.+ ..b....S...2......E{p8.h.....j..$..D4VPg.5Lm-........b."..y..+,...........a......C{\....V:l..gp._...Z..b+_..1..|....,.y3>H..o1y._y'q......J.@...W../....L....f.......Y.....2m./B..5,0g@#.`oiHa.0.r.@......|...Z...e..R..D.u.].V......X5B.!..r..h...6;..z.+6....p[........Dw.d.;..7..Xn."...5-Y',.I..h..G..=*.....z....1.)X>.@.v.............b..YZ...."P.5..7...N..y7.7.]I..;.!.....F...e0<.|..}.........0..d!w...G..D"..:...3.E.'.J.D..c.3y.R-.B.2.j....>..+....;<...8.C.. Q...r..s.T..!..T..<...#..#.E`.n.K|..id.........G..,...x.%nD..x.'A...j../.......M.Q../..[..@.A-:.9....%..c..a.6......B....eL..L.....ZX.....LaD-.E6Ni~..........z[nT....x.w....".w.I..c"8.o..7...!.0...R.C....>7^}9.U.3..6Nu..y:..<9.\.i%....T.......r.B;.%...O.!...._....!!'..../%.Y.C

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):24910
          Entropy (8bit):7.993025676578464
          Encrypted:true
          SSDEEP:
          MD5:0C9D87CA9D655AD20EA436C6556D2148
          SHA1:6785747CDBF13615F754838DB110B8C51C3ACFEF
          SHA-256:6B18598C594ED9DAC44A19F445826FA9B8BEA3D86E8F15C1AD3BB1E969FC65EC
          SHA-512:D6E867D347D7970A6E0676A6417C3AADBF74F2A7A0AC293B4ADD2D5E955802F09FEAEC6FFCC4C9134674E750B80EFE649B11CC6E614983B0C7DFA149113F5F7A
          Malicious:true
          Reputation:unknown
          Preview:. ..............KN(.a..>.....v.Z9....<...%k..A?.n.c[..&.H.......k.C\>fdVv.^.\.$....a..O.-jhXS.W...B.i........5....$2y.u.0.k<...=$.U..q.(.1.w! ..M.nu...[...Wl....{....4.2.#=.\Z.[.....5......O....R...[.E...iy.PT...).@.OF....].U.#....o...q.$.@..U.....^Y...%....^.{........a......9K..cl.5..e..!.u....06.0.).2./....w..u.8...g-...@...k}..\....vcd.$......A. ...V;..2..Y.(._!...xu~p..4.X....S9,....k..rwD..2.....3.v..e]fq.....s_...at..x4&....d.e./O^!Rr.fM.........x#LK..-......<..T.'..hnR.y&......g./v88.I.V8..R%.........Xr.g.<yL!....f..E...Q.......cO..%..]c.........~..&s."..s..f...v"......$ .........6...e.kWAt(.....m..,rM. .U..z..h."..x.h.NF...b}u>.h........$.h.hXf.$.p*...mh..J.$D.....G......{.$.=........@]..4..I.f.C....v"..t.(...l.!..K....(...........#.?...{.".(9~(...]........!...f....Z.......+.I&....a5i+R+2.t..]?_........>&b..<H...3O.....M..u..(........}.".....n...........4.......J....`qy.Zk.D..UR.>5E!.I....q.|.*ZQ.(........R........g...:.

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.257159231527879
          Encrypted:false
          SSDEEP:
          MD5:75730E20928044217E79C3D9D02C8AD2
          SHA1:097639F0249C6B668BAC35104FDEBEA86C8D7ECF
          SHA-256:CBA8A238335C35C83D138C451AB20A2E73A99A25DFB2815B1DFCC52477BF62A5
          SHA-512:7EF39AF7B403D754ADB29FDD5F6AD1718AB9C0C849B00D6B172E121EB3D932569A1EB7BEC66D199E7D3F9117347BDBB909D94EAFDA4E237C0B9A9E3AAAB73784
          Malicious:false
          Reputation:unknown
          Preview:CMMM S.9Sk.$.9.....:.........I.-&.k8.[.a.X.6.!.......Kt..i.T.....'h..E...............l.B.b..n.k!.0\.y...<2./..!\..6k.di.Q..3p./n^s..............~S.U..2=.<...l9#m....T........eY..<..*Xf..f.h..c.{Z.3Nr..D..4.84..;y......(F.w]t.OmA8 .>.U.J>vEH+...EU.s...D.n}`.....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.330055757863851
          Encrypted:false
          SSDEEP:
          MD5:E7D5406F1C9F5B8BB41375F697A0E69D
          SHA1:D8DFD523901AAFF43CE649AF4F39D696C639704C
          SHA-256:27FA65DA4D342BE1EAC42D789530C6B4B07A88842E847C1225BE99A48201D095
          SHA-512:554757B878E350FB9B9DE7ACD81DD6559772BFFF31E15D4C018663E16A989BB473F952240AB44F9B3EED756EEE6807111B5212E7B56F6EE097F396541460F1C6
          Malicious:false
          Reputation:unknown
          Preview:CMMM .B.Q&.i..x...J.>7..R..g]q8.......F>~.[O.#.~..w...w...J...Lw.... ...F.I..]?....1.....!...M?j|.o.t.<......3.%.e..Z]{.j.F.<.xu....SCcN.f.;P..R(g.13YOIT.....k...bf.90..J..quO. ..zKe...{..~A{..%......p..J........R.hsUs.J......@&.3......<J,_.....F.T.R ..T.j..!Q.X].G..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.268170344683904
          Encrypted:false
          SSDEEP:
          MD5:93E2B16EBEB1C2845BE5A79E569510C3
          SHA1:4AA3ED7CA4D4F7DB3E2E6AA738605B7AE15CD5C4
          SHA-256:EE2D6616B7EF393E044594E90761278C41CA338136ED3450D929A76AC22BE441
          SHA-512:2BCC417929559AD704060060C29C9617D63EA11A9C086B6F3832C3E3E5D6DF3F6B8A18D62CADC9F969E6F838B43CD4EE79464F7FC684E439027C5A5221480234
          Malicious:false
          Reputation:unknown
          Preview:CMMM 6@.....Y..2H,.f..c.Nwa.W.E<.B...B....~UNU\=...)W........-..s.[ .Gb98~....ZaV..$T.Z..1...c.G|..a.~,..M!...J.<.g.]/.Rg..q.5..;.......*..!...C....;,...>R[..}u@|?.z.F.9.f.....G..>...=Q&.i....c....`..#3/....tv.<....p.......4.v6VB.....r#v.....[!..'....;.{.......d.V.!./.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.24867954572109
          Encrypted:false
          SSDEEP:
          MD5:A5A77145F98B4CB9E220F6F5218DFA21
          SHA1:4E77686039AD2BCDE17D30A7DA932B9F1AFBFB32
          SHA-256:4C46E0A3B5D8C5D2ED4CD4ACD76A49E7B9B8D357F826FA94DAF46769359CAFE0
          SHA-512:87A70B85FC52E42D5B860E38BF9F534B0E9C3E51B7CFAD1EAA7D7B7B7A96EEFD75B3A617B9F3898D4B6013AA6AC6EFD1661BAA19BE09B341D3249C8A62532288
          Malicious:false
          Reputation:unknown
          Preview:CMMM DPt7.]}:Q...94..5..SW...-......\;......`tnUvs~...$...3..<:.`...DQ..c;_....l....E\..}.t..\......o......'....M.G...m...<..y.d.......M..g....#X..{hv......7.mo.rjE...e..M...>X$......Q.;..U.R.@.R..6T......s.n..,.C..W.3o.}.....:a]..*......<..A..N.?..Q....Cs..].8.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.230757224283866
          Encrypted:false
          SSDEEP:
          MD5:47E8C8471CE659701F3E4D486EBCDBFA
          SHA1:08911A325BFCF45DE8F3D2A4DACC0CF7165FDC43
          SHA-256:AD16139C0BB536ED1AB246699D4DFD8B8F492F16D4DF51DD2DCEAC3AE569B552
          SHA-512:C6B09B3AF133753BEB64EFEF0983FCE53013B73B762DA8BB60145D5416ABF4F1143DA53742E84640D19F1E795C335729F5EA72C3E4E9536A5F9D33C62799D97B
          Malicious:false
          Reputation:unknown
          Preview:CMMM ..>:.{h+.9zO..u.i.........\r*..:.*..D..p...v.s..|..)&..p.!c4X;./...$.s..V..K...Y\..c.'&.;......."{r.Y...!K)....{..}m_ N... .......c...W.+.6..d.M%.u...P....`...,..F.^&*.]....}..e..M....b...J..sJ.C.!7."/F...~Ed._...]..Q..SbhB..U.*le....f 9|K...l.G.^..Q.BK..6..vc..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.33138037396628
          Encrypted:false
          SSDEEP:
          MD5:00FA4769CCFE4B1109FFC34D0F8C7382
          SHA1:84433EAFC32E6167501327C8B977F17A0035132D
          SHA-256:79199A947A5667EB35A3E63680C3DB2CB723591BF3C18675274AE0CE95C80621
          SHA-512:60B7A2365189BCBAB598AAFEDD164E1E32ACA974ED4C563AF57465AD635C0C81DF9FD8FA9B27542EB1D86AF41C14BC6387CBA4A4AD2A4F02E9978F851F59BD9A
          Malicious:false
          Reputation:unknown
          Preview:CMMM ~..."._\...Ru.I....^.w.A..&.2......|M..D.t.R.,...m...G....O.c.......&|.>f .w...L....&.~.5...d.{N ..,_.l7A...H[#...U....J...b.jS..(.~.....\oA...5... -L.x.R..\.-....7...P..P:J.?....H!..V.s-..d...x....$....q....k...K..p..".C......cr_..C..zs...1\hQ...\..F....$.6"[9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.28947105112368
          Encrypted:false
          SSDEEP:
          MD5:A2CC7A1943EF6FFCC1FB0D4A27600DC2
          SHA1:F9700DF7A63B89CCE6A5938FD60A1A3A25DE989F
          SHA-256:730A9F7FCBAED3C6DD3489C735AEC9936CE64D8DB8B346B3C4F700DFEE412617
          SHA-512:A368D6ED7743B058D9890772316E4C8CD6D41C6123EF2D54F2D383558F0CE40805380B0EC20BE8CB8862E8218340B7CBE34D13DFA2BF590F8152763C7AEAA2CA
          Malicious:false
          Reputation:unknown
          Preview:CMMM ......;..(H...'.....n.K#.V....d.....lh(.l....V.9......+....I...(..4*..z.2..D..{WO.2......5..(..W.h.......2..}I.....,.#/Mt...6.z.L..h..{.j........KL..?.l..#..&D....w..o...m ..e..%p.F..?l"....,...Zx..}.Y..%.....+C...\`.F.5:.#.#t.@.O..*t.v~=.@9=....R3.?7+v .ff..4.c9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.313647551434373
          Encrypted:false
          SSDEEP:
          MD5:7F20BC1BA41ED3FAA6BC5E131D60B790
          SHA1:FACA1494CBF0AA6F54D7905C6D462CBDCD160D64
          SHA-256:816507342AFCC1A60FAB40B93B33CB29D23624C7F4246B585F6472E7519AD741
          SHA-512:6CE902F6C9B237A4441639E658449F72EF94E1AF106A95CFC3E3BA3FE58A87C210AE8CDD45EE861DA6888E359696BAD38C28AE7243FC17EFA4E120A4EBE0F031
          Malicious:false
          Reputation:unknown
          Preview:CMMM ....Oj.T......$.7P/N......^.....+`b.l.| ...h..I6.!W.....-.....z%...;....|...@..`E....VJb-..Jo......Z.M...6.S...Uc.<.^.w.l..?..3/H..)G.t..{.....d.....a.57&.|..1..dF.}G....=....2..^...;c.....r...8.....g...@n.y,...r...W...+dWj..7.......4......\9-..wqA...N..W6.r..H.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.377883479988421
          Encrypted:false
          SSDEEP:
          MD5:6D05624C13B0EFE1D4936BDC7F6598F4
          SHA1:C40D5522B4FB4231A51D097BCBD45BF6BB4A7E5D
          SHA-256:3777398FF70CFC650F37DAE84DDC6B204FA1DDED6960610C06D4E897476CA1AD
          SHA-512:C65A3413A598134E2348E28956FF8A1E291258AB3F62D4E333DB5F4FBD9463A7D961846032DD249AD5A1FD9DAADEB10F391C3685C64280289A56B49731153B17
          Malicious:false
          Reputation:unknown
          Preview:CMMM ....Y....u....T./S.?......4@.w..d.R...Qs.CC.p..:.P.TC]%.i..?...GB...6..3...9.a.h.......Q.U....w...|...r.*q.....09..Kfl......{.....l.>U..0VwBo...P;...U:...t.....NA......}&....*......&._s.......JX..._)..x.`...gH......W......q..A.5.......{6..6..,.!.....-....9...B.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.276189242458419
          Encrypted:false
          SSDEEP:
          MD5:E11BBD8FE85886489A86DCEA2371071E
          SHA1:5A460EF3F7A12CD0826378141FC0369997644010
          SHA-256:1F31FDD8CE944ED5961E4D4B25E24A44E719080DC57985DFF306EA4FA6ACE1A9
          SHA-512:1345BC44824F0781F4F9337209C4AE9B5C9DC8D5B800E8012278F0E665E1019A09BA17804534BADEB9F71FB61C060B1F67E3842D5C7FC3C8F555091234463D59
          Malicious:false
          Reputation:unknown
          Preview:CMMM .,..~....*3.O.1..wJ...(..y..8is.A..||..O.eQF..n..e'.t'..c6...P.f...+..B....].k.........\..S.\...<|O.e8-...g...,P=...,_u.1s..L.w..z.MrqY..a..b.%~...$7......F.p.jZ.Q..9.x......;4U.).'.!V.1.I.if..2*....j*..,..*...3l.../....2.Se..s...3.B...~~.p..C&._W_..+.Y.......L9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.335326333454762
          Encrypted:false
          SSDEEP:
          MD5:0C2823AD54E924FD9DF1A3DA5D6C17B0
          SHA1:031196D3BA5AD0904DC76D9234B87DC4803254E3
          SHA-256:20BDBA189A710BBCE0D37DE03F2B4A8EB622C6C233D6CF58A3669C4E96F29FFE
          SHA-512:D546B07FFAAE4D5FFEC5E117421815FF8D354EEBEA2461EEA6A9E1C4B362325CC4FD9861C46BDDE82F24B6D98D03DF7C1862AE9CA375F6BFEC5630C9498A0F9F
          Malicious:false
          Reputation:unknown
          Preview:CMMM ..voM....Ft8./Z...j.....lY..R..,.X.b.%.N_.C_t...R.;.&.....A...d_1.\.~9*Pi.g...1._~%.h.57..........^.D).Q.`..".P....N.k.B.y..:.;....'hrn....5.....3!.-............m....O.<....~.H-.J....T.E.=..s.....$.Qo...^...)..JK./.._TVhO..i..f...s.(...A.t....\.L.......Z(..7..V.j9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.317222638927395
          Encrypted:false
          SSDEEP:
          MD5:AE8310E3E790525C7D5D38345F29C696
          SHA1:D23D6BA2DE1BEDA03F81D71BEDFCC45DBDD84BFA
          SHA-256:475B441BF1599B62C823B0123E955CE5CCB0476F24500414F0BF154E9D40ABE2
          SHA-512:93D5C34390AD78CF376085F535EE36802CE4DF55C170E33C357B9266A3C9672D2D21BAFC11E2770387F4D33F9142F12B5FE91F626FF7A0C8221BF20B66C26A7B
          Malicious:false
          Reputation:unknown
          Preview:CMMM DEo..........;..3G..t..V`5......3....s.o>\.9.I}..~...t..=.]....X./i.N?...'tc..N.......$..st.....zn...._F....O9.w$..9..3?>.?... ..m... ....u..<#.E..e...|..t...qX..&.G.<....P...|...p..oE&.j.|+\.3.m..E`..C.d..D..\..^.6b....st..3gd....w....Y.r?&..]./....y...[....2.\9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.169864620103149
          Encrypted:false
          SSDEEP:
          MD5:9E186D39602020D09C09BCE4021ABE69
          SHA1:826B64810EC8AEA8B9DB563CCFA5982B10C8CE88
          SHA-256:F7F525876F17EE12D3A46F296D6CC2614B425641FCE2C9D1C61D73932364DF84
          SHA-512:FA8BAC0A7F4DD41C8D115F3D05A0E11F457A0236D39B5BD7CDBFCF51967EFC133743ECBF98877381D2034F45CEF4325218B2403A82037633E35E80591AC25844
          Malicious:false
          Reputation:unknown
          Preview:CMMM i%^f...eG...6..B.s.LAGD.c...c.&.R......S........&.;.e.qc.. ...JcC.-...i.2.f.#:Ga..0..C!...O.....0.A;d35....h`M..Z.........b:... .r."&.Q..z..4...........GX........P...w..r..87....]6.F.J.;]..g...f`..-L.U.......M:..5.x;.u..Y-.h.h..5....B.3.L.g....R.x..o@)Mv.49}..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1048910
          Entropy (8bit):1.7688265266713334
          Encrypted:false
          SSDEEP:
          MD5:4B51902A8079E4594987E0D8FBC36704
          SHA1:6B91D9D19393D2AFF7DE46CFC66F1052740FA4D4
          SHA-256:F369F5BBB593401EC0AD9F7FBA094FF227AEEEA63D06F9F7B4AEAC7B17F84AE2
          SHA-512:4E98A56144BF9CEC1B9E478EEBA0C92B65F2DABF76524F154189C0E92B048787A56601C5EE68C2AF5813F301B2E01E3088536969403FCF38B07BFA324721306E
          Malicious:false
          Reputation:unknown
          Preview:CMMM ..G...mm.QE.Op..~.A..n....o>.J../.T..1.^PuR..H..m=..f..@..@.#.......".X....z.m..F..... /.C..L.....%......a....=..jo...M......._...aJ. ..6.v.K..Tc.Z.2.....}...!...}E.f..a..y.%...L<....X..i....4|..@..C..Bl,..$.f....k..=.... ..a.T.*6.9n.>=.G=B4....&p...\jL+W..y!#.x.Z...l.a;.H...n.2BP..Ph....|.f.... i...u...}ks...(...L,&F..0...p.......mX.O.....?..A.c3.Q.Y..v.F(....f.y.Si.K..S]X.,..1.E.X.T7.-I.y..;.pk..5(Z.!.:`.....g..>$...>9....L..?....P....x.l..-*...(.f.....b.....qp.h....z.......Q..y..o.b....&.Ur..#.........w..R6.R......'6x.M..v<.6#..h..w...F.L^.PP..r.8./..o...-J"*.....!.9..^N.?x.m..B[6.......+p.SK=o..tfF....g.as..*y{b...&.C.!.ba..N....~D ;R.)...-J...;......x.....8:m.]#..M.-...\s....?.....&>A..d*.nU.r.S..?.b...[:.u...n..0P.W.....[...K .q.._.#u.er..b...W.h.s.gx..x]..4.ADo...36.|.......^|...e....n..'.b...........U#J.E..p&..)o<.l0U.........CcY.........-X3....~....d..h...t......OC......P.).....18......y.....s7"?$...C.....c[.ZJ...-}Y.._.....y..E

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.264809259438456
          Encrypted:false
          SSDEEP:
          MD5:3F7C2650C69F5CBA33D09EEF79998494
          SHA1:4466A0DF06A87B9A911B9E776437D6B33BAF61AD
          SHA-256:4864ADF42CDA3E9B28CB0CFC40E891D09EAC82B903E75B51A7DB3BD09706F38E
          SHA-512:96254CBE065A9EDA611CBB82C0E9A8AFB90213E9765F29D4998595AD0C8A0685F41EE4FBE2D32E1059B0863316B858BD87DE1488147FE71ADF0A77B4E86CE250
          Malicious:false
          Reputation:unknown
          Preview:CMMM >Y...v.o.|.mvGjX...Q(.'....v...f..3d....h..j'..CA..T...T..Ea......l..=.l....e21.....~{....B.?.t..K...$../.GMQ.ti...=........V.._o.J.D..G.$,.!...."...6.\e..k.......]...R...1p........-./....^.<1.#..A.!.>.2(..'.*.n.3..8..Pp.T"....D2.o..;.4..P x.p..yx...K.G.N..W.??...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4194638
          Entropy (8bit):4.148636031057144
          Encrypted:false
          SSDEEP:
          MD5:4454A8B084BDA0B10E920BEF3CE3A216
          SHA1:DD204F04EDE9C4D32330DF6AC01D2591051D2E0C
          SHA-256:C6CF4B8608158011AECE4B10A8B0E8CE988B558E3B7D5A4D0CDA35E91EA0CB40
          SHA-512:936FD13ED0D2A972A594FBB56274F2C86B8A7958C537EA1977B019331F7B1F88F3D09C6FC55F325BDCA2335B3DBC8F839960DC956B987EC65A534BE217BAC04F
          Malicious:false
          Reputation:unknown
          Preview:CMMM .dq..#.C.../.;..`..,V.9>.......U.H.......f....."...3..W..eu..5..%.au.<.......>}...5Z..Zj.jq...w..%.lk.M <..l0.#T.h.)....]i.....T.C6aF...!X..5Vll....b..Q...^| .9..\.<....P..JF.z....[c0...t%..-...*.:d06.H,.6..L+.l.....q.bQ.9._~Q_E.Fe...Y.&..L.FO...^......f~.T..c.j#..DKyX..V.1.y.s...q...1S.....#]<O=V..]...Tlg........:..2.~..g.@...]%.4...o..{."3...x.!.b.....&......A......T.#@...;.8....C..-/....~.....j...gf:.1..&...S...r..T9..N....=.R......J+w.#$.N"..@.T.A..#f...}...I'I....i..o.|.&.#77....i.].N..@.4...:@..6:yNer^K[..^.....L...Z..0..*...3[-^u.......E.c..<.....<.~b...5.u}F.....w../].n.4..#...CD5..9Ik'......J.ibl....X..7KI......)&6..O.8./.d.P.C.r.j....WO....P.....2[,...U1.....~6...|.q.a..>..ws.9IZ.`%.4.C.....h+.A..1.mT..ocw3./c.C..F..5.bOF.(...S.......$.^s..|.]....x..<Z.A.&X.*k./...vg.....B.D..T.. ......@\...}..5..e.....ZY...Yh .2>......7k....N_WGU.......+w.........&B.N...A.f2S.o........_.1..x.dq.'n..t...i".=k..+r.t.)O..)..u.>M.

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.3156662597052735
          Encrypted:false
          SSDEEP:
          MD5:B3E4C4F7469B779DC56337BAF818D13A
          SHA1:78BD7F6A01232F8C2473365EE891ABC05E51F874
          SHA-256:BE5C5DCBEE9C219C1B27F46697401B879A9027A1E8A6539C59CDDEEA190F3036
          SHA-512:85998AA1D8FDE192722F3002E9CCFA75F46FFCAE7E9116C8A0DF06F0E0D3589F62C6F16C10F22F73380695826441FC0300BBDD5B9717E66AE14CF5415507997E
          Malicious:false
          Reputation:unknown
          Preview:CMMM ....\.R..Q.n;.T$".R~..).0.3..d..C[.O.......E.8....<...o.]E..[.{..;r..>?.aZ.w/N..^....p3....}=S...@...I..NPQ....&V...c1~"..w....n..8..I...'.....+>.q.....q.L-.........>..e..,.J..E./wy.O.g.....4.`....Z.V;..i.@.J..SL.;...|k./.a6.a.@....Q........CnI.8.r......B..4*.^@.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.276333552787823
          Encrypted:false
          SSDEEP:
          MD5:EB4AADE71B1EB7CC38ACFBB700E8FDD7
          SHA1:F24C43693F91EAD6F9887E1BFAE2C619B8B3574B
          SHA-256:05AEFDCE18905D66ED7E4AE7CE668B47737888F7689B82B4FB9FE0620CC6C04D
          SHA-512:D6C3675D69D288B32F1534D910FC5D7E8C77E69546BD54D9D8CFBF474ED9E79FD161288F637D7492A6C15FB95295C909F29426EFC0EAE761BCE1D04B605991A6
          Malicious:false
          Reputation:unknown
          Preview:CMMM ..I.E[..P.f.H3..YP.6).R....4.8Ab.Kx.q..[B.....l.U......R..l....y.q..-.%._..]...UOD..o@0.....x)....y..~.E..j..7...:F.zg.R....l..im.I...1./.u...;.r.z...?.....IQV..B{.,;DL[..R.M....%s.>P.~w...z{.WY..t.Z......7f..7...d2G%.....S<.V.Uz../z.bA.%._M<)s.PT1.bf9Ij,u..Lk.*.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.241146400436119
          Encrypted:false
          SSDEEP:
          MD5:301973B8B0F830EBBF8526F89C0C5611
          SHA1:1562963B85FA9E40BFC292253DD44B5F09FCFD4F
          SHA-256:CDBEB1F2B12E0C425D03EE5B82B8301D5C5291EDB4137B41729D4BCDBD6476B5
          SHA-512:253E4657A9A307AE30DB1CA4E8BE3BBEC9B9F33CC7201C0F24EAFA8665733DAFB06206CBC3F7243FEE10643BED3CD6CDEEBA02ED43E115553691B11B7AD700E5
          Malicious:false
          Reputation:unknown
          Preview:CMMM Y.)...S.}..lV......#...B@....`......7.T.(}..G.D..VY.....e...Y...B.InR....;{.+av..(.....A..3.LW8g......."......W.e7.^.4.d..U-b.il7j.'#X....c.p.......3...s...3.0.@.sJ=.3...)..Q.+.#=..<..{6....1r....w-...c.)<he`...=....7..C..2.3..jM.qL.(.....f...fG...J`...f...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.282405897456137
          Encrypted:false
          SSDEEP:
          MD5:AC6C708D89D969C34D57CF69EBC23869
          SHA1:2FCBEEBE5F435222BD17A93B6F53A1480EA5B70E
          SHA-256:E4769D9FFFA6E53A0FDD242C36B52A1F6567618124977F130A0C1A638611A226
          SHA-512:173E89DD882E64120429D009F7437C5F374B8C784EA773A3E6586A5652D7E94F5562F35A09E719FF38969BEFE70E5ED0C9B49EABBF7F965E428AC72A2B8496BA
          Malicious:false
          Reputation:unknown
          Preview:CMMM 3k.ulI....m..@..7..(........].V.>.9......6?_....Y(..^,...8...1.......\.U..Q.i.~.....j4@....^.xr.h.V...S."KlQ...>..:.^x;.5.?...N}....._u`...y."J..meZnR.........w\.k9.......|@...n..S......o<#.HE...o.;. W.L.hI#~x.c,}..h]..a.=N{....Q......V.W.9qE.....~..8CB."..$..7....k....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.299347047082591
          Encrypted:false
          SSDEEP:
          MD5:CAF616D86CE417AC1D7FC7F8142F6CEF
          SHA1:D5AB9BEC4EFF1E3C6AFEF9C3A03AE7D70A74CB81
          SHA-256:759A0AB77AE477388E8BE2D4BD8F8FA1BDBAE32D336715F47CF684A4765D8C33
          SHA-512:54DCC3008857A80734B197D998853E2831660EAB854FF5266200F51D744CB9DB2CADB20D3F6F69FEBA29A641D0AD11622F40F2A1A1DA0CECD787FC24CBCF48CA
          Malicious:false
          Reputation:unknown
          Preview:CMMM .o8..+|....,/{..`aLb.d..../|L...@..oh3.-/.{.......s..wS3...)N....M.Z..+..D...9r.x.Z.......#...Yt. ...>>|Q.e.M-JJ......1mV6...uu.A..h.....4k.. l.(..../..T.pA....^.P.%...b...Tb..7...`q.D.C..,.a....|........@J...^.\.v.*..`$zaK....A.+....N0..hc.A.o.G.......@..%}.E...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\19.043.0304[1].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):809
          Entropy (8bit):7.724663686962236
          Encrypted:false
          SSDEEP:
          MD5:8E81295FF8D8C457FB173C0A3DDC6E46
          SHA1:9066297EBC95B02DE610C7D820F7B9BD278D5CFC
          SHA-256:DF03E63399B445F454F6742654C9F2B077DFC280CB16DB0D7A65376B408B6805
          SHA-512:0F89FA1BFD2F4ED42EA873399DC6AD6F666DCF9155C80ABC7B0EA81B2A56AAA1CBE0BE738839E6B63E4DEA7D8717F17E6FF81A930DDCB3354E472A444ADB34E9
          Malicious:false
          Reputation:unknown
          Preview:{"ECS.}..5=......V..jF+B..s0brw.'.G...AP'5..!..C....19Zd{N0..I......XP4.:..4...@YPN...&....KV.$U....<....wMl.....j....V......3.2..p'.J.a....#.VE.^..U......._...'..s\/9......,..)ra.K.GJ.9z.....@..p...g1.....Q.3...N..v...W.q.}.J...\...0....m.Y...#.R.H.e ...M;.'..p....g..C..{..[.-h}.5...s....r.GO)*...".a.a....~...j..}...%...W.M%#h..Ky...../....j..Q...hV..2.IM..S|.......C..v.C.....N...l..Q....X..u..r.<..9..o..4....D..)ogF0......5.....@=^N..B...S..4..j....GQ.bu.=..n..5.E...)=.-..${.(y<..u...@K"j.y..O.....A...|h.Q<...0N..;7..lq..-.r..{.M....K..0....+.......6.Cr\..B..5.@q...\..8...h.&.)...n..SLug?TL.q.........(...........b.....'.~...-+......>iDT.2...@.H.....".MM..I.'..N..m.0V.d.t..Q.....n_..#t9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2[1].css

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):110785
          Entropy (8bit):7.998119301622358
          Encrypted:true
          SSDEEP:
          MD5:9C9DADD38A038D9C835EC975EFF3AEDF
          SHA1:4D6698C7A03BC0DB661FF6B99A4C47A5D727E47F
          SHA-256:29ED781BFB7F853D74DA8EA2BEDEE4BA29745FBD30DACD95BECC92379560E9A1
          SHA-512:41615FAA5E0EC844C0685E99FDE8D7BEE13587700F753D74F11E2F5FC1135774585A86FFA5B0B368E3532EEB3533E3DD3149FDEEB105CDCC3FA2DFE7CF6E04BF
          Malicious:true
          Reputation:unknown
          Preview:/*! C..D;...7..C!+Y...;..r:....[......E...0c!]...C.?AB.z...\.1J.!.t.Z..f..ko...g.n..S(7..-.1.J.CE....E.+ ..M...r.......m...4..Zz;. ....x9Az.o.....@y(.....\;`..0a.....6.......%=l-...u...|.!.+...$..F.......0R.0>K.)mP.....6.i..B..g.lY.|v.>&r...8+T6.....&...c.....U...7...h#jL...L.)..w.;t...G..rL,.d7..{............)t............z.p.JAr.n...2.C^....l8k....M.@vl...:f^&.......{..K......q.LjI.h.....*...Z.~.`X...^!...s....g!..N.X....p$V....2...3.^s.^..Ay.X...Y..k..!..z.K~X_.<].V.....%.,V..D.l...=...Y..t......F...... d.S....(.b3.l.f..(.q...9KQ./I....s.7.hS....#..W.#.(..cb.x.M..2.Z.(.;.Tc.\..e....y`4.m.Z%c?.^!.$....h..lW=..*Q.:......D.....3.[q.$.s....S......0O...(.K.g.pqh.s@.8...hJ9p..L..!.^..qeP.u)_LG.....vO...j..Y...:.....xZ.%.....x...&>.E)!.S.+d.!>.Hq~8.*..~.Z"...S.......[....I....aW...B....O9b...@!.B.20>0%.x...!OEr,P.!d....rs..K..._?._N".n.O..~.......;5..v....I...f..(FOr..z.......e.b3..s.k(.Q.&.Y.n5...~......|..pn....N}g..f.{..U.HH.e.waVz.K .u..]u\V.n

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\PreSignInSettingsConfig[1].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):74531
          Entropy (8bit):7.997426321355119
          Encrypted:true
          SSDEEP:
          MD5:FA93BF693522F9BA6C6C73000F2324DC
          SHA1:9142CCD44840350ACE826DD09F4E7ED5BEC9E4A9
          SHA-256:B15F5266E78180B896A8F5332AA6DEF332728A1F740093050E2FE0E620AE36C5
          SHA-512:F884D9D54F0C92221E9C681EC5C605EF7FEE64CA3CAED9591EAAC2B19398B6B9F927893F3050BFF0D6A238DEC00B94F5F7E75B2985C70D4E6CBDC90DD48C3999
          Malicious:true
          Reputation:unknown
          Preview:{"ram.u'..1...C.,.#i.^9g.-qn...5.E+...1$.:<...l...'/..H4!.....1...4d].~[.uy...k...#2....X.Cx.9.k&...:....B.,.<..#.K..cb..e..+.{t.......k.@j... ..3.l....~-.9.z>q/J...XH..Z.}.........8.*5P.dw.Lg..f...C+.=...F..[@.>c.wZv..vl.=086.I......../...M.Y..X?..}...9..K....>..8.Tk..r..6..>.b.....ZZ..*9f.6UG..p...#iS....K!..}p..VzgnG...3.....vR..@....;.7s|...>..f....G...v.r.&<u.?..!...-X.j.......KC.].0.i;..e.6...#27.x.?.Tz<..7K...h.A~.+.K..{.g$*%.../...Z.V.-.Y.Bn....l.&.U[.........V..,|...j#.i.].....^_...H.^*...*&.@...}F8B....la..J.......A...5......f.si.-N.....6.....i.W....9..+~.$...:._........(...V.1.d^..7/.=.._..MfJ..K..F.Hx..~...e..R....._~.....K...[.H2..7.D..a.....3....|i.......<...3...f..l.........-./.....Y?]...}:..."...@....h_.....[...^..#.......c.[A.,bc?.CMc.:.....f.PVJ6..z.....Q._.w.UP&.r.y..).R..t.h0,.mB7.....N.9...vb.k..s..0.#....[,k.......{.#..n.d.....T.A.f.F...+.D.W...HqH.t%.0..._....;.ja l.<....Y]~k;........S...~..HQ...0..B@.h..(*......f

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Windows[1].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):814
          Entropy (8bit):7.782702544535452
          Encrypted:false
          SSDEEP:
          MD5:9E3DAF5FF58DC68AE8C317C2D7FEB5CE
          SHA1:D7F9117292BD192B89F8E5A1EE8AD2AEA05DB80F
          SHA-256:AECD80C1F4B25F7B20B2F5E83F55CEC59A2559C04F6CAB484624CA7F43F0C5C5
          SHA-512:70F7E14A2C8280B1881CA099F12B32EF0FF4A432A3EAB59F314A5BCDADFE0D1C72EA1BA8E50B285D748276BF93FA81C894921D76D3741018A3C28C38E3F77C42
          Malicious:false
          Reputation:unknown
          Preview:{"ser.C.=....-...%.H..Y(..%]CV..N.l@..D...xT....O.u3)...4'....[..;..>............}.P..V.....e0.ngyj.....I1.:..#..-.........P+_._N...r/.6.....n/.2.zfdlR[Y.%..mx..l.}$....g.....!$.xs..K.6.....s.(....x.).<..[YJ..[6..2.'_.\<7.O..K......n.{....j'.l07..tP=...%\o........#.2..L=.....=..]g.S.&.*..../..)(&.R"...k.7s.i.+...N-..(..z.{.{..6.......4C...%/$.}..?\7..........0..hy79.$.!.H."f.:+..\.e..D....J}..x(..$j+.MIT..^.G`..oq,K...|P..J....*.....<....|.c.t...W9.4.....C.Q.c.p...........>`d..0...o....m.....^..0"?..............O.].....{f5.*.u.....[/>.@8..Bs\.\..Y..}...- g.iB....[g.B.R.Q.'._..GnXi...q....4(...A.~bh...........PN...X-......&e..a.C.H.K2.'....._...`t..h]c!.......q.d.d......r'B~.......H%.....H9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\Windows[2].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):961
          Entropy (8bit):7.749517209677706
          Encrypted:false
          SSDEEP:
          MD5:019447BDB744717C631FCFF0D513C416
          SHA1:3C8FCCC2E22F9149E63C26ABA3A6D670B740C6F6
          SHA-256:3EC303F31A49E7F9B78A09D9D4C7082631F893612990F3C5F6A87481788F2327
          SHA-512:B1466185F835FB1591062D9707B45DDA5A1E6351AEEC8857555AE3631767474A120ABC26EAF55D9022F23965F651E75B3351098258D49437066C91F5FD7A484E
          Malicious:false
          Reputation:unknown
          Preview:{"ser....K.....W.h<L>.D.Rn.&.uo./Y....?...#5!.y.&0)..}..=d.....a.....J..n.......i..qk{..b..5...f!w8W.c...:ik8..R...O.epkr9{m-.K.mJ......@....`N..K..!.......9....e*....!. w. ...y.{.U..L.........q...}..X.@..l)...w..t.b..f.... ..)...#)`.T'........}v9..P.H.... ..(.`...d..{.<..G..Gz..m-.2d.x...i.J+. ......G.x.1........+T....k.....K..'kSz.e..7....^...]...U...wH.p._......Aa...gb....~e.m.s+.'.R..t.Z.......='......{w!.)...$.K.....bE.w...J.....=....SW2....."......o....L..j....;u.`....#i.........$.-.W......49G.S_.Qr...l.K..(..W.)tK.,......"..sd.,0J........0..7.h.DG...+x.+.b..a{......?..{@.K.ID.....z..,.R....$.D.. .E....\.B\F.a...K(c.......9..35I~H.R..Ut..+...R.k+~.a....."......>.|R..\...f...k%{...%.^..w...\$..~WY'....`.h.2.6..h>..lU...4.........%8.-b..{.$I....ie.B..9.K...1..R.:..............6.......L!.....`.J.t|[...]..,R.~.P..Y.B....7r.......9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\settings-tipset[1].xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):7489
          Entropy (8bit):7.972265838982693
          Encrypted:false
          SSDEEP:
          MD5:5FEC2C3303F1E154F1F9FBA095C6DDD6
          SHA1:FA8BA28508D3F5E1FE85EC05F9EEBD69C62AE8E9
          SHA-256:D7EA88815542BB584501294FC1764EA734788190088D992EAD33BD23D9470D5F
          SHA-512:17FBB47E8E678568A46C511FF273923A9A15AD5E0E3E4D56984DF548EF121D68FB0A7EA904692D8A1216AD7A216ECECDD3C4D8ACFEF49FA01460769E3EB72E58
          Malicious:false
          Reputation:unknown
          Preview:<tipS..lU...}...K..k..M.?.K.aU...O..;i..pM/...G9.+.~.G.s...N..1..|.......|..%..^KMd`..L.3..r|f.c ~.Y....re.p@\."h..m....v.M.c./e7G...o.q.PX'.V.L.I.;Z ..:9.......:h.....[.<2P6..wK..1'V....."/..HLu#...T.9.z.pue|....i4..,.uk....."......V_%.~..:'F..S......,%..C.B..eW".2CU_24..Z....".l.wr.2...hm..|,.].Q.`+....{.}.l ...M..hJ.)+.m.J.x;L.:.F.~I.@.$.X...._..5.H...WI...Iq6...d?..E.;.Z..O0*Y..rl.....%..{.,7.R.....^S..;... ....E.>..H..4......5..A..k.$..mx.15.d|...IH..u.Q.........V...+b?.cZ...7.......[..*|...]m?...v}.."....g_e...1..[.f..V.ar...E..8..xi..L.{A....6VD.=.7>6.X:84.,6.....bP'.A..r...P...%.C..;.|...k..=;,c...[|q.K.+r.S..w..xK....zV.r?.Y.du.p......Y.;...a....RV..-.....'O|..Jf......Z.*.\..gl.nt.'.o.%.>.q..N...........a.......[....wO.a... 4.....dw...i..M7~.2Vs,u.0.B..).D.g.+...F.........,.^..@...X...2..7.;.DB....~.........d.W.....^c..............4{]|.v!..s..W(P..dw...H$....D.0..M..H......q..`.@.zNt..r.=.]1Gr.A.......T;.p8......=.o_......;...:.

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\21.220.1024[1].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):809
          Entropy (8bit):7.696219331956239
          Encrypted:false
          SSDEEP:
          MD5:2ABD0A14F8D298395DBD47F628E99060
          SHA1:1F2B35E4010DBE96CA805710A7B8E4CAA6EAED70
          SHA-256:D089C53A6AB36B496FF9EC82BB72952400A93785790F942BD3052156B2AD683C
          SHA-512:40C535682D933EE62105125510FECADE15D04BBBD4606CF54312A3C7DEACD8301653B71663EA018A8F032EF149248577210B2BCB283282556DE61115E77781F2
          Malicious:false
          Reputation:unknown
          Preview:{"ECS66..a..[N....V.....T;.@LF2.Gw..<......m.}.A......hD.8F.g..pND.(.......{~....\.:..>.U.a&.....f%..N[o...^..-.{.u.....K...$:........Aw.8...m...w+.O...5.r0...N........,.7f+h.D0...HG!.W...#.D.....u.Y..}E.DR.a..t..b..'[..3.2....KRyL=+....HUSpk./.(/..Z...*..M....%..%..4....>."......z...K..y6.f..3=....I{.w..4.ct\..+k..........R+.0...i..H....7...........3.&......Y*-.bk...{`...,..#^.F/...|)6..V.>R.}...O.\...*......._..F...z@C...i...}.....j.*.'.M....X.V....%/nTG8.W/S.a FcQV.iM$....Q....u..l...^.$.6b..O.<...3.yx..0W..Ut...!k*.g.B.2.,...g.V..}..z.A.]@...fX...c..%.}.i..,.0..s...........-.....C.....V..i.m.O....8.8...RtF.6..q.g<..d.._(.`..+.5.v}......D~..mD.R.$...M$8...k..!.Z..e....V.<?K.5.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\AAehwh2[1].svg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:SVG Scalable Vector Graphics image
          Category:dropped
          Size (bytes):1215
          Entropy (8bit):7.830946237727849
          Encrypted:false
          SSDEEP:
          MD5:F12895A876266C3B3CE049A883BEF62A
          SHA1:922BB0CC82010C4456AE6C059487E21D959FC251
          SHA-256:E21EC7BFA64ED5358007AFDE0B7A1F89B429D4B9F760436E8F97FF2E2740E7DE
          SHA-512:3C7F1D6E07C198F12A3583DE6D0A886F2AB22295D15682CF6E24186F576B33F11793CE3BD1C10E46B3F67CE03DD9A29DE47CC63A5A040AFDE889B87E8E73B2F7
          Malicious:false
          Reputation:unknown
          Preview:<svg E.he.Bw...=.v.b....J..b..t..).c.w;..|...~..8...<.@.<..~.........W.......x.`<....K>jM..J.O.h/2C....C7O..c.H)...w.X.oY..m."V{"S.........XG.BZ.:..+.w....Q. ...-|....Qm....h.%.p...~L..(........,..Q..G.>..b....4.&Q.Z^..g5.4.....7F'.e..<..#..H.`........I.?2...?.b..5..U._s.^..".2..4..A..S........Y........O.Z....C.=p...[7_1....S.`_6..0.(.o..>.)Yll.$...i.m...L..6...Z.."32@..Q. ....z...N.e.6......}"...'..@..6....6../.l.T....&..;..O.....w.........Fjd...r.(v.c...CP.hb-...,(g..Qlc.>F.DB.R6wZ$f....QH..+.i..._=.."...&..V.`.5W.tb|{>C..qIn..-.oDh]NT..-..T.....T..i.......1Z...$.\..1yi\.yw....:.,k..K.O;...d..1M.:.%".Q.M.4.9*.nq.*..b........p.....TN&k.......].m.P.u...&.h.<ohV.7+.+.......Wx..o....mH...].(9..5.JZ.v.....<}.R..H.n...;^...=.TR"c......^....q(..Z...8.F.:....'..^.,=..y..8K#.zM...Z......%.v80`.2..g...d'b.(./.pv.W#.k....Qa..94.E.T.paN..q..9...c..2.5p.8.=.:.}.0.?...xr.AE.)..r7........'...8@..z.u.-...e.+.7.....J7.u.K.U.j9.8W..%.....o...... ...kZ......

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\PreSignInSettingsConfig[1].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65188
          Entropy (8bit):7.997166367628874
          Encrypted:true
          SSDEEP:
          MD5:20FEF21E67A5C1DE7E7114197E78D057
          SHA1:5DA0073B29556CD7C84E1B8F03EAB7405C19803C
          SHA-256:F5F0C0335D33FE526ADF165DF2634E23B0EF1E04C40D50301D006615BD9464C1
          SHA-512:FBA7F76CA6F0630457FB328137B74DBA1FDBF33C6AF87E08EC43CEE77466AFA5F962749A3336084D36997023B9BD9D2B7AD677E175F924F817AC640827907AE2
          Malicious:true
          Reputation:unknown
          Preview:{"ram(.M.e.........K...C.i.#.f....W...l....3.K......t!/.D...*.V.s..vC.....^........E.{>g.HW.O.s...Y....L.Z...\iG.q()..Z.{.-.u.YO..s....:H'4.P..!..b........?..r.z...}._6....&...J'..@Y..1.|...8..r&.x.e(Qk.|:.....j.x.;h....Sy..:.............q.QeKO.[.......eH.f.Do..z\z..?.o..4.~..."F:p'..-....3+<Q..>.#.6...:..o..o.s..'...,.hY....A.;V.4.IH.$H....X....q.C.N..r..s.E.....p.A...?.9.yY....N.....5..fq.f.M.k#..RR..~c....;.....j.6.=....&....Be._q..KQ.......1 E.....E..h.6.d.....DSK\..TW.'...L......n....@........wp.^.JyRM..*..9,...)=_=.l...k%ad....q3]z..<9..Y....W"b.......u.{...(..2.jE....~.{Fd..~.@.L...).I,adX..N.fo^P[U.Q.Z6-......A....?......m..ur&.U.@a..(...}.......r..........u|.^X...zO.Q.....f.9....d...P.A.D.G.x......q*...^..T....jz.K.`...'R.I.!M..r.....cd.7W..E).r....b...s...+..Y..@A..A..$.O.....E....nCZ.n.$....+...\..E..........x.=#..\.E(..p^D..M.f...r.7]........4.9.4..J.?n...s.$.|..vy...{....Z..9.!..Qq$"~..#.....Jc..J.Zl.<%h.H.tpE"m..

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\PreSignInSettingsConfig[2].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):74531
          Entropy (8bit):7.9974043578156735
          Encrypted:true
          SSDEEP:
          MD5:7D0146AB9CBB6718E5EB2BBE62F2E55C
          SHA1:9785095CB46C9AF572BC6D84EA141E61522C6F8F
          SHA-256:D83C64047F09E9D9379DA2AB629C9BC954FDC3CDE5B5FE2CF9A4A54906A066AD
          SHA-512:4977B92CD66158F3D0B3371EF436DFA25EDA72E5271639FF1B254D49DB71AC4B36C3CD18101544F130B192CB1C63ED94DF1A0B1DAABE4E946CF85BC196BB725A
          Malicious:true
          Reputation:unknown
          Preview:{"ram.q........1....^..ov7... ..V..7`.....,...G.0.P..7`a...&..j~.3pI.....E.fY:....]3..._W.G.{:Mq'..K.W.t|t....j...........X...5....+x....J.9....}......mq&..[.Ln/....l..g....m7.)...T.V..t.&.....S.L.W....[.B.wn0..GNn+...r......!..........u..s-..)./>.\...S..%A.s.L.$.....U.>...|Z.R..\....lQ..f...k..uA.".tW]Od..c..Q....Al...!%..o&=.g.R.`P..uFW..;...B....AJ..T.E..(..3..5.I........g...D.K......+#.....{.......d....eKA........:...G(.....,6.y.S.X....Qp.6...5.."....O.x[.`.U....=.).|/r................xac...&...$.d!xJ.x......U.9h;..Q".I.0..!r.q"m]84.j.!.z..T.T.{3Q.P...o......{1,[...q..SC.j..`y.c.:...6).(!...>L..R.c^.... #.pS.....b|....@...o...HCVs...O..L..dac.8......H` ~.....@a}...2..q...f.1..Sb....FLR..}.&..\.w..A,7.3....v..r?.LV..?`..;XT....1u.y..].../+..i..r<..L..%.Z+...tP.!N.o....my..D.1a.|..d..\....m......7.p.[5..........{.'{.%%.f.dKh....h-.....Ue..w.....#.l%....v.8.\.r.+T.B..~. ..b..E....tfR.V.#..E..\=.:.i..h......q.gu..Zy.@b....S<j_D.z.=...Y..EQt.e.

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\Windows[1].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):961
          Entropy (8bit):7.769811956330094
          Encrypted:false
          SSDEEP:
          MD5:61500281B7650251DA867C2905F5E175
          SHA1:8F8EF99F64629A77C36F6B478A52A146CCFA153A
          SHA-256:8DB5FB2DDB170AB9A104D47A6F31F1F0FF61ABD27C1F3FA450115BD40CC0386F
          SHA-512:A822C58ECD8BFACEFA2AE9E04B947D9AD7391657A25BFB43A5191DC9D8CAFD9D6961C5ED73F9EF8ACF831F160F64816716EFB935B70AA8D77B772D1E1448D0CF
          Malicious:false
          Reputation:unknown
          Preview:{"ser.09...@..u%u....y.....NieX'k........|Y........2nC........'.92S...(...7.s`..*...@...1f./.4M`......(....kr.X6p..`..`.F.i.&.....Y.r... 1...T...8c....*...r.r.(.....]* 4.JP....0.`t..O,.].?...|.3../-.9O.....*...I...u.....v....9B.W.A.x5...^./,...E/.u.r46.Ut.....ZL.....l....x.6.'.bZ......n.6.b'...5`C........+GT..}.9.PZ._......\...:.<.#SK...$p).'.0W%...qH]..F..05...tG...551{Jh..H........!.L.. ..[......B.CR.^ E.+...="?.1=.e....l.63..,..F.,O.M...]@5....a.P..AQ*.B..A9.".k.mbLYE..y~.:..x.|..A.cQ.7..Mr..44 .x..V.%..........L.u`......~.3.BK.y.Q_...S..<.\..pj.Q....zHF..m..OG{..~ ./-`Z.7..>..{.]~i.^...DC.v.....v#&..<...K.#"1..;6}.lK...P..... .}?.s..SZuMT.U..C.......S=...|...3.G.;..G8}vlC.)..4.{...........u't<..huO^QO...|b ..$......^Gs..c.v2.ZJP....o~6.Z........!...}..bN..'/2.....o~..|......g.....t.h..i.&.dr.....'.:.$.@x..H..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\96LGQ1XY\oneDs_f2e0f4a029670f10d892[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):190486
          Entropy (8bit):7.857423217504732
          Encrypted:false
          SSDEEP:
          MD5:4CF4C17283237EBF4769D11E649C79F2
          SHA1:1EC5F1A5A3B6AAF7F1E93526DF47FCCF2162094F
          SHA-256:A88E64404CE3FAE0D153360BC4B224A8C5EBA9A1A8D197DFDDA5E6C931FB09A5
          SHA-512:9CDB634E0A455F6CD65088023A3A464F5538406F71A7955CD90AA806BD76C3E2B64C600067842E9DDCEAFE25E974F9804811E0321E8CA05C3F844DC81CE341CE
          Malicious:false
          Reputation:unknown
          Preview:(wind...9....E.1S.C..P..9..W#P..du.*.X...dcp.Y..].E.E.........j..m.S..x.L.F.zsrv..sW...d.l..?1...Y.1y..x3.3(... s...&..{..*.j...n[BR.w.;5."b.).+...W2}...@.ClD.$}J.V.z>`3......A......k1.>w....*,......(U.`..w0.b.4T...xU...z.H|......d..fs4.x......./.y3..h.0.......XB...h...89.{..Gy6..*QF.....Q....0B.......I....?.}...Ud.^.$~.AE.x....%D[.,}..#...n......2.L...sa....C.^..,bA=r....g.....b,+....z....)c]L.X..........$6...m.#..X.n...../...:}.!A... ....Un!.....|.....;..Mxs...6.%f. .......t/...g.C..`.2G....o,...8R..`..E.sy@/..C9.x..D.%R.R>..F..iv(s.|.g2Y..Wg...s.o\?.`.I.......q.=G.............\sp..f "..t.9. .J.p.j!y#......"........)._ ...2...3v..}j.,{s.....8{.k.g.R.}.<DT....dg4..T?...'dgO..vr..X!O.[.e&.^-...U.2..W...P...^.8.....>.P.G..D..Au..i#.22......UIh...?f.M.?..A..$.k.z..g..o..b....*..........W...8[..S...;qw\-.....e..F.a.?.8..6.].&.&c./a.6yY..K..b....n..2..!.G..4>I..$gsg%H....4.E..{(....)."....1...5d.....r.$.2.t..../...a.'d.C.v..nB.uo.Q..2<.

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):416128
          Entropy (8bit):6.91563267861024
          Encrypted:false
          SSDEEP:
          MD5:8317EC6F1B6F33F439E778D8D2B658A6
          SHA1:CBB87887148A6984A891461F8073649D25626F42
          SHA-256:4710C6ECC293671A5F7E17FC72C98EA856F37EBDF117145961ECA9120C9FBCE7
          SHA-512:CBB61D37EAF21535D4EC1D27EDE6A2FD58587D4D7A59308715BE9F2A5B9A589446C5EB3438DABFC21D08FF2894758AED84A9F2136D1001C71302E8117EE1DF99
          Malicious:false
          Reputation:unknown
          Preview:/*!. ."6j|.FV<......{......MW..z"..e..d?.d2....n..<.T.r<........1.m.BY[}W..-$-..t.1,+AC^.....B. ..6.}.`_c.9.a.uut4........,.."J....#...t..v...>.b3I..._.....4.<..I.U....ts.)..e........|rp0}0.....t..3?[..C......z...`4...".Z.......;.....q...zM..W .D..Nm^.r.E..t.:..@.<7.............%....5.,p.......N$m`...]...|.....t.RC~.5.)........Z.B..8..#.\.Q...W...K..d0>...X.O.u.......................&.&..VCI_..u][~u3g..{:.H..:.J./...oBo..W..W.....P..B.."....F;W..}.....7..7..S.rw6...'.]....ihH.............3..G....<"..m..:.T..Q..hl'>...b....H..ZzJ..W....B.r..... X.S...M.'t$..<8.d..4.....v.v...7..J.H.A.D...z..oXFPK......e..{..m8.V..f.[.D.....S..Wy......+..f.g..\..p..9:.l....R...x3.S.$...kh...5z....^..a.0.;..Q.....I..gStE)..8.@.s/..vi...,w...3Kl.`....8.k...?......[5ZG'......[...{.5............s47R..Y....w......p..O%Y....{.....3....Y.('...>..6r+...X.L....).....m...k.8.1x2.ccK..{2..).D0R `'B....e.<.<...=Dr.(.. c@..k.E......=.........y...u..OX..

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Windows[1].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):814
          Entropy (8bit):7.751081669974443
          Encrypted:false
          SSDEEP:
          MD5:FFE14D5F3302A26C05B217A0AA0FB6BC
          SHA1:D4FE98151A826AAF098078095369499519DA5933
          SHA-256:759AF9B33E1B412AD3D16659545373EE574AAEDD1567AEA28801C68E969F41D3
          SHA-512:14C5EBC130C897E5C40EBA04C8067DDAB11EF77391C7F96C8C28FA599216D4BE7B791C11E135D16A78B53C1D79169044683C6088D18A1A4A1F3827A47F3A59EB
          Malicious:false
          Reputation:unknown
          Preview:{"ser.,jy.2H..^PeiT..m.l`..ce<..M.e.u...QB..-...>P.|.5.3...f.F..~..c...B.6./...X'..v_.:.%V.bk .K2_1....V..B.@..R bLS.4.......p&......v.Dq..!.l?..=S...t.$.p..<......T..:..Vo1..vVY.*<.:.O...t~..~.'.A..e....L0%....n....^...L%..~...=...q...G..j.B$....j.q.Z...j...?+.1d.(\.%..(...k"U...:U.+8Ft..O.0.......f...m.!....+.....)....~p[.F.......*..m.....N..).Dr....x.. ..ud..F.Q....l...3j;;.)yI.p.bbJ..C5em.t..lG.....s.......F....B%*.3......U..F."i..=C/.j.b...9..{..Q.RGo....-.....5P.S".N.c.j+Z..}.I.9..u.'.......N.X.~....7%A.+..l9.....*.w....O......&..N..h0.. .7..{V.L_....h>.D......9.....!.n.......mW*.....".v.....}B...Q...y(...x=.`#..i.......EW.....H..t-..+.......x.j......W.........Y..h....NA..g9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Windows[2].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):814
          Entropy (8bit):7.6910976997886396
          Encrypted:false
          SSDEEP:
          MD5:177C61F1B556997AF0C1654CBACB2EEB
          SHA1:102EDCC7D74EF1410C41E028E27B8B9912F47F77
          SHA-256:0EE0039BD7B88E8E439B53DF8E5BF62C4D85DCFAE997EE494A895EAEAD23FA18
          SHA-512:7A28A0B925F02BA47033B08D2DF13E0A48DC2BAB7817C5FA2867548963A3360E94672F601C35B3D6C0A3B1A15BC06C50DF23A177E160E02DB9379A93B8BA3F10
          Malicious:false
          Reputation:unknown
          Preview:{"ser.YV..*,A.-..)r.......2L..4...O..F.8.'.RYU$6w.r...:<.....O.1.+W.7.....pK~)..r((..`UM..=%..4"M.u`%9E....&..4..b...Q.c.m).a"prMjE.{..#B.D...<.T.w.....C2.JT.Xs.u.@2-..9.M.......2(..8...*y..A8S;.7...|..6....L._[........+....vU.T.;..pu.m...*...j...K.)q..h.yC...)...~x...b ...L..?{......\......n...'.....Otq..pBT^.N.Q.?..p?L&.Q.2...... ...9../..4XB..9.S.........^M. ...0.!^..t.H/%....'MB#...Yc.;.V.E..z....A.5..u4<...FH........N.p=..<.x.....I....^..Y........gwC..}...;/..!.[...G.U.k..Y..t...9.i.!....^......xV.x...T.+x.d^_.u..Mxx.6.N-g....q....'Q....xw`......v?:.U.h..v.D.7A.cZ.:..LM.,.Se.b.*. .;..nX..E..)7`..b)~.n.g.MK.9..';.....V..S.(.h...)R!h).Fh7=R....*......R..oy..Z..+9....p..<5tWv.9..j..O..|..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\Windows[3].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):814
          Entropy (8bit):7.716361393379151
          Encrypted:false
          SSDEEP:
          MD5:B93F8D1A67003F542CE54B5DAE7C2369
          SHA1:11F603F3FD91261D97EFFF8810C1E6A3629DBD3B
          SHA-256:896726C96ECF49C41ECB13D589A7AFF25DC8F35F1E218A7C21C0376D4A96FE42
          SHA-512:D8EAF8766A6C0A84A12A73692586C60E0558F55F3646A261ECB3CE78222BC1C45336D8FB55CE64320F4F1FE702CF7A02F01F7E568A442D0E830090A31C9E7269
          Malicious:false
          Reputation:unknown
          Preview:{"serA.3..4..$.).{....Y.-.k.{"..3...}.oj....12.a/....h.f.6..P....n. 5...Q.).......L.B..q.N,H0.6m......e.W.)2(..8v.Dy.;...3.......`.$....S9$._... ...L5.=..v..A.+...6+..c.-!V....~..@.l...P.}-.G.d....O.S.s.,......Kg:....1Uc...4......2h.........`...J...v...?l6.:....gp.eE?:.........R.n.b9.,.L.z.C4{..{NDW..4.DC.c.....?...n.<..bx.s........(.s.b..e1....f.f.ZG....0.;..lk.?..ZOI4.$x...9<t<.5.........%..A.N...`.....3c........!....;.d....I<F{.S)...u.."........@....X..PIW]I...w..3.<%....m.....f.x...$| ..N..@Z.~...v..RL......lU..7.~>H.x..G..N.........2...t..C....,.d...P.....n...2.o_.)........k.>HE-..?|......}g..x..Gz6.....Q.........#...P.'.s\bY.^..4.\.c..f....G..J..5.;."Z..1.W........+........j..G9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\geo[1].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):411
          Entropy (8bit):4.6420780896559455
          Encrypted:false
          SSDEEP:
          MD5:EDCA7C5EAEC41C2D1880B6161721C8BE
          SHA1:9A650E1C3E6B7E8858A48D55F21C10C99EBE8AC8
          SHA-256:CADED2E85735BEB1518F1C907BB108B1DCD9C481DAD682B7E0A8E1009C541065
          SHA-512:2C39E15ADEAC90FB6D8F5F87B384F86A79E15F0582A4E8618C264FEE7223958E2F51AC5FA60001F95AE215351B677D91718E551DAB655B14F532556CC2D6AA7A
          Malicious:false
          Reputation:unknown
          Preview:{"ip":"8.46.123.33","country_code":"US","country":"United states of america","country_rus":"\u0421\u0428\u0410","country_ua":"\u0421\u0428\u0410","region":"New york","region_rus":"\u041d\u044c\u044e-\u0419\u043e\u0440\u043a","region_ua":"\u041d\u044c\u044e-\u0419\u043e\u0440\u043a","city":"New york city","city_rus":"\u041d\u044c\u044e-\u0419\u043e\u0440\u043a","latitude":"40.713192","longitude":"-74.006065"}

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GO30WR0E\get[1].htm

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):557
          Entropy (8bit):6.011359641811673
          Encrypted:false
          SSDEEP:
          MD5:1B23BA7B984F4C2CB2C5C8F919601983
          SHA1:F02AE8A1B669E675571A414814886EC4DC3E0979
          SHA-256:BE5A1582DE67D257725326A14AD75042B9A18AB8B7715D49568D8546D055AA44
          SHA-512:0709441DB4D608229F5F14759C548DD0ACFFC4851F6972DB3E35643AAD12B018BDA911B84FF75537960BA2BEE37F1014811AB80BCC265222000EF91826135291
          Malicious:false
          Reputation:unknown
          Preview:{"public_key":"-----BEGIN&#160;PUBLIC&#160;KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVMapPNeOhbFEbAzm0M\/\\n53oicw+zpP4Mcd9Smkz\/OIWA6cMRDibKg0XqWpOP6D+hd8KLojFKXumSnomyelcN\\nuAoqPz9IIsFK3M+NCGxk3NNXUjcMzA0OVQ8H0Yz0okeOhAHF9e9MCNKRrHwwvjCh\\nH+6e91ON9Ia7aQUVkrCDW6aLZdT2G+tt9M7ibQZibh6kMsjoAx9M4OcaxlIWz6lT\\nQWXBsyu11r3lmOCrvNify7ceg87aym0WUr4LPdG+OCl24RPwxGFdV6WoZkE6mwD5\\nSzXB7PGd27qxYexnPNVZ3pD2Ru2MJqfmIg\/eXqUs1wMf5+zU+kthA6Oy+Cw2S9lv\\nNQIDAQAB\\n-----END&#160;PUBLIC&#160;KEY-----\\n","id":"9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6"}

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\741e3e8c607c445262f3add0e58b18f19e0502af[1].xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3793
          Entropy (8bit):7.952995321490728
          Encrypted:false
          SSDEEP:
          MD5:21CE27BFDE35E7C00462159FCD3A2675
          SHA1:DCE96CD6EEEB2074A9F7A763AEA4A76AE2594A07
          SHA-256:5D9A2D6697AE5F8EF442D017881890186B925BA9D1F49401F7D52150ECE4D546
          SHA-512:CEF5ECA396FF98305C7EEFA6DD72A0330C782E7E15F82A69A5891941FA1559D85687113DBEAC019C3339999AEE014954BA603CAD8F923533FC5D4153870CE562
          Malicious:false
          Reputation:unknown
          Preview:.<?..v.{.Iu$J.......Zu.!_....V.c..b.A.K..O.A...8..n=.LD.^*]U...k2.4..w5...._.......6?....}3@..e.M.(D~...N...K...n......d@*6]..!...y..:..cr..t.1..Jp....,..1.I'..ok..7t-.$.A..............pf4..~...D.8/W..7[{ ..cS.r..r.@\%F..MN#.'........I/E.Q.l\.Iu.JE.....$......;..;..].T#....T....1e..W.d..Ic.-.5._.d..,8%.P.X....Nxu...6....q..A9I...(......3.z.:}.?=J.i.2. U.'tR...E^.X...$..?....l..z......3q[_......JL.1.#%.....`..J..5i.%....j.A.C...qD.}..}..a......(.~|g.....~.=....F...Beb.6.,I..t.].{n....U.5..V..2...k.CV.W.l.=.8..<^ ..L.z..O.a..".7.gkyQ5e.P..DS.o....Z.....]z&...+...p..3g..G...../....?.>W;.2.DOJU.s.rV[..a.1S..Ar -...}.x.!LqA.>y.9U..Z..4ib...U.h?U5....;...j...E..S."c..\.t.BS.;..6.....C..R-..|.1[_.....v....2..z..)z.c..F.....^')..#....NP.3..9:~,.hZ..c.E...I1L.....tm-.(K.`Cu...dy..8S...<.....@......w..S.S..x.2....9v.x...m...b...s`...|...u.....5.\.Dm.S4..*u7..v......-.|N..Sf.PX..Vj...._.Kg..c.*R..vp..;...O.....f.......AZ!.h.S...D..t............M4...G.

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOqiqEgQ2[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):36937
          Entropy (8bit):7.995147033234843
          Encrypted:true
          SSDEEP:
          MD5:1C0C55EC68CBB7B4264D4F206B5FC33B
          SHA1:09BAE818D990A8D0AFF1B2F1F4101401FA782C41
          SHA-256:8506E0BBECCAF7682726111F52F7336329943FE0934ACAF903575FBB6E6ACA9C
          SHA-512:5D210654267E6CFFF7B005F6157DD5FEA695B9BFF4819E5BBBBBBA0F63D1FFAE54D1D3676FA19EF084F574908BB3A9145C4A725192476DA90811487625D4076A
          Malicious:true
          Reputation:unknown
          Preview:!func.i.Jw..v.s.b..Af.'......4...0.u*...k..7!.Z*.%....L.^N?..!:4.}...v....S.}.[#P.$.6.). 4.........@V4X..G..18]...M.......>!.`$Y........i....>W.........I.w.$Q..x.w.t.t.<..7....n..s@...SD.=...]\].1.g..o...3d......[.......#....Fi..&...Q..iQ..9...0.....N......\hm.....q..-.De8x...d.....p`xGV..b..9...v/.b.fn..X...|FC....VF..."=.ST!...R.....}m.p..K...M..e......Us...c\..;.*....KK.....<.\...u.k... IX..3$..s/.j....j....2....<..r..8.X...s........<.|.'.../8..O..O....fv..........L!`.....l.rg.S.K.....wB{W.o....../.ml..>h..$H..L1.Nd.n.{.I?.CQa.pE.w.$cht_'@.....CS..JP.H...5.e....{r.m.Q.C.'S...je..q.M.r...i'dN.ap.9..o.c.~..U.hR...<.............u'<RzI..6..V...X.G.......#..N...~?}j....=.....3-1.[}*.KB5...F4R....OK..;:N....e.. +.y..NN.2k.....,=.4.....=.3|..z,...ab{..A...j.}.7>d.:t....D.o.mf....B.#.<k8....5... !)6:.5..\6 .Zy.yD"....b.z..]..z.I.|.tn.RD:~.+...q. ).>m..Nix$.f..k.{...........<AN{k.+..6..E.9#..C;nJ.c8......|0ib.y....3.)....[t.X.......p..$f

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\Windows[1].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):814
          Entropy (8bit):7.779007036352756
          Encrypted:false
          SSDEEP:
          MD5:126ACD23B7C12D89330BD2DD1CFFBD2C
          SHA1:E6FA46A6325B27A6CEE003AE153F26BD534418CB
          SHA-256:78405793032415E7AB75450A3FA50137E2EAB4875AB0583C3F59A92585E20B4F
          SHA-512:21547C98A07F02DB58BEBDF7E1A70A727CCB3DC659B98D54DE0BA304CA6DF9503ACD77C3DED889613504F3C964FC01BDA7949D44AC28AD4FA93B5A9464EE9067
          Malicious:false
          Reputation:unknown
          Preview:{"ser.QS'....Q?..$m...$L-... .g.]6..17...DR..b..J~O!..c>V.~&K.q..z.S.?.>.....aZ6...........9.R.:.)J.Z^4.|...i\.U0!3.OT..p...#N....kj.!..W.w../.YQ..g.P.,BJ..f...5.s.@..%`.4....O7....6.f...iHr.="C..-oU.f..8..Y.t...(>U.=8..)0Sg(oA.+.B...`5.#C?..g...mID....s._.t.Y...9T%."...y ......J..<>TV.V.[....j.F..`..P.5.w.|..d...uf......."...p8..&.'..C......&$u{>.....F.B..z_...Q.o..<..U....l{.!..a%.. ....z...y.R.........t.s...B..h..Z.c.....a.I........e..:R.^.Q.~.B.c..A'..vv.SQ&..2.#.q.Ov.._....l.....1.....De.-k"<.!V$..FG.......%..A.zEb.........F.`b..`....85......&....M..UODI1.."k./...R..&...mA~_.}...,.1..lX.a.<'.i.D. ....S.>X...<..#.......BK...0......5.&.\-.... ..'.|t...P.KO. q$....F,2L.].."../t.j\..:....yH9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NB937L4Q\update100[1].xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1060
          Entropy (8bit):7.815121715835159
          Encrypted:false
          SSDEEP:
          MD5:55EAFB3296BCD6D34B0FABE2E6B5AD2E
          SHA1:D41701009BCCD9DBDFA78B96D1774FD3F9DABED7
          SHA-256:7CFB031BAECFC5D9C7CB303DBBE9D480E04E357375E0BCB72770FB92CE2E29F3
          SHA-512:27F714501D64E22A535FA1F46C8F5023751A82DA789ADA6494496150763CA93ED1CA35C4FF4911EC620A07B3BB6F906175DA3416FDA0D3C8F3458D24BE5ACB8D
          Malicious:false
          Reputation:unknown
          Preview:.<?z{.+..(R(Hbh.<.{......c~......:d...a.:.4..N..O...3U.....<.....s.g6.W..0.T#...1...<.....X.,S.p......s..a..}..g../I.f%.\...T4.].....A.E...i.......1...C........N..;l.t...!......b.k..O......:....v..J...O\+"3R....n...hN...~..M.gp...s^C....{.....q<....AM.....m9........#ze.....h..9@(6V..6.h.OG4...6+.tS3.H..D. .g.bHG..hZZ<.E.,..nR.............t.......P.~x..4.:.b....(..S2b..T..}z...*.#>.....1.....lv.m.gL...%Gw~.8....jm.7;....P..J...M..K.....q#`d....)#.sT..)..bP_......&B\..7.7....e..@ms.G.\...r...g....m...<....\.v....y.I...[.Nm..t..... _. V....0..1.d...@.#{J..$*..nn..T..St..r^.:4I{...5\^g...........s.......S..;!.....>@J{..Q....X..4ZY7....A ..7d.......F...p.`Q..o..x....d.u..t.*y.. .nS2...^m....o..4.21I.. A..&............o..V.......\OW..bJ.3Z5>c....m.-.t.....*....Qn.@...u.BGr......K.J.R.'a..9.U*.?/a...~..r.........?..|.QH&.<.g4a....}x.C...QrgE.,.-...^#..&NLh...+.v>q..Q.&hs..mY...$.W.. ..<..A.O........C.l.&~.:-..L.g.?...9pbW1L8qQshua0c0Kn

          C:\Users\user\AppData\Local\Microsoft\Windows\Shell\DefaultLayouts.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):64281
          Entropy (8bit):7.997354181770164
          Encrypted:true
          SSDEEP:
          MD5:10FAAAA0FB6D10BA37224306D24C53ED
          SHA1:69239A2DBE85D3BE76BF3206DB1541D60276440F
          SHA-256:581517441D2E43DFD1DA16735BA657EE68E7BEA9E890EC737A64CFA47023FD1B
          SHA-512:2E9621695C91C0FC050D2FD5472311588DBA0ED97640CC78A181779BACC3656F98413F0731D6B7D9C80EC3FED0120BC9B756207C5E0BA84309280B7950E969D6
          Malicious:true
          Reputation:unknown
          Preview:<?xml.'..4..E...+Xf.,_$N.n.K...+...W...f.."i....H..2.j..4.*_.&.....;...x.wehb.......Rr.....^.gNJ3B+..L.#.(.H..\h..^@....8Y...5I..Y...{.D..S._.,+"^..sT....y.l1n....M.Dz...j..xj.f...X.Wr......!.]....B4...7{....g..h>.....7.Z....h..-.B..io.w..Q%.....4%f........!...ce|<?..d..x.O"....T.9...E...B.C..-...(....Y.....!p.'..}.PR>;.....g.o..Z......M/.........-.......F.&....E..l.k.z....c!.ZYl..t.F..(.....(w..u1.OX.x3..Q...3. v...r.4...a.5.Q........:Z~!v.W..v....*....pW...TR.e".z.S..kj.Tm.^H..=.V.....t)..e)..X;uB..6...%.0.x....{...R..1%..D(..o..5.#..[+..Mx.2.k.&c.@..L.*. .M5....`.....f....c0.J.=......R..........F..-..A.d.5....i...!........C....&.2...\.$...#ae..=.J.$..).....ZR `Z.#.G.o.c...].u|..=....IJz.........tlHR.et...}...tYb.h...(}.v7.....?.%^.g*.y.... .r.&;....,%.t.e" .e...?...l..0a8W.Y..r.....c.S./......S..o....2.^.U..........Y.O5...L.2.....IS.m\-.P.9..W.}.*.>...A.5.........F..@..`cZ...Mn...z+..M0F............0c...N..w.y.CnH'.KD.O]Bu.HT.#..[N..R3

          C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.971952313852069
          Encrypted:false
          SSDEEP:
          MD5:4F3D4E13C146EC593035960B70159473
          SHA1:BDA90C2E5E0218629F96E2C49D4EC67783456691
          SHA-256:73DF709148098B4747893D227F15ABBD5F9C1F5C60F869EA755309B7604C2A1F
          SHA-512:D53DB76E53573A5B4671BEA04DB326390516E79D6A355D7AD8C34E70FD3CCD1A57149C19A74818BD0AEE978D9DFC437DE3E69B120900FFC4239D7FD9AF2386F3
          Malicious:false
          Reputation:unknown
          Preview:........A.:...6.UQ?.rGf.....e... .y._.E]..l\......q.v...m...D. ...@`c..)......d.Z..y....s.z5.......nR%.XM.0..@..5).a.R........N.iQ/KJ:Z....Q.......c.>.vr.Q?.5.....Yp...!.p'.t.W..0...!..g).c.F:.....N..W...."....z...6..g..U....].^!................?J......^.4/Z..0t.F...,.^..+!+..elN..o}.2.u.....2.....W..]....."....A1..?....:...e...Pd.m...d..<...o.e...7V..T. Y.....)..'%..ITo.4T.....ITE.}..Ln%......s.m1:..Y.3?-[}.]Ec~*.y9."..E.Kau0JS.......>.."....t...[q\.c...j|O.|...\...b.S1...D8.HP....|.........Aa."L".........i....0.....4@../._.r..pQ..k....}^..W..u...3...r.....W:.}$..0.R2.q.%..^...=..'...Q.......D...U~.y.>9&rt.......o.uX.....R.G..&P..P0T.A...v.T%....m............7....w.<,.ox...xk.ge...i.*....F./.....o.&h(..!..O..u..-$.....h.4......2...+......\.p.)E.....P.Zj..d.W.h.v.p-.I'<....M...`;...=>....A.....w..Q6....\F,<.%.....$.>K..K.C...`../.Y.h. q5m'g.3.k...}...#B'L.a....Ej.ir.lm.8.V....N4.g"....s..D.v.......... .Kl..i....{...Ib..R.~:.. .?.

          C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V0100006.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):524622
          Entropy (8bit):6.922294902221569
          Encrypted:false
          SSDEEP:
          MD5:D2D222BC29D4EDE005046484D3352BFC
          SHA1:40FE400F5BAE96C0B534692F3D2742167934A1E3
          SHA-256:43683CAE8BE9A46393B8919879544CD17FB7F127BD3D8A7611F3289AFEA6754E
          SHA-512:BB4D7C56FE321DC8F7D2D40FBCA21A77CC2C4ADA3FA3F5A40DE68BAA6AE9D9438D0803071037DA217083FF5E4A46AC1DC72A3EA9E02E6F8207A8C0A1927FFB28
          Malicious:false
          Reputation:unknown
          Preview:.|MH....C.....E::..6.8v.%9..K.}..bQ%.ZY.9]..)...e.g,@...N.m..,..Y[.%.%......X...z.....*..-....!\....4.d...-.j.....ym@;?.cl5m;/~.}.(...,X..;X.{.O|..K........|..........y.s.H@.A.. ...Lj...Ys.....b.........@..r.Y..)c....`....Wl.L............w..3M.....)....9@ .m.[;..x.>40.....=n.....;/..V.H.qJ...*.._*..dk.v^.}A...[2...(N.WZ.....-....I..5.......+8.T.n.a..r....v..HD.)...tk.p..9......U...P..k....\..u]8...I....}...hs.R.gr..+...@*$0.a...h.~..X.u1H...W...Qg....pC...M{.6s.vk.."..`.k...m.:.r....z....nW..U3BU..gy.qVde.l.....H......:..=ayM..x.f.... .r q....^kW......f..u..|.....9...Hg......d2$8O)....g.}\..V`..`...kh.QS.O...mRUL..4....c...Z.}...?.*.^j..".>x..&.np9..B#..+w..3..{./&.6...X....Q.=p....Z...*...N.UR.........xmE.o.{\.......\9.?...tU......?S..``........LF.R?.e.Hp...5.C...be.Gza..?.T#.R;...4Us.u.GQA...k.H.W=.....yT......r?{.EJ.L.}.|.(.d;.V..|.....-?~ X8...a......9..@....3.G.....i...e..'..N....Y<..ey..KP.W]o.....iXC....C...:g..Q6X0FK.G...?PH;8....

          C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V0100007.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:OpenPGP Public Key
          Category:dropped
          Size (bytes):524622
          Entropy (8bit):6.74468873699883
          Encrypted:false
          SSDEEP:
          MD5:2ECA039C6AFC82ACABD86F18DBEBF7B4
          SHA1:6215FB21A662DC3A22662001CC791E3E3D0D0599
          SHA-256:4ADC7354F7123CBDA1BCC58EF6C0302313C7C4C134DAED5064DDBD2F830E6306
          SHA-512:E896BCABFA1692AD7A08CD842E934560AC4EB5C19846A3FBD108B25380FE4F0FC47F05988E1CB10A218D514839A97687C47F8C48D459535F11DAA43276D3BB5F
          Malicious:false
          Reputation:unknown
          Preview:...?..n.p....=)..1j..H8.2.(K}.<.lg..~n..2F..x...n...&.K..........~.hYha'.e..J.O...j.Ay....H.w.....w......|.......$K..1(..[...np...U):}p.&......0..D...+,.r......}s.....%..k|.!.p#{..f#u.R-..|.c..?Yk.)..p.A....9`.g..V2..n..V.c.>.b<.}W...X......)...OP.P..Q..er.[......s.A...e@~f]?...H....p....v..h.HL5.L'..0..........@Y4. '7vb.bw\.%...$R_...........Ax.A..y.....`K..c...K..Ht. .N...R0QW....$...!.......G.m...rn...x.9.L..f.UN+c..)h....`z...6.)Zku>E....'.....&U...(...Gp:..!...........F..R.Wb.A.......MH.)...`.$...3...'u.Q...v........L...8.+.0..x........?..p...8k..3+..D2z....^R.:...U.'iWl.F..S..C......O....I....$....5!..8..iEc]\.>o.......^Jo...yd..Y..!L.F]=.t..T.; .....g4....h.....9..P.@.l.m..=..qeTR...L.3......1..>.Y..FO3..d1E..2....s...o....v..HU.D.A..D......{R.5O.t.b.K....p.>!..d..@..../.z..=;..S..,y.(......ls..G+.%.!.06+.......++`D.K.q...T2...U........ud....G.<.........3..F.h..B.t.+....s......i...$a.3.Xh.,...9....{+..l.{Q.9.h9..F..

          C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00001.jrs

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):524622
          Entropy (8bit):3.2073201132619666
          Encrypted:false
          SSDEEP:
          MD5:DCD2AAE5CB6E003B465D569DEE2764C9
          SHA1:D7F608C2854EAEFC1CB372542474FCF67BD42A30
          SHA-256:FDB1A1FD58599C42919CE152EFF3409704E4B23853DA12DD439CEA3F302748EE
          SHA-512:C6FA8D580199B48B350BC11197C8F2EA9AC853D2BC8991F707C8071E095FCAD674B69FB502157036A0B67CDBA5EDB773CDF2B597510570A55966E4D1FB9F9C95
          Malicious:false
          Reputation:unknown
          Preview:.....Q2......Q..W.....eHm0H..:f.u.....p.Qc,7....k..t...d...1r>q.~9...$.:G!k^?....H8g-.N...X .~..,m|..sgY../T.cc..;.:vg.Z..Bf.\...w.Eby.`.&d$.O.9r.D6.W...AD...-.zj..u.,..>.P....g..rG..C..^%.`.0..?.Hn.......O..o..1_.w.....a.e..`....`k...c4.yz....L'..K...........n...G.....o....'`....q..!....G.)..y....W....uD.%:#.........um..)g....:........U...o...!.x...{..!...P....P,~.t@r.H..V(...'...y.I2R...v26.._......^.b..v..Gp....T.N.$..?.M.....g.}.}bL)MP..TYV./...iP...o...l.,..d..u.Dr).h.a~.....(G..[...'..`X...A.Fz.r6 ...#./l..(Q'.h<..$.4.....UI..&.?..fgT;.....^../.s.l..U@.....Z.&'...".2...S..[Q..Q...R...3iD...s..1.*....."K.........J.H".Q...8_0......X..u....E...Ej..dmh.........nR.Mf..P4....9...<.gi..j.8..#C..m:..........S..R2...<...r.....&.VS&].o.....XL..y.1..._....c...n/:.:..E..u..4...Ee.Hs+.F....._g..zL.....]JP..^_..+......../.?..E).....y.~C.6.\..6........c.FX.#.g0...J...&a..h:......\w. <.. .,.....*.;.4:.N....s.Tfc.'3.d.=.DX..K,..p.=.!..z..py.......\..

          C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01res00002.jrs

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):524622
          Entropy (8bit):3.2080993374986573
          Encrypted:false
          SSDEEP:
          MD5:0BE94B679DEB23D3BB8906EDCBDF8138
          SHA1:584C84318A3446412E75EFBC27975A945768422B
          SHA-256:175F4F221D783E98FBAFBA1EC01CE987AE9F0D81E371BDCB53B04BDC7189A3B7
          SHA-512:05FAC72A95031DAD04F6C5874C1F81D2EF0CBA5B92801F543B3AA72C36DB6E49CE2EF85DE7BD112CA80E47DB91EA8D42369F44EC6A86DC6593A78E5B4297867A
          Malicious:false
          Reputation:unknown
          Preview:........\%..G..[/.Q0.~.Q..W+.....d...).3u...Z.....I.....:.Ic.M........!.p..%.m.mgL......S.q.:.....Lw...........fn@...A......mT..'=5.%0...p.3\b........v..l-....O..mu.v.du.....y#.......<!@G.n..0...9."..)wNp...T...#n.......".....@....d.BL..AK.wu.{..$..R....De5.;9+..{Gj......O$..Fm....B...,..P.{...3..d.._+k}.....$hdQI1.e..w..r.|..Ec.\n\..|..E..M..{..ri....iEOP.........p'.8...w]D...p.CO...g.7.Hq..s....+T......fK.".....u./....?L..a.z.\C...&....f.VD....&F...D.X)..i.....7..F...W.....G..P..y.2O...A)..]u.<%.....W .#...~ZY.R.m..}.[-%....b.T.S..-..CUD...w.ia.....!g^.f.!!f........_P9x...?......Y.r>.............RO..I.s...`xPp.8M..b..."|..g.s.}.4......y`.-........#.<..3h...Y.w...O.t..WW;.......[.*...(6....@Q.;"l<.P~q.,.K/...j....R....%..g..d5.R.w...i.Y.....|...........We.._c{.c..3....s...y]&ie8.w....[<.}...#.\)f...#..x.7...S...e..h....~X$E....\..@...:[C7.....v..k...4..P}.ihz.a..{......U..z?RQ..^..$"..4...">$".b..5..;....I.|.....?.=i...4.4..3..&\.|E..)..80.~

          C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01tmp.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):524622
          Entropy (8bit):6.55109440851799
          Encrypted:false
          SSDEEP:
          MD5:F20A58EBB808A24E0972B08CA51D383C
          SHA1:F5EBC1FC43AB0C32434F2B7B5306E15C596C265F
          SHA-256:C3D154FC9358FB8B6B72DA3864D860FFEB20060B4130A1423081D83B138868AE
          SHA-512:FD3FB0D142C6D2AFB1C30C100DC68DF49B51E8C3307D8A13B20BFC1C88388302C9BCC151F97BB7022684AC402833C0B532BA9A2FA7417113A650924481764C76
          Malicious:false
          Reputation:unknown
          Preview:_..j... .w..C.=.:.3}s...e[M.W.?......p..+...1&.(T.M.D..J..fk....>._...;.*.|..gT~...u..g...G.>...04.....Gf...|{d.i(/lq......$.m........`.....sU...g..J.;.3.......d.Vy~ed)Ne..n...a..~;.".a&*..]j..4.(....@......N\..j..G.dKk...{.H..3I.....q.#33h.7.E....'}(.....,.1m..t.t.U..P(W.6RU..F..e.dg.E.?.....(eO..&.hl.v..:.V$.8.$4.B.;...._..T.....c..y.a..n;X...|q.....-..LR.@=.8.izU...x..u.h.7...f..-......3&..D.^...).EAW..Z..fO.a...F..a.......D.J.......=O...~......r...j._..gVI..W.....r.X=...(..........-....t"]._h...S\.../l.{.h.}....!`...1......~.....rF..`..Z.X.B.....Q...C.......N..1.7...[$Y..c....:...~/.>...fF24..+.P...,.J...#.^...f..B_.k./.!...U..n-.....gN....?.;...!.....].X...V.N.Z...y.C.F...KcC.Y.y.9...I+.U.;..}..9..jF6......[..m.Y...{.k..u ./...v....Wbb............."Y...?..^C..<=.tO..D/..6..k;.'n....z.+h....F...P..._.......s..9.."Gy....{.V.....S.H..8.^j.@.nn...."d.... 5....E.Mp..lC.....wK.n[#.o.G..;..l..$u.6.....C.)...V.Dk..f.I......>.pT...V1O..f3....S...9

          C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\8h0a78bs.default-release\activity-stream.discovery_stream.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1583
          Entropy (8bit):7.858690092189837
          Encrypted:false
          SSDEEP:
          MD5:B82E8184D0F790A3BFB6BD8716698384
          SHA1:F729C9E813D970BFB65AAA69B1D9E9CDB4B70FA8
          SHA-256:24D758304F6930933BB9BEB2F4FF7424FA366CB381EBDA1648037F9A58FCFB10
          SHA-512:60D444B86A43300F458281F28E79C3CAE02F9ED8D8A4E9135FB2DEDCB287CA92849CC0D8E2AFCA0A71A4515C436AB6E146A7C6772FEA5DECD4D2E3B56C713B23
          Malicious:false
          Reputation:unknown
          Preview:{"spoF..Nn.A..r.;.t.j4cL.yz.....".N.li..../....+.6q..Z.:.:Nb.Qfy>r.|.....&az4|........|4(....=....0.Z@..?.+..s.~......+....e..8I..>P.z7..#.2U.~l...V.6...yd.k..6Y....C.l............k.\..k...L#.....f...NM6!8.@)c. >B._.y)w..F.Iq:...v..c....c..!.L.......N@..."~...k..H<...{.T}.cT.t6.D.q.z.#..4T.....&.)}.%...|.......S..{`.".....J.....P.[..MC.w1...A..{..M.,...[.n..........|*..Gf..ijJ.U.OU..0........SW.p...Y^.......y..o.Q......{....7...c.j^.].B.....8x.w...w..~d....".*.r.q.Z..[.Di...:..&.4...|.W....f....&3C8....Y..B.tD..)D.}p..=....`3.h.AX.......k......)~.....q..N.+e'.R .`..*:...s.*..*.k...9...qP.f..Y..qv.k.1.....g....W.7. ..4k-.5)>X..2.j.`w.=.Q...t ....2..%.Pe....c|.b.........E.!O.,.......0.5J....eG...d.VZE...Wt[F..^.[......7...w..,!.`...yd......$Q....r....7m..L.*..x...[2Vakpy.(I...}.4}..4.......D0..b$..k+...^..t....{lel....tx..x.#2o,.B#..W.!zM.?b..B.|tm..%...A.hV$ha..*..f.;..JT.....h;W..8..R.$....c.i..H..,.."...670.+...9X....|...."...|.m.

          C:\Users\user\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.979270892418821
          Encrypted:false
          SSDEEP:
          MD5:90C3C6024D374C4A5DB67E2CE3E5D497
          SHA1:73DB37A2E6FFDCFEAFB024469EDCED4CA60ADDAC
          SHA-256:5896DB5432AF292B42B2F808037B92FE2C0A2384083F248E38F52D0365B98C18
          SHA-512:D0D507AA43130F1808A45F49115FD6DA0571FF68C0457ABC1554FA6CD0148555FBDBC640C81890AD9F36BE39393E8FACD3090D9961A665315343039A37055435
          Malicious:false
          Reputation:unknown
          Preview:regf......~._.J_.{....q....Y.U2yp.m.P...2<.2.0...GA6.]...2.j..#....M..~..u....M6..........m..F...!...9>n,4E ....t(.!..".....Y7^....S..L.j.....Z...Zo3.}.k....-..y...L.1.n............%..3.#..-..|`.E..Pt.e....."}..B.........y.yz<E=&T.-..%gQ..%....m2{5....e.!..3;...z......c..JN....._)......v{Q^.H.G...JR.;.9..2...xd..K....l_M.a`.D.H..F(....6..M..z..o......}.`|...\GG..t.(.7.<m?...ey...I...J.......M.o........=.w('.`$...2".{'...r...]..*...&b1&......3.7?b...(.o.(v?......JV#.v.H.B..;x.$.X.N.p....y7... ...@j.lF...K.*..D..m.u]....|.."W.a*............t.......T..q.!.a.7t1.2...O.~.....m~..~...z.. ..M..I-..}3.T..;...PE/.x....Y.M.T..L........S.....6......2.....o....:&3!...n.....).....b......{`U2F...9:.)=h.....+e.RTI..9..(l5...w0U...vx..KF...[..']~..c.Y.<S..,.`...y...4...h....\^|.....-U.H.G..9%...i5...3..d.u..g..=XQ.o]....)...3........g.0dt..q.#ZW.m..j....9...l4..o~'..H.;.w#...A,..F..w.Qn.\H..Y....o%/.....'.l..0Tqw.eq...S7...`4..?y)\....D.t...`./

          C:\Users\user\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977597870923362
          Encrypted:false
          SSDEEP:
          MD5:70197F2C34E25DC5BB8CEE502F0D46A1
          SHA1:6298A652208F68CEBBDDE6B3677D7F2E91210A4D
          SHA-256:C814BF54ED143C07CF6E2894A5A11EAAD3487E49BCE6BA4DD67AC1C2A4DDC3A6
          SHA-512:46C7C0BC8A164C44E01619799DF4DF5D0D86D5D06E578AE52CBA72BC5397FEFBDCDBA1AD4EE4E30848000B4C0D0086A5F7F94F4CE16E395E92E0E0822E6E3094
          Malicious:false
          Reputation:unknown
          Preview:regf....Z+S..v.......)...Zuy..%.]j...q.uy..a.88.....0....!..,.'..._.#f...).......[..<.....9.:.gjJ....9......pp....Q..G.v!.W2w1<.G..(|.......M....Z..y0u....J.4.......C......;]h.E.*.#.R!a..B;..%......>W.c......p..=...>*.b...qa......;N.....U.....-p.=.W..~..|.W...W.....<.!5`....4........w...h.....E....8..bev..B. ..........]...5..x.%H..CV...6.a.\p.?...Z.'c.n....?.....J!}P.Pk[.&.....(q.bN........EW 2........=.%^-...CT....c.Z....s.8...8[."..>9Ga..\.H..l=O.}.....8.g..B...0...f*Q..l.B....A..O..Z....9..yTa....?#..'].fy...U....iv.;zr.....q.q<.e..*...r..is..gHv..U........QE..9uc.ys.......48.a.#4-Q}......@..~.`.l...BP\....V.^.a....>d".>..9.......2.i..LL.).9.Q....\..O...@q8..8..C.>g..+N^..6..+....@......A..ih0..!.i..R.X...1/%.3Z...%.=I.{../.X.....[..Rp...W....u.....]....q..I.8....%t../.U.vL6........`.~.h....l.......)&9.=P....r.nf.../et...R5.c.....u.\.$..SF....;.\.......Y..1.YW.....A..V...M)I.n/.....N..6p'\.o.5.@...fl...X..|...C.J.Jf.J.B....$.N.a....

          C:\Users\user\AppData\Local\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.976922315328405
          Encrypted:false
          SSDEEP:
          MD5:B761D955EA1B1CF0D5C4EA70DC29A840
          SHA1:A1588CDA6D51C94C5505AD63B8E71EF035E29F8C
          SHA-256:08E81EC449619247FE4BCBBB168A62BA861DB453BF38301A7EB5200DCF7C2ED4
          SHA-512:337AA6565CDB4A60F29B847C0D8F536AAC2589FA4AB5504F8132744A7DE8B3D3719303E8305183ED08DC8430CD1A79F3BAD70C4AAD78A9AB8022E75CCD3F96CE
          Malicious:false
          Reputation:unknown
          Preview:regf..PW....-......S..N8D...PB..$v.@g`d..1.gf....z...b.-LP.....&...Cu.a._y;....I@S.k.0AZ.....O..$.iz.&P4.)?.j0F#....)..Y....X.]3.SiK....F'w.3e..'.{...ai..G....n..>w<./.k ....r.g.&....~..<.g+LH...o.}%>.........\.b. +......o.0..8.7`.s.t........Z...TR...+..*.<....J....4.....*.wd...<...:.......2....z..J.Y._[.r...Ecd.z..sH.*(.L.L...y.......u.,..}...#..<n*....g....C.:^.7...3@...?P'...'...5%.X1T..;W.A.;Sh.........Y6d......R. ...S...7..}.....r.....].......B.b6...c....\.I;b.1..@.(.Z..!lP...J$.%1C.8.....Y..W.y...8m...*.E...(..!..fb...;.c)|)..t4.......P..?.>. _.....Zt..x]B.99Z.....4....B.J7....EQ.?....Q....Z.l.J..@]...q.nN...5.Eq.....U...G9.XV.$4..E)g=.X.>.k2....(Z..S.Y?=...B..QS..D..y.^M-.Sg..0...J....A<....5...$A......U.Ut..|q.*+.M...4..."..(.L...-.H....N.T..co....H.-...q`....B;.$mad.....;.N.^_s...Z.q...Y..........*..!]...X.]?.rCN5..u...^.0..,U3k...qOak-U8.=..=x1 ..I.u[...H.....c$..=.l\..^N...WFu.%*.l....I.O'f..I`...<g.+!.!.."......2.+n:...IJ..yz<J

          C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.976970423656952
          Encrypted:false
          SSDEEP:
          MD5:B7062847BB3579DD2E70C76E95F4A1A2
          SHA1:FAB4E248D561C82CF0EC6D256059DF7AD2F8926F
          SHA-256:64AE7479FD303B12DDC9AC18BA527C2BFB39B1C26D39507C20E88C8036AB22A3
          SHA-512:5F828AD2D9B9F4E20E91A79A85BB53A0820D33617941CEFF37D5C9E48E92707FBB4C5681D57C11CB8053CDC2046FD8D1FCE399BE3E9599918B98359E3FCD04E3
          Malicious:false
          Reputation:unknown
          Preview:regf..](......Z.z..J... ..F..3,..n..57Q..._.f8......s..s.......0....Y...G..(....|_\.Blfj..]..e.V..Ol.3 C..B..&. ..[..uT.E.7.6..Q......'.)..?..f.@ty.x.....47.K......R.g.....8.?...{wB6......t+2Ka........,...m...]..u...W...M..@........_h.....K..n....-.+.|.....FI.L!3.;.....^...E...B.m.@>G[j...;..*.<Q6......(.(...C..xT........["....H.n...l,o.aN..$.8...'..]....V.K..4K...Z...W.w.}..-.......!$.....f.......0I+..z.W.............%....4...=L..^.y...:%.7{..f,vb....e...Dp.2.=...+.&f!zy[....\......3......k%.M.7.s.}.....oL1JW@e.r.J.,y;.j....d.!..f..7.E......>y..\..U.`uF...-..........--..c .9m~..a...S...}.{...^[.f..Q.X....[....f*..S-.IO.(w....#.|..z..J.L..rBO._..W.Z.).a....`.7...1...".C..2.....j..Tw.f.1T.....!U(%.......gl.W..&..t.+.D.Z...._..0Z..!.6w.7.).....^Z.F.5T.^.yRl...>@.K....n.Y.X...x@0....^..:!....4.k1,..jf..Hi.k.@w.B..=.. 2....FsA...].....4.C.*..S.!..6...>..c...._.H/..W_..d..n_....Aca...+.=..bYS.W.\..6.k.......S."G....Y..N.].9l%.Mrqz..2

          C:\Users\user\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.978690662664908
          Encrypted:false
          SSDEEP:
          MD5:9AAD0B23CEF12608A213C58BD2DB1CB8
          SHA1:1E57977ABFD201B1C6FE9022938F559846170187
          SHA-256:233778CDF123A021A5BB8B658E8B832D3B8D8EE83A5F3A687A3A7C34579F82BB
          SHA-512:59DCE20CFFA1E2A067D3A436BEAFD5557E26399CAE10A85603B4221679E0F3606909C8C0BD9EAA3168B992896225C662BEC953502AB4D25FD51BE42BEE0F5206
          Malicious:false
          Reputation:unknown
          Preview:regf.L..h......M.B@>..k.6(....TK^...'.f.4A.]W{..j1..))f.....%S...O..LS|Z.......5~\\...A.\d.63D.....RcmOK.G.|....@b.....N..e.6/v............_.K..B.KaZl...'.(g..yjy.vJo..q.....0....Hs....hJ.<N9...H.o.@..#(.).+17.....r...>.. .n.......].r.R..N(..5...$~<..L.a.ay.....5Uf,..\o.`.W....K.-..*.xA1b...T`.*..f...(...!.....].S...y............v..Z.../.U....Z.aif.t....."..g..x1..h.).n....2H...Y.....=......m<..............h.._j.CM4....2%...Sw@.x.rk/.Nr.5z..<zr....z.a;^...1...{1U....'<..._.....L...c...&QKm.SL~..5..9.a.e...L...E..3...F.....i45.h.Bqr5.ubPAZ.......W....v.D.M..<7.r....i.;c>".O:..b8......4J.{.u.#..T.<.......A.....h..<n.Y[B.Sm.8..<\....zu..._2.....Q..s8|.f..6!.vX!...KU_.x^...Rqf..e....._Z.9....0_...T8.k..6..y....... "...O.C..l.(.....1?.R3..63,.0.s......+......:..%l..'k....7...XEe...........Wf....F.$.T....".}t....A.d...[....k8'.OKQ..../.}..X...o.V.c..e.%g:....'.g..Sh.q;`..P.....7.*./.l7._....s..%.v...A......nz>. ..D.c?K...X.pp.8Et..`.. .|.....^.II....

          C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.976852536224954
          Encrypted:false
          SSDEEP:
          MD5:A1E63FAE8102D604DDA3637F46C13FE9
          SHA1:1F3222F5E962A2B26A0EE9FC25BD4967B40888B8
          SHA-256:AE2DAA2BECD185567FCDA2BAF215B8DDCBE2E0519000030E849BD06D9550C02A
          SHA-512:9390AEF6F46E77E20E44F3D32E7FC5E6D4AB4E62FE0B7FF3052F3F41A74B8BCB4DC9BA87C72CA2DAD7597B9BF5F831D8B55BA10B752C4BB3CAF4F6A7A2C7EA85
          Malicious:false
          Reputation:unknown
          Preview:regf.+U.G..t.IR..+,.Si...6..9..R..$V...H...vI{. ._....b_$..7.......G..#....4...f.Y.2Y......7.C..B....X..',..f.=.:.....Q......7......j...6......<..+.;..^1......i%83,..s..p.!E..f....6.-..j...(.Biv>[..<.Y../zGm...U.%.*.H.$a.H......8.B8.N9hb...{..!x....*1.O..H.u.%'(.m........3k.....02...i7D.........8~}...Y..p.l_M.&.K#...............d.q..z.}@....3.....q...D.....T...'G.v.......'..|..hX..?#'R1....+{.RS....).8b...m........=T..R..>=;G..?...Bh.".[.p..iiR.....H...E..vH`..@x....[1.-..L}jT.c7.^.uS...../W.lv..9.d&Qn~.$...{.`..D...)6.Y...)'...K.c.&..b[.w..........^.i..<..P.. .ys/k.IZ;.#..F#..../..N..1G..)m.'a..bM:6.p7...n.O.B..>~...M.OV[rJ.|K'......y.+&.{z.&.u[......N.....wU<8..Fe.+3+..4s.....*x.P.;x.Z.|ug.W.S...&..(!F.6.-Jq.!.R.~.WC".o]-..d..1..n.{...f....^.NiuM..pQH.....&dq......#.D4.u...%........X...0|$.B..i/@....-.....f......u..Bs...6..9..D.....V......I*a8tO.....;T....`...r..].....Y.u.....7Q..V.........b..9q....+.......9. .5...a....sA\

          C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.9772704583104534
          Encrypted:false
          SSDEEP:
          MD5:44F7B31CB51DC18716BF61A3A263DA1B
          SHA1:52CBABD625F706C7A1B5DF600EFE2B73A5B3FE9C
          SHA-256:853B86925963955013F9027CDACB3618004D166FD2E4891D92D98A00C9BBF9B6
          SHA-512:3A2BFAC741F2CA91D5EA4BA0A8FAE1DE3945A0B034A02254A410CCD2CE14876E9A88080EA23B21D6560BC421E5552364C6ABFEE2EBB7E527FAA670B0729190B8
          Malicious:false
          Reputation:unknown
          Preview:regf.......L9.-lU.......8t jZ.3.<:b^*v.....c.?..+.....>......b^..].+...A%.)<......o^=....-|.z...vX..1......a...4.4...-..... ....p....y.io..h.m|G6i...}B...OmiJR..J..A.....[.;a.ePtBgP.%.....a.T.Q..q..S..N...,.ezJ..Ux..*.5....m..7|\.{.b...%W(.M.F..a..Pk...w{..L|[....8.,..O.F=..V...l...P{.g82"z2w'...i.1rw..`...t.kas..i^.3V~........P~.n.,..9.B!fa.6...3.=...y.P..+%.c.. l..v./.V....yUA.s..R......Mi.J..Y'..$!...o\A(/.$B..FcU...u....F>i[.e......A.+.....JAFo...B..p.h...=5.@.G.e.W@...i..k...qQY-<.`.+.r....mZ.....$......VUh6.e=w>.N.....g.9.5..._hDfT...%.;`.=.......@.Y.O.cPp.AL..,:..=.R.2r.P..A0....F..c.).T..B..E....i.$.n...`.....z.U.B..?...[..:#.{.Q_6M.V .2.N.j.9..K...7.j.*.^.0...*..[.....A...ER^iTG.N..aH...r...?S.Ou.UU..v.d.V._.X.."..~.....@.}.p..[.QAUD...b.C..V..9.....8B...6......VsM....h.........,f...U...>y8...W....Noh.."..'.>J....pj...\....+...rp`..!..7.w..b()..D...q.._..W..1.".....@t.b...m.X.# .......F$O.k.K.?..To.w".*._.2....S.=..s.9#H..e.Se....?..&.

          C:\Users\user\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977599187478167
          Encrypted:false
          SSDEEP:
          MD5:760978C6EF951EDA8FC3684F0053CCB0
          SHA1:8E75D74579F2C111EBC0AA9040E207CB4439A25C
          SHA-256:83F993D5383FC7DFA2BBFDAE6FE75A27EA249FF0D7C1CAA392E64FFDBDE10D02
          SHA-512:E80D1E5259A80B11F6796FBF59798D280ACF5ADD3CD32E022D0F569566708ECACB456EF91C7F73572FC8166E4BFA3F4C43FD6D2BFAFD9C57CE9BD8874FAD1706
          Malicious:false
          Reputation:unknown
          Preview:regf.....W....$7(jh..0o..o.......4.......d......{._......<."...>...y.R5..,mt.].9d./B..{X"..-.+oNJ..!...Ob.G..C#..@..%`.v..c[.....|.s.*w8g.........Zg.P...m.kB.._..9.Q..?._=9.e1H.t.P4.<Hl..m....5.@P.Y].......~.e...j']..D..4...Z.f_..a...S...r|...Mu.bI.D.Ab....%.KpUG....j)..=.1.N...ty.......W...^[-...Bu....9....}S.tx....%+.!m5.z....K!.....+.ncA.1[.q:....:L......s*..;...6......i@.a.G.,.u./..a.._K$.tv.v/4.2...q9......E]../l...$..1.}...Hr.;..e...P..3..).i...............%....m.8u.9E.$.A..jX...5......B...<q.54.cy..t..0.(.c.......a.h_....m.&.....v.0)......?.p...XA.b.\....o`~..*;E.{a"..W.~.N.......o.......!..F..u.......<0.*...yk.<.=......Qnm..A....<".... .U.....r....w.s...].Y....V....P...$...A.I....v.~F4...5.[.}7.X..l`.......oM..":..).n...'m:.....w..).6..b......W....8...%.ai.wg.O\...PA}....<..|.>.z.9.D...NJ...k.....6.@....r~..T.....sE..Y.[.Jxr.n.4/..nI....9....OD.g...`]_..!o..C..........P....B!R.q....s.Q..n6.!F..w..F.@.Tm...%..}....#K'..0E.).9.%j.|.

          C:\Users\user\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.9772220828144365
          Encrypted:false
          SSDEEP:
          MD5:EEA93DD538AA73DCE95AD7AE3CB01B1C
          SHA1:1EEEED5485F0CFEF1D19218A298EDE47BB3A41C9
          SHA-256:498D63212EFBCF45210B63CB345B4FA63D42F74D609F22E12CEF4A4D709A519F
          SHA-512:6D166D3A2C957C0757CF528450CF595C21982CAE6D9DDD6B8AFCF255F75B1BF2C7852CB11C0A00C4A0DC454E6598F7DD14497ECA3CAD0F8A464EBF53763A6B8D
          Malicious:false
          Reputation:unknown
          Preview:regf.F[.<JI...q..8...W.....6....V()...D..K{.u..0..G./Q..xR!'UM..Wq~g..O`..Ws......d^?.bY._..K......-C.'\..K .4+..Q...}...y_..?3`d!..2...+R.z.[(..H.R.a?....+G..Z....Fn,..Q3Kye..o.g...=.&$.....K....$T.\.!./O].%.m..:........3Y=....e..##M...\.6...G2.O.....hA..).V.i....S.-Tp.].....9..;..?N.&+.Zu..w.K........F..n...A..y.USh..D...w..[...\..p....J.9...Z..J.....P?T../W..vU...-F.6....",m..).e.=..".1he/....r..}H......I.[..|E.`....Q.`...;.c{L.*'q.....=......vc^C.....^...@..z..yp..g...jtl..k..l).T..=.......!O......4ag.R.*3.....I.i,.@..u.7..\]....Zq*7.....;.w..y...v.!......U..7.........K.!a|v5Jq..q{N6sp.i.....W.c........".[.U$. ?b..6...Q..q..u:f_n...i&..c>...Lw.T.f.x.....0. !bv..`P.u.QL...L.4.".L..;..,m....Q+.Q.v+.EFN.!....LX...jd@.W.8........'^.......e.|B..sl.1.....9Ax=.&.z.........mV.6N......-8.=..eA.D..y?.DSG.....N.4N..C......f..E...|......#....L......i}3..\,.....z.$...`.fEwV.....2.....a..+<...t0...B"...9.#...p;. ....-LjV.A..S.9....K....C.r... ._.

          C:\Users\user\AppData\Local\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.9758445590971885
          Encrypted:false
          SSDEEP:
          MD5:B0633612908016F994FE00C86BFAED87
          SHA1:3B7155A4A6AEA039F57BBC1994B18236D9C65722
          SHA-256:EB7409991CC5047688495AFAA67DE03C3FFE74C3D0F0274809D0FF88B8FEBB1C
          SHA-512:68A95B59734897C0E601851F0471502D89699F51E29DC686786923007C8D41B3934BA6359F99DFF2887B5D50085CBCA47DA7F582E6C435DC2FA9B8FD69D79BEC
          Malicious:false
          Reputation:unknown
          Preview:regf......x.I,w.X...%........4f.j...1.[C..\N....U~Z..m.....OP..&/96m).Lb2zB...&..2.8..6.:.~.s.E~.X..9'er..\..z~d..p...I. ...~..9A.s..m....O_e.R*...\.BDan....a.2F[...J.g.X......UA.*..>.D_3.*.....w..y.A1.Dm3.,c..........<...(<......0i...?.It...$X...y<..;..9J(..@..#.z...&.N5..j...]`........l7.......`,.X+...VA..[.._.}.L.Y..`_..a...m...=n..w?.V.....N.......a...3.A.;...u..._.p&.....e..R....t.&.9*.O......a.&G0xd.(f..Y.u.;.Q.? v.k.......T.Q60..+.Zc$B.p...|...z...z................v.u0w...N71gfqI. ...9.~...F....H(7......>vw..3..X...8.6..CY.d...@3..'.]...7...Lc..#5.c...f..<(.Y9..7N)....O;e.\>.ErH..j\.^ ...~>.......G...H@.5.5w....i.>....9p.\^.....%.C...h...9x...*....Y...K~....`...CK...]..g<.D.Qy..B.m....Y.p.~.N%c.]L...fqA.'Fx#6q....8....D......%f.<.f.Q....8~..@..w....}....TA.].....1.F.4.f....2/OQD...oPR.9.ld6..W-.T.u..nh....Wd.b.......>@.:.....@....4..G.ne<...NH.......8*..=....4..../....*..3..cgi....h+\...4XL'.>...L.^-b.48.#..~~B......Z...[N.....(9...

          C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.97501790271667
          Encrypted:false
          SSDEEP:
          MD5:9848D9A2535369F21C77439442B847AF
          SHA1:DBC4E211434D4897965B3685F65EDDF07B8760DA
          SHA-256:167700F8FA78EDB4B214E8A888DB4104107DE7A79642E2A421C1A8AB03253F98
          SHA-512:D21908F675AEC6BD76725CEC704A7468BA05B89D98F09D2B325A0BB66156C674F6808BE92AF42839F34F8D75B20392EA66831DD2D123959DD9A9981D91992EE3
          Malicious:false
          Reputation:unknown
          Preview:regf.]....w.....&.j.B.&....g..O...o.].%....,...]0...1..$pN......A-...o..!.`${ZP.VO.....t.........p`...<......30....rRU.. .U.NM.BT..*..}....>z..h.<.j..S.....2....)..a.p.$...a.q.&....._..z.%+F.0!... ....crt.....a......g....q..u...?.h.rI2D9..c.....Pc.... ..S..f.3+3....$..:X2.Nf|j.7....)..%Q.. ...Qt.&.S....?bi..9.WS?.....W&Z..{?&p!o7..+.$.]*.8..)9.q..|`T.+.V...@1d..XE.y..N..5..4.K./E[.h9.h.7_...wuo........0....'.5...(g. ..MH......@......w3.*.d..2...Q.4Rh.v...f.[)(R......).TZ.W...C....}.k\(.t}McV..J8m.x....lZ.eb..W..`..^4!..&....j....$.'@..c.(..{C.M.....^.%~.2$`..8.J..Lq.$.i...\!..."^.KX...Q....$..&..8..o ..2.)L.n.iKU.`..U.........%#..T.....L.3..|...O..g..'.[tG..x.5HN].h..l..Y..}"b..... .J.........?.f......:....h.[...qt....7......u..$.B..........w."K.:t.....E..$...A.H..wh%v.`...c.i.n.T..S@.V.2.=..J.k.5...h^.2...L?.z2>$....d_R.....%&.az.&F.(..ta...\........<....Z.n...!.X..+M<:....I)[..........2M*].+C.Y..[....b.......2V0....UY......

          C:\Users\user\AppData\Local\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977170484042187
          Encrypted:false
          SSDEEP:
          MD5:2F0BFFC5B3E04BE7A7AAA3DD512F2C1B
          SHA1:F02B90CA2E669A1B4E63562223ADA2E6080B99D4
          SHA-256:7DD8E891B2C6A03A0A354904648DB6D932FD86D3868A9129CD50459AB360E8E4
          SHA-512:90DF28C0620E57162E4D39459D2B750A457F991160B1FD98805CDE3D04CC6E4F590F833411B53403B814E5D6854327B7F5A4A54A04A57089BD3579397C350189
          Malicious:false
          Reputation:unknown
          Preview:regf..f....r.@...,...*0.-.O..}5.r.......SM.>.b......L.9..o.:../..QS........-...../(.L<........i...;..b).....X.....M...X).II.4.s.H...>.}.....K!K.\....}.]iP.UG^......Z{../..E..)..c...4x\.....@...L)......&j...u..w.+e.,....&....X....j.)m..\.._.l....6..bN.$.A...e...m......RO....a..QT.#m [;..{.......o.(I..e...z..2..8.9..$t....._y..].S...D............n......=.W7Y...nj*i.$.@..:.7.m...6.).?_n.;%..Io..[..........{...g...\.2.5..._..|._z$'<ixL..-......{o.".5I.../...d.I..8gB.^....\)..+........@v.=.A.'.N G....YC....W..{......!.h+.Y.>@&....L....C`u&.....I....DA...Ab...+.....cc.-IW.a...\.,......L.<.....t.....O`*(O3H.L.....3...L.........m..M....?....&4b.{T>.r....}15.*..;V..n.[.v......Bp...B...._.%.L.2...e. .G....._'.@.Wv...U..QY...Q7..l ..K.=...vn....c.x3..n.S5..O..3~_...0;.Ap........A.T.\....A..n...M7..5W./mH..\u<.(?.l.C]....z7....2./...y.\.V......?.....R..Xh..xE.....~..3.&MH....:.0..I.G\.CV l%.x3.%.m.O3jG{S.F.%..g....Wp............+.m..T.Bl".a.

          C:\Users\user\AppData\Local\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977496676631387
          Encrypted:false
          SSDEEP:
          MD5:9DBC604A3A9AD5F66389D635EB12728F
          SHA1:2A6DB1A6C7830B9382DE46C36415E133705B5CE5
          SHA-256:28E23E6D983119649BC2EE29A99C5230DDDFB8EFF6CA78AA899273918E67D501
          SHA-512:9DD4C1723BFA65701227F9CD1D0AFF7B3F1A975B578C95B7B30C67D6A528E614AD36D73A91063AF9D977BDB3CEFCDB5B301E82CA8D3F2EDE081C6B1D32188D54
          Malicious:false
          Reputation:unknown
          Preview:regf..=...d.......D...,...yb....F!.y..r.s...(..@.....^..8....6..p...#.U..5<Ff.....O.y..k...7... .820....3....L...tu..k.S<>.......K........-y.......fC....{SV}^.........H....<. .bR....B.M.....o.:hz.c.1.I.0..0...|C.\...2^z.g...UB*.\.V.RY.b{...D.>L'Yd.w..|........u....9f..... .....F.c,.... G...+..a.'.0o...<.GUL...K...7.C2../.T.{jpa...O.(.>jGz......;...@....G.......v...O._.'..<..K. .k'Zp.Sq.nM..q....".4.......Q..!T.&3.....H).>."..[......tx....<).@.Jk..x.Ob.r....iMX..c$.s.......d.\.Z...oh.gI....u.....ti*....%.S......_..U8..9....yU......}.g...?.7...*-/3......!..c..'......8.g.B-.`O.:.*.#d.M..`DY......w.......9..&..W.%0. O....J+....F...Q..7.......a....)..Pz...........`.....T%......3 ...*....r...j.OJG.~.+M.:...}\d`..]..........yb...#...b.,.Z}p..#5\...s.......G(s...V........t.'.....G..VJk....|.......4 ..#...Z....#^.....S.*...4v.Qt.8.T.DH4;o"..\|eCm.Qk..M..GE3z....v.K....|.e).....ri.D..)O.R...|.......";...;.n.Z.Q.3..I(.n.d.g{....{./..`*.'S

          C:\Users\user\AppData\Local\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.976379436447742
          Encrypted:false
          SSDEEP:
          MD5:2D8FF6AA6D3D4A9AF7B0849386C14324
          SHA1:E19C91F84B256A3A76EEED7D7D448A04E2BD2607
          SHA-256:58ED5053F162E9C405D1C26B690C660884D20E67D31C3DFC164CBAA053BB2063
          SHA-512:E3E88C25D0E481B45DB461137F40532E341DCA70D92EF179834797EDA57A3622C435871E04DE4AA5D7D775E92F68EBEFF15180DDA060BC89D81ABBD8348F6A36
          Malicious:false
          Reputation:unknown
          Preview:regf....P....U......M...;..<.....L......B.).T.}..6)...ia.U..wz.6<.D0.r..t..D...+....y.<.($'.y..........i.i8.Y@. ...W'....ac.6a...A;B....,...D.q.q...........E.z.J...".g|...'...L;.e.>5..[.|.....s00.k..Lr.. .......f. w....%..X..? m..V.&.n....... .4.OKqB....t.....0...^.OD....v.k..0.HxVzNV7.Mp.....u8..)..m.D..p.b.}.G.y.<.`..2.y.....v..E.>B@.8.3Li.W..e.2y.C.{.!.b...[.(...I.......i*...@N.#.a...Af.W.( .pv..C5...J.o..}..Qt.1.:.o..p..Um...j&...V...|9.....eh..Xr.I.I'&.9(...F{......b;...tJ.....$.=.i./.2....bI._.5#............gD..!..!_.r..q.l..Gq.v[..f.Y ........%...\....mQ`>.1....Ta7~.V..3.h..q.2.M=.0..3.Q\.q.tm.|*.#[..R;.,......_.%.~..z2?.F.V+...b...4.tp[...f#.{.....O.......sAo....$...f...B..-.!x.6dyB.l.:a.....)k..u.?~.......%X.4....L~.Fi...b..(<.......QK..X<.........z.....u.e 1J..t...,.h...H|..j}a....[.5..X.2.J.h...k.......K.T.".v..}.......v....H...m.%|r#{.kC...MD..g..2...(..}...K.1...G...V..2...'.....{..d.>:q;.r.?.)..{S2.j...qg9.kf|4..`.......J;h

          C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.975809094179951
          Encrypted:false
          SSDEEP:
          MD5:F882580ED518EAF183F8681A236C808F
          SHA1:F8E9B5B678A1CF911DEBF99FAF6C32A7A644F9CF
          SHA-256:9A54D109E5B5A82DD3522C6725CDAB8E5E07B9BBB27562CDA4027EAFB2A57C05
          SHA-512:80A52DFDCE24D2A21127B7CB0987DBF06DF3EADD4F4D5E4943239F2EA95E0D22D883A0738BE6AC4B64BA5B9B830265C7FBF377B8E0BDDA48AF397C9FA62E1686
          Malicious:false
          Reputation:unknown
          Preview:regf....F..>..=.s1....~9...]... ....F.w..........}l......%..{.0H22.`.7@o.z3....y.....|.r^..L.)..H.........kf.V.. .&..3.v..2.<H.......y...'1..b.#..d.F..X....:..l.<..0...@me.yP"........S..-..lW.d.../2>.9...?9....r....6...)UD."X..l....D/...zS....1I....-..AY.*.....Vk.. h...Ci0{.."..^.e...&......g..*BU...m..:...y."I...>..*.....8!...-.V[.a.MC.JAD.G..."k.9<.Z..+S.ToN..5..e)..1...M.O..]A..[0XP...6B.o..#..*-M....4U5....&......*.3`...w...+J.J-.....?~.8.AS.....dW*....Z..b.y:E..F..I..D..T....x....vi]=...:9]O...5..nI.....]|.Udm..e@..F._...JG/....7U....}.a.....M...\....C5~.."..s..7.]b#..tXV.z....=8\...mC2...._.C..'...y..T.o_..Fy..+.[....b....v....."........l..b.>x-.;."...k..~V..+:u.....gf..P.WIF".-..L.]t.N..U....k.7..Ye<B4.K..c......I.%. ..cZa.Ox....dG>..Wv.J..e.Qv.,..Jqa.":..p.:..'.odX.......Egmn..<~L.u..../.57U.D......RE. ...p......Z......@..>{]....B...eh...m.....XC;.jO....1..-.o..A.C..bi.F...!.L...C....R..PU..Xx.E.2wm.*..sF...r%7.......

          C:\Users\user\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.980184178812447
          Encrypted:false
          SSDEEP:
          MD5:52999F1F0E33E2FC3C0C81D4B03CE343
          SHA1:3C43B349D866D4F8C72EC5C783728E6AFAB54C49
          SHA-256:907BBB6366FC4B709053C8D2847F0E333FBBB13E8CBD1C28BBBF861CB99A735C
          SHA-512:1EFBB072B62DE98CC1E0FC1C9B0935AD9B4E57CC1897E1AE9955F3CD20410E34CF5D5E60D514DF78209132FF56133D0CAAA073CCB1DFF9E9F14DB20B842BDC93
          Malicious:false
          Reputation:unknown
          Preview:regf.......V.q........d..y^.|F...n(..21.@..X...8....?..y..^..............\.8"....w...S...N.!W.|p....3.....6.\..T......H...~.^..!0...N(..l.=c.g..-....].N...A_".E...+.#.&..>..~.Wx..Xy.nu.N.q...4...d)k...#.w.../m..r..1i7..zli.{)B.....MpV<...{...p...=3..MJ..:Ka$*.J.f\..H7.M....U...f^..>O1.....'o?J.........q%vL..K.=....1....y..</.rq..y*]......n.Z...:.^.`.Ds.z1..X.uF....|{S.....B;..Q...MHG\...`..Y.q..+...>L.F.%k.+0.....e...Z<.._V.v@%luq.F..ny?L.. ^..N.g?Ih./.X....?...C.M..:..H6..T.9..!.....]f.K....:.X.E..2.?..oN...L..).A6.</...ak.s..r.o.....^b..R}....X...m..]oW......)..Xk.....0.b..P..a t.... e...b.M..g2Y......&f^.%.'..0.;cc.G..Z_.$..O&B.P...V|...d.......l.E[...>g.......q.q0..l.re..e.VV....g...]WwYjo..\-.<I...F.a.8Y..E...3.O.....x.P.O|.S.r....9.|...(....l.}.N>.xKHg..j..+.|f....&.N..N..\.%....'...MB....*..g.b.L.;8.c8Z.Sy....%...*v..([o.eY.. .F..p.|.?..V1%U.+r......r..2J..af...m..R*01A.i)........n...#....v..Y..m..O.g...Uu.y.b%.Y+..I..6.T........;.Fs!

          C:\Users\user\AppData\Local\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.974253133726501
          Encrypted:false
          SSDEEP:
          MD5:1F48F3C90B25641BBC44D01E72ECA245
          SHA1:92083EC2BCD9D1E8DC836F3E56F4954964898E54
          SHA-256:CE72739D7375B3E4C8D91D9D467E4C6503AA1D93AB2F60CB0CE95ADD1F4244A9
          SHA-512:AD29AEA6587109954321BDAA7A48C7133A11B900DE9459E553AAE5B9D04430D5D7267771D3F61C0DC09CA087FEF61C1CD74AE296ED93F7AC9DE6708F52E9EDE0
          Malicious:false
          Reputation:unknown
          Preview:regf...^A...U...D>V.."5.~.5..8-.......0.....%.I?..}Ej..R(:>J =.Xr..?..9Q@.K.91..GBd. ./...K.y..V.....:.....t..L.'G(9.{5.P...Xf.l......7..|..3..i....{DJ.'..7+....%.).W]..o.d...I<...J.y...;.)-"....vh....^n...43E...".w...I.S.=H[...w!(...4...]x....W.!.K.zp.....BRkc.\.E?...8t._.T5Z....4{+-..P:..^..{..S.x.8.g$....\.?....."h.dW...Y....lK..N.......d..'.....]D=.'q.B.J` ...k...'./..q.m..^.L+.P$.".w.qi...~.....;.c....P...U..bnS..?jzG....J..p....d:vL.q[...?..F./.....q...MaX.;3K...Y........2..5<).....X.....m...s.1....U..Sd5-ED.:S..F...,$.@.|.^....n.............7|M.C.9..%./...#A.Y0..}.W1.{i$.c}.......8..J.I.z.)Ro....F............}...b V.X.......Tt.J..ia.0..&...*f..D.-".....Kp?A*..Q..M.C....w[b...a.-..S..H....Y=.$$.H9t..Y..{,..k.t...sa./.4.bv.a..#a..9.m.r....d.v....3.\#.`.<...d.....-....tS..r..0.....m/..yZi.zM|&.2D.u..c|?....x2...-.E.X...S.G...f.e........W,..W.5...ae.1.}]..._..#r.w(...O.o......Y.PO....fb..5..u.2>.`..1h.A+.'..f>......z#.....

          C:\Users\user\AppData\Local\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.97843336660925
          Encrypted:false
          SSDEEP:
          MD5:D65607609A2807966160CCD1348203B4
          SHA1:F3CA4DE61C70F7B075CAD2668CC392BD65B0BCF3
          SHA-256:A9CC304127C0D69829E9882282D0C5A312A575D2E8F327BA54E57054CB58DEB0
          SHA-512:3DA3A13EC4874BDD4CD1CC97D4F38F5942219D7E39546EE5C6A54856C9FA54FD1B79F09299A4461BD637A771807F3C69633D19EC3EA4684A505DA250572D3206
          Malicious:false
          Reputation:unknown
          Preview:regf..2.1^.b....z.8.(...".....1.a.j/.f..*...H....z......V..~il1....}Qz8........]i..8..l0I...T{X..K...,b..x..P...h...R..S..N.C.+.\(......#....{..*..X.{.^z....m.....aL..RU...W.[X..J.0...x}..1...E..LM.?Mq...".cl..,..$s....h^'.@.q..s..0...\..C..[_.G...y.k......|...X;.. ... .....J....hG..4....#.9.....=0.mXy.<.{.^..`~..ww.YLL...i...L.w".BZi.fq)..`m.&....tJ.1f...K..*..m....N..A..;......e.QC.u..p=....}....f.E.......8.z.............f..].-z..>.s.Jt<...B.W/2.A]...-..!:.J"...)..I..Q....>....C.Xy/.g.*z...4..k6..{...&..\..|8...b...LQ...U?g.Y..c..}cO.@.u.L.....|t.@..D#....5..i|.Iq..[....+:.4.....%3..+.8:..9...)..;].Q....D.....Yg.jU...U.........[..._........".>.%..6...J.q......U.tN...>F...}........d.d.z....C.j..&.......R.Z.$...*.[{.........*.8.A#/.N...7r.pQ.#x.''*.u.L.B....}.Dk7....$..u..l`..^`..[...Y...@C....D...K...3r....c...,s.t.s...[...w.@...-....<...a|...l...o..O..<...@8..7..k.eU.tz..: .gx....M..[...BR...'....... .K...0..#dJ.9./..fR....Ug.U

          C:\Users\user\AppData\Local\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.9790699662214415
          Encrypted:false
          SSDEEP:
          MD5:4DB694E5C286F96B9F68C8F74B838989
          SHA1:2904DB79FCE385DC8388EFEF9AB194A802791D1D
          SHA-256:E36A0AFB1C3F16CB99BBC6E314D4AC9411D76B9A3B1B14F1A10404089C0C7F20
          SHA-512:C770D9D2ED89B27C24B6344603D81DDAC47FF82D0F627DFC84607ABF824161AF1DC08778A19242EFAFB1D459C362D2820563B0CB818A961883E727078DE25633
          Malicious:false
          Reputation:unknown
          Preview:regf..%........e.....+..pj.Y...\.\ ..sLU=h.6.r>..J.....0.zG.1....o\..[.......SDj..c../q.2.@.....m...p5..).Y...+d...G...0H/... ..../.......G"C..@.....@<<.6td.QXf@..:...>....."...*....r.e....D.).#.....\.a..e.....E.]..?....T......Mt...+.....>.....]..'i3....r%.H.Nx.7..Jc.5.+..IxULG{..Y.".BD8A>...Q.I.#..b..G..Y .....s..:...X.l...P.....j@. ....=....q|ED..:o ..uV.....*..c.G...ok.9.P>..\.ZqEG......g........C.Y..^...^....q..w...V.I`.".%....?.X..&3..w..-t.>..T..4...|e.O...fx.TE!..<....z..P.`.~lQ.?].|.c..k ...k..B...@.?.;..]...'fO..0Y.... .&c...S..m.l1..*.......1&....B..q?.6.2w.....x....5.}.]!F.k#..D...i.Q..O.;cOJ...jA...r...W..F~Fjucs......3......VDt....qlv......y../........y1.Q...*.....'...-....4.u....7Y......^^?Elo....4jQQ.x .G..0.hjc.......K...j.........?....l...;.6....#j.|L...Z.?.3xdX$.].....)........Oi...W.3Cn.....PGR].o..U./vgC..ld]...j.<.....D.../G.....6d@.].CG.y....P.?.c....J..I9.K..j..f.[. .k6n..(...i.6h..e:..V......W$8....K...6.

          C:\Users\user\AppData\Local\Packages\Microsoft.HEIFImageExtension_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.978454743719266
          Encrypted:false
          SSDEEP:
          MD5:C24AD474D65006FEE6F142443EE6D8E5
          SHA1:BBECE8212337C564417ABF236FD449C7C33058F2
          SHA-256:C50B1CC02612BFCCE0C38B7AE030C37FFB3C4AD9CEBDE113B6FDE45C0A3FB35A
          SHA-512:98A25264E2A1F1CFD71685C611CBDF7F95F393D09E75FC64417E8DBFBD00326C69774D691261BE5DAF2BD671FCB8C7363BDDAF7C6EA29B16AC1BCC87A5F7EB03
          Malicious:false
          Reputation:unknown
          Preview:regf.....:DT......."....w=....K;<.Z.F`.z.Do....GD.gT.bwWB...P.b.|5y.dG..%...g.....n....(G...&....O..?....Q0..5.uXN....Da...,.+.4Jt=.2....~..r.!ji.....k......C....`...2.20...H 6....{......RzM.O.........S..CC<..3^....jv...HQA..&.'.N_../Q....v.'.A.......n6.x...u..Rd._V.../..w.].Q].o...'.?#Q^.?..&f..r...b.[.|8..Av..!.7..Q..g..4.-lzQj...m..3...%-.......o......./.g7?..ulj..k..c.5N.;,..^.....(`V.TA....."BJj....~.4...d#.%.O...7#y.....^z...?F.....\p.rY.eCJ$p.a."bz1P.|#K....YV....q..~7....1..+.=..T...G..~.3V.c...1..k..q.1.SQV........L:...b.h.b}Q..]F:......]..z.S.gVT..N.=.g...w.!Q.N....>$_p...d..>..@....'x.;..,.*.b..7.4.^OE.h...9.B..%..t...'.z...F5....!C.>....M#.......k....h..A{3t"3.y.^..0.(_..0..M....+g...V.M..,.+&/.Ur..Fh....s.(.......12....."..n.Nzj\k./.5d.9$.u./...L....(I..h_...TG....f8........O.hO..E.n....?[%...D.......@."3@>.3...).j.K4..@.==VE.....=."A s....]KT....j:?7.r..j.g....y.'....~......N.....h......?.4.b+...H1p..T*..S..$.R"

          C:\Users\user\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.980338036633259
          Encrypted:false
          SSDEEP:
          MD5:1CF6DA8F9D35DB6868D7B2EFD03BB1C8
          SHA1:C5D3F2C30479D52501AA5253DDD13CA24D6EB75E
          SHA-256:83DF36951D8B8DB6E6BE2AE6E54CD8447F7DAB9C85DA50B675B9A4A51B23BA30
          SHA-512:7AB20155866DCD6E7979F9AB6DCE78EDE9788DC26E187C793609434238A1B4D3038F093262101CA4D06EE63060C8134AE3DAC37D106687C499C817EC89630B99
          Malicious:false
          Reputation:unknown
          Preview:regf......F...:[d..T.X%>....W..*..)......6.M..Z..J.V..{M.'..?*.$xl..F..*.[..p..(.....=..R.}...K.H.r..u...w.._.z3..v...a..qu...v..F...Y.?.h7.lra.....m.z.7...sF'%.........Xg~z...t.&...c.........^j }.,.s.1Dm..2D..N.Vr.w......%v..0.iL._EE........."..E.'.......K...p.....|T..c....szqD.4./8...^..c....2EM.s.......b$.....@.i.... ;.....]..V......cFT.....,j..&...(.Yz&.Q..,,.u>._m.l..5?C.....1$U......>...*..e\{..YK.o....,:.....8.....#d......j.\.4M.._!.G.i.C...._&D.{.T.f..{..)..$6....].....-.Z*.@.....i......:m.......+...sM]..S.!....#.<...Mju.~O...[....eV.....-...'....O"......w6.|..2C'F.n..+..^...j&D..fs......=.R.d....)@..X....<.,...8..5..C.P..x......|....@*T..kMa.......t...bY\4.........sF.nB..*Z...A..>.98........uK....U'/.0C..."me...C...4j<P.LT.R.hx[.k\.....h....DB.c.0.....l......4...^rr...!..W...t.xr...k9C...\.[..#...Y.|1Q.?#..k...'|]...1.M.u.....Z...G.P.3z$.J.....Jv........b..N.........;.U...i0h...\...s.#.r....?X.xQn3K.o..x{x]..$......".

          C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.973826833716505
          Encrypted:false
          SSDEEP:
          MD5:8552613EA2104A0FC26B473897398FA8
          SHA1:AC96DF7B5F7D466A35EDB1CBF14EF143DA4AA471
          SHA-256:855B16A0661C43ED3190828AB2A0FD5CBBE5C897A9F9F80FDEA3711A56074E08
          SHA-512:09D1842D489C299914662EE864B4E75E957CA6140C91E62AFF60FF18355B96ABE3CD0049343B8914D40E402F152961ADA84F21C912EE6D5C383C1F0A63AAB4CC
          Malicious:false
          Reputation:unknown
          Preview:regf.i.. .."`.}...L..\.n9/....1....`.)....~r...q..@XX......8...-.c.~....7..]Q.#....>W.(..O...i..o(gp[.|N.5A.\.{o.0.........?S..0...R`.t[.l?..6#.....=.nNw..T.j..=......E.......$.k.@K....kwV.g.JNO..f....e.J^.. 7..?*..e.C...>.4...}cF.,).k3`/..V|...%...k....x#.+.x0.Yc.*T..u..;+.=N...F..2X.....A..Zn.......E#.............C.Ngl...... ...14..L....n\GY.W+]X.+8..:p..qG.n..3x...N......B...0.....+_.....z.K.m....7.B..A.q..4!...!a}.M..e6....q.|.U...7......h..O....qP.q..aZ..6uu.l.m....l.S...F~N..M6[.&+..{.v#..`%K...o#)......X.u....C.....$S.T.P...T.@..F8....[H..0D.............S....I.w.j.la^7../..k.%.12...}0r.2.5.Ik/..f...V#D@.`.G;*..a....p..@fE.I...w....\f..3...p.T..|G.x./x..i......_8a...`....G...g...wi.*..w.h...YQV.......2X.f....4&.C.j4....avE..y...g.9...]....J.<.v.W.a{...7..<O^..|.q......r$......N..T..H...WYcg.<*.NS#.h.Z5.....S.O2.....5;?'.!3..uN...w.....(..0..b............&.<.L.........<....f<......BA.x..k..[?..OlN.7...+.{(.eGD.z.l.....0bQ....Z..

          C:\Users\user\AppData\Local\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.979021403981212
          Encrypted:false
          SSDEEP:
          MD5:A78BAC502F748888D4D4561395C26AAF
          SHA1:16093058719BAEB5FFD439156AD8359837794BF3
          SHA-256:A01B6969B98AC67CEF7ACA083AB3EBD8922443019491868DE0F172B05736B68D
          SHA-512:2E3959C6113141F62F1F0E23AD5E82D26F21D2B7763000CAF6B36EB57E86C183275B1C12EA3CE67C3FC419CFABC06927138CC5762699FE0470D8A55EE17C1262
          Malicious:false
          Reputation:unknown
          Preview:regf..7...I.g.eX..)06...>...r..yz...)....$........{S.Cs/Z.M.z.}....~7....B..O.*\.8+>@.x%......e=tR...5q}..{.<t..m....z...t{'.y.-..U."B..l*.9..b....54..l..).SGM0@.B..yS.....Yt.._....."j.....r<.......y.H`6{b.\l.._KOe....6..d./]hqa..g%A@.7=db..p....C....FoQ'+..88.....9.....GU.".iId.....I.q95k..z.%p.G..69/...A...'.!..F.......r.W...Y.../.nCG..*....F.K.... {.....r.I...%+...R3w.<..m..........u........$..xj4..u.(...)j.W.d3........i.....]C0..2L.Q.w.....^~.:\....\....#.isE*.l2.|a...k.......;.S..,......Q..L.."...z..C..J.?.....%P.rF...1....].s...f.=1...].?M.......B.).>Xa......B...u?.$/;.!...Ai..I..c.....7x.,..h..b.Az[..*.)L..t.X..K...K|....?|..I.Q...r.>,I...Jb......7B.)..)d.>(..}.f..3..hl,..k#._...m.;.W.?.Hk.0... ].QqN].m.4......x.+^...dc"F....y./.._.k....'mX.....b...c...dD..jfW...g.......e....!..3.t._.U..8.H..|.g...%/..;2.0.6r...xLH.*y::+..y..oSI;..3T.........8J+i.D!..j..v....er...b+....M...\k.....?.)~9....%..H..@S......S.H.g..X.

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.97828390967103
          Encrypted:false
          SSDEEP:
          MD5:579683979861B7853476AF2F27F24101
          SHA1:7B213B409A80AC7BE002E7EAC91758C951925AEC
          SHA-256:6D9366E9E874B51C334C193735F3D47280620DC7F904761BA9CA60CA18589349
          SHA-512:5ABADB32B2B76CCC6621D9B20EA2F4C6366EEF9C9D425897758A7160BCD223B5F5B157881D42A24BCAF7D7B501E18C7656EC1FE1B3DCFACEBD10CDEAAB7377A3
          Malicious:false
          Reputation:unknown
          Preview:regf.K.>...TH..L.v..@.s|../..W..X..g...c..=....=..4.._. .h.....z.n.B.Ky......3.E"......q.P..]...).Y.\.3.,V.5.Y...{....{.$..qk.:..z..9D..i..........H.k......r.z(+.r./....E.X.e4$.3....m^...L0p..<.PL....>T.Z ]5r..^.4<'..1E.q..F..r.)It.u.x[.6.n...x3$............1......!.p`>..f...Z\..|..p.O.!|....).G.|...r........+[..ty..X2O^.x..TB..ZH]{.H..:.I....bw..mSn...B3..7.|.%M.......QC-{.r..$5..|....F.+q...D.Q..I.F..XJ.[.-..[..i..I@/.....ubD.?{.G.aV..N..L.......|0.qX..u16....pG...t.....%.Mv....T3p...@..........+G=<..%."5Xf....[.-ZX.*.2.S..... .....K..`....-..d.......K.j.}H.';.U.'...z...%..w3.d&.5.l..R.I'..l0..,P.s7..e_..Bu!Y$v...*..T.c v.Y..j"..%....eC..eb.....L@?.....t...v...<..L..)..yQ..D/..*.<eK.h..T.mY.....3Y]..3.k......6<Y.....-.=J......A....jJrK.........9...t/.@.=.S.0.x.....Xk.R^.../.y.S..u...a.jO..P...g...N.....+_.D..#...=.F.I..../..O....N..EX..`..)9.j...?.y.."\~ ...7.$..)..6.!5....i..C._..7...h....F....1T]+W..|%.>.....RM..ud.g0./....*..b

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.97839581398254
          Encrypted:false
          SSDEEP:
          MD5:8176F586158AA9CDFC8C8E0ACC753312
          SHA1:AE5AE2680D5256DA6033372783D3AFEB48630AC4
          SHA-256:3FE4537E289EF2FEECD920253A6BF5C93FF8FBCC831B6EAFE27CFFDCA7434F3A
          SHA-512:59413498FBBE52D0FEB6892064DB7E9AD057C653ACEAD40FC7F952868A4E4FC448E689499A99DF5DAF8158BD0416DE7E676D79E9C2DF6596894A733D1C9E3CF6
          Malicious:false
          Reputation:unknown
          Preview:regf.(..b.....m|..H.......(6 &^.g...WL...t.hCM..^...x%..\..Q*...J2`..GXE.e\'E..........+..jZ.....w[B.........F...i.-/.r]1.i......mu.....z...S.^.;..S..|3..0%..K....d.....~gW..w.un...........2i....k...>...u.VCgy% .j..6.~...ft....q.'.....X......3...t<&..rjVUp_M....)....E*"..k...b`4.|..p....m.O..Z.~.4.8o..u...G...*.lU.=.A.#.#D...J.,.O.....)'s<.e..B......,...s.X..6.....l....F.<.A.R#..{.I/Hb........q.....n...@. .DX?6t8qP...E..a.a... .D...asA.O.{.R.{..Z?.Y..>...-;.=....Tm.N..i;.L......u...)._..Y/....5.,Z..b_...~.|Z.._....K.7$..I.rj1....!^.......BJy..#'...UMp.....Lj......M.$..=...h.a?$..N..'7.9.. uRsCT.X&.\.>..=...."d....0.p......j.;...KX.^..O..B...OI.Qx.:..e..'..{`..y*|F}...u..L........S...4.@.k.l..t.......5...}.v={..e.X>..,e....7[..#/5.8..O5{TM..dP.....>".>{RpF....e....5...[I$... ..|.F2K.+.....q.d.\.7......w..t...T.:R......e1....v...&........l.FF.....Ok.@6....v....h._....gaOg....W|.4.f.........2..\~...I.....Q3lvi..t.O...8H../.+n7...I@.... .$./...G

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AC\INetCache\MSIMGSIZ.DAT

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):49454
          Entropy (8bit):7.9958167943645275
          Encrypted:true
          SSDEEP:
          MD5:6149578EFFA904D54AA17A6E96A1E631
          SHA1:EB08591F20E4A5638662BFFCA261700E8FBC774D
          SHA-256:BAD9423A3D27350EC49F2AEC7F2514B412996D69CA2BCB0C0CC751D9842B0177
          SHA-512:FC0C715AF449AE402DC77BA73B1C145F23B9A84EDE141ECBBC539425F6407C9F66E81115BC49AF35224B6C78DF8A05AA9EE6526C5EAE7DB02E83FB5C9CCC0489
          Malicious:true
          Reputation:unknown
          Preview:.....$k<....t.V./.@..Y3OrT.....{6.....C.W..N.k`...{.EMNV..i3}scn....0.U.........._.#...S.../.g.+....W...h.4._.^.9...H...;O~..5k....L.-....p(.y9|....UA.k..TOHi=n.:..5...1..15._.P.Z..t...0a.PO.7...B{.<.Q#A..J..QQ.....4t..$#..)....J.B;iL.D..*>........5.. ......".P...x..z....x#...Z6I_..-e9..n`o..-J.\..H..Ur.........#].-. .....!.....{...YZ.&:D$....o...}.\k.`...,...>.../.Y.....9+|.~.MC......W..........D\.C.e<^..z.L..NI1...*..bTt....;..f.d.Tq.`..e..r.w[ckDO.)./...."c.....&.....Q.......HW.}-/.:Z...#td}.G...:.Z.l...F.s..F....O.*/8.....=...>'.T./#..I...@v....W;(..kDY...T@...J!Z........^..1._.V9.i.`...<..6D.y..4"B5........9..\......h..I..R.'.z..^p..l.L.jJ.....q.)..I.(.....D..)p.y.O.\.z..,............~.....8+....<...[..*o...i.....hL..2G.....e......o.r}^..o.V..(.L..G...r.Z.|".b.|...8...,..1Tl.u.5..s..e.....g.#...>.....F../2..:...-m..O...L..<......Bwa..cO.2..."..C....&\>...P...F+..\%....N.i...1\.X.^0....c{.....|.i[Ls..l.h....d...G..Gf..hrA..5E.

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\CacheStorage\CacheStorage.edb

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1573198
          Entropy (8bit):1.3859845130488535
          Encrypted:false
          SSDEEP:
          MD5:D5243134C142FA42192AFBC2548CDD11
          SHA1:1DA5AF8962A9762CDFC9B1F9A560A2AD16E861EA
          SHA-256:4573BA97BDBF87473CBF8FA8782AB416FBE605C385F1FB2B969C61AB6D869266
          SHA-512:3A1A5B89942D3465D5867163863C82607B52BB135B69575321AAA169D3A08B229F293181AD055BB1147DE6404CF2795EF61AFDF6A66E78F8A23CB0578878FD33
          Malicious:false
          Reputation:unknown
          Preview:.....0.......t..&..Vw.'....K^x.;....7N.x....1..s.5_.p..@.E........Z0........u..3$.*....!1......}dI.R[v...Y.c......r..Z. ))........Q....XbT...B.J..P.b.l....5..hs..ep..-.$.....D..........R..8..s...7v....*..-...QG9.="O.]..D.8C...!.U.X$t/J.SM....@[!r........vi[7......oaL.q..|.*...."s.kN....Q.p.} M......dR.P.....f#a..x.C>z..._.z.4.......Yu....././..#A.o'`....[[.d.....Y.........X..K.._.NW....1%`..V$2.~{.z.B......o....Rl....*:.:...(..'#..u+.mh*B....Tj..6e...B!...Z.F.&kA.D< ...OU.9.%.J...)./..*$..-...cX..y.....[.v.3S,a...y.V...=l...|.:.4...1=R...X.5..F......q..4.H.O=7..g....CwJ....C#..ts",....k....-..22..3.Mh.5.G.s|.......".3Q.w.;.o%.H....up...s:.XmE..)....5.j.....q.0...Q.U%...........C|yw...V5T.DATK.\.(].!<..Y0....6.f4.]*.H.0..6.e....m..C6.2...I.S..1..[....o.1..K..Z..N)..KwH.C.~iL....I.R......_...XN...V....<y5..X.8....U...%.q.d....3E.....P@0....nZ[....b..z....q,.y...;..n.\/.g..at.t.L.....P.....c.-.y.4....X..U....8|x..h.4..{<2`*.HE.{.

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\AppData\CacheStorage\CacheStorage.jfm

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16718
          Entropy (8bit):7.989988167534589
          Encrypted:false
          SSDEEP:
          MD5:03141F57DFBBB20605A7EF8EAB0AA609
          SHA1:BA3F7274E9BE2A2306A1E289D599867D9EA83190
          SHA-256:0102B0FD68F671C7D37319F85D98FD120F17622CEB133EAB52CDE202B0753C6E
          SHA-512:AD3ACAC7358008D4CA35C8AC8CDD61852106E61173EED9C6D015335E676DC23596C0F2FF990E98C2245D1B2E9CAAAAEDD2B34AFC6D613E650B47CB904CF77D3F
          Malicious:false
          Reputation:unknown
          Preview:..q...k..s..3@.....8|.M.So..!g.D.|.)...@..v.......b/k?........J.....kP....q1)t...z..p.....d|`&..^,.I.02...B^..k.%?...^a..-X @......4..-..f.fp......PR...K{..kju..R.v..U...t.f.%(.-....y........h.=v....<.+...|-.U..x]z.X...w..D_.....c0.V...i..F...{........\a.n...&.*cWx;.w.,..X..O...8.o.N.L!w_......w....P./.E...-e.t_`{..^.36..s..fL%.]....A~..9i.}.#.i#...$.1.h.G.....a...&y.j..y..-;....+a.e!.dY.=...Y......:.%.....q.O<..a.U.M..t.v.<[.O?........P...7sQ`..iJ_..k.7O.D%...9....Q]H..g....}}_O/Wyy..$l........I.....+b/1U.wq....Li.&...C.G.,.2.8.D.+^...>.i..X.....+.....M4oS.;F~.i..T;}.%S/.Iy."..S.odB.1.s..............!f.e*.....C..u...I[..X.F.....p.E/JI4.}.W...>."...`......F.$l..|...INI..=?..S.Oq*..b4...>........=.?...K..A.d....je.m.EcT.}-..!..K.4.f......N..4.>...&.v.+DG..I .4.d....@.._...>....g..&K...>^...~n...-./...]8#m........+IG.K.|.....v^...s_.....a..Cc... 7...rzz6......$.hr(.`.I.....H......\r....=.(@g...5!....>x.....~..T..wg*...A..C.!...y.B=.$....^xm

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):107523
          Entropy (8bit):7.998118127123287
          Encrypted:true
          SSDEEP:
          MD5:54364435A1D28E4EAD278455EDACEC31
          SHA1:E1461C22DCD2F81B2689F8BDF60ACEB413DB6B15
          SHA-256:DD88A5505333616FA505B86BFE366A66A42C69FCE589607E481E4B5B20DFF47B
          SHA-512:91560AD8F960CA734416852F8BA3175EEA35031F7D8B53B8DBBD2BCC3316A0C889705717E199B339FAF3C5C839262AF8EF4D4FAB5BBF2551A75FDA9E410389C1
          Malicious:true
          Reputation:unknown
          Preview:<!doc....S......`..:K.Ae....h.d.v9..o......GX.).s5."..A.K. .?n..9...v.<....!...vP.p..w.9.~....y.Wh.....D...k...S.........K>..[s.CSfD..W....:.U.B...=."..5W]..'.<;.(..0...ju.l.GF......Z.[.',[lj.......:..$_..!3.x.nx..0.........X.B.8E.TGr...p...C..#n.&3..#....a......h.+.f..H*e.d3....i.*.dj.-7ljjq...#...gBmL..iw6....._.k..)....@/X.t/*L.E...lQ....1.../)......2.W...]9.......+D.....EGY.0e....j ..r....&rh..'....@^;..v-.._.'...)c..o...j.......W..BF....I...I.....o.'....TxUu..I......go.FAO.......;`.sM,.~..dT........ ......|..3.](...3U[.*..h..Fd|..x.....}..!z....._.MY&/....:..#[.=....:.u.c.4....1D.....=.T_.].m...a>..u..Q8.. w'....cI...!.*E.....Q:..9..Y.}......]Z}.h...2...:...E9;]F......AQP..&1.v.F.y..:....l.;Z..........0#..9*.........l.x.B.U.........y..\&..P.j..;".s..b..T}.w.+.S.....G.t..'w.*..hNW$.........w.<{ER..a......Ur.>w.9....}.._.8....3.=.Q..K.%</nRE.`)0Q.2..7G..-f.....a.K....=1.6.e...u!.sCf.@$#.CauC.m...<..m_t.;.d6.o...iIQU+..X

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.975063111081853
          Encrypted:false
          SSDEEP:
          MD5:DD85C6B8CE207F5EBF541059A7C41EA4
          SHA1:36FB7C485CFF6F8ED0E1CF93F09F5D7DB0CC9536
          SHA-256:382FB41A8F99B6EA76C2217B08259645C2A75BB4B831E2729F3AC63584E5F1FC
          SHA-512:7D0113B703D05B583F77782296CE7CAE5FE3D1E2AA3A89E34A2E2B742CA7FC8F043EAFD50817CC8EDC7417BA6E15CE3FA0F183A9759C99DD95F591170E3D4F1D
          Malicious:false
          Reputation:unknown
          Preview:regf.....E)f.a....CK..G.v.f..O.i..W...f......vt.....P..>........%>..mH. ,J\.5.m..B...,.".....(P&....?2.....O~......;..:.....z..J.t...nK..h(%q...tF.*g.cyE.^.$....]..I.J..6)..}.E..4Dw.?'.q...*v).Z..d<...sE...Q.#......y.<.Y.m.|...j..#K...M.d...H.\.*DUD..7ur.a.b.jQSm...l..p..o2.!.#p.=10.../)}}..%.M.v..&5...6.T.M$..Q.8j.............wcl(S.....j@......~"..S.7...k..%.#...P....f.y{.GTZ.](...*....MR...8.{'f...a.......(...qe.......L).:...(.O.`=..[..Y.....e).;.<=..g...=_...v7....x.`9x7...s..a.n..!B...+.>E[..1.7.......Va..c....B[..[lM...$X...c7X...V....p.M........1Pc+.1....b...{...Y......V.NS....x..xJ\...._8...(....DA.`.)VAj....l..P..~yE.v4..~k..!t..IK.@.-6Y.y5..(8.......Ao..+..}..8*.....$:Fs...[g...bxf..o..;...0}.....*.M...v.E..*f@.H..E+.#..o#Y...k.5..D.. ...C..Nx...N7.fK.e..)h....g_vv.;|..:y43$..+D.\+X.n.F..=7....b..lV-@..SD.Mx.}.>u.VY...1@z...c...Z/..I..z....E7....5'...2(g3..C:.....uq.3.~!.)j..x..9.....zf...;..M...d...4.z.j!.eA......R........

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.976714302641262
          Encrypted:false
          SSDEEP:
          MD5:3809B770995A207F5CE10DA04A4AA75F
          SHA1:EF8A3C01C358047093D530CD5C154824BA769C2F
          SHA-256:F250A1E7F23722D069E7544714E7BB48758B14E3EC5D28C8F50BFD7962BDB43C
          SHA-512:45738CA7CE8FC135AD78192E7EE3EF80ABBB1A8E96AC8F1E80DDC06ABE25DCE74E6F4D66A62BB2879447858316F7B4F4F66B1E7D7282EF024FAB8AC44BBA5E68
          Malicious:false
          Reputation:unknown
          Preview:regf.a)..d.:+\.q.....7).;j1...HN~..z.PLt.'.'...y.......P.F...X.......@.W.j.u.... `.]$?3r...p.....Q.NLE....B........*xeA.]Pcmd.}9@.{......H.*...R..j(......M...e..=..'..b..jt..|.....B.R.h76.*G.N4.....l.....V..t..Kfd.?..`Q.r..DY.Uc>{Ng.&.i.z...u...Z..`..r>j....}...D;`d..j.9N$3M`_9.....}..t.....|r.../:.!.'.2WvA....t..."...F.<yP....2.1Jta`.......#...........I;..d...128.4...:..M%.t..M.2.:.8..Y.c.G..c.<o.^qP...QA.'....K.bM.OyEr.....a...D..@.D.kzg.,...g..#..+X,.X9.........x4..k.....b.....sC..=...^........l|Z.R....:%..>BAN..X.XBf...G..L..j....\.d..m..:..P8D...^.....-.F....K...C.'...]d.b....h.L....-.Y.+.K..V.q..:..|.e"........3T%../...........f~T.......D..C...g#Y.q".8.c..T+&j.@..2.._..T..0[.S.R.G..)...pO...].ClJ.J.n.`.%.j.k.)t=..n..'b.L....%=.....A....#....B.....j-}=!.2.....]>.D.e......i..7Su......q...1v.c.u.e.U..z...,B....9....(.m.......S.uY.......%vV...o,j0e.6....;t........fu0..edJ..1(.7.m..G...(...{....8....8.Y....lzV..s.+i..-...p...1.D.t....Y..

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\User.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977664557351621
          Encrypted:false
          SSDEEP:
          MD5:E07CB1DFDC69B134309DA4C44187C7BF
          SHA1:2F8DCF51018D718B4AEDD0DC849B4B8086EBD46B
          SHA-256:F50BF4BF3FF37396844DBCE5B70A8E80508F6597AD01382FADC97719B1F355B3
          SHA-512:E2D6613DE56C582402FE90946917031FE0F0769A91F6B7C105382FFBB354EDECCA737C39205691DC6124112AE75E89AAB41344DC533D0B82E86C77A12171025F
          Malicious:false
          Reputation:unknown
          Preview:regf....9r..O.N.J!.yU....$...........<.4..1b.o."F)..W....}.k.j.evn........ap.I.:NI.o...........C...o.[.-.S.W...BG}N&....\..........|.m...n@D..Q..a...<....L....(....A..Z..c[..0$s).Gdt.......YR..r&f......Y.K.qXl..q..G..][X&....tkm-...."F.2E$..=L.....:..U....{.}3...(......x<.........K....".........r....m.;=.c..$10..n..^....w.....-.p.=.)......ri.)..."..+m.C.....z.=d.......B5.a..}`.}...6.N.}b......!..Or.W.....~.I%{Z.a%L:.VP}h..hl](e..j..c.".*.h.1t...o0..T|#....^.$@.3....o..0.64.ImJ3.@..<uNA8.?.g..4..B.y..2d.C?8.. .......rLY6..m..K...`]K.e...c.(.........&.v/...fY..b.y.....n.0..d.9e)Msq(.<.2......b{..>....2R......~..):C...}..O]....K...\C...[3D"..<.z.O`*Y.'.^.F./.R.=;.x.....r..K.F[..^....b ..s.Qy.....9j.c|.`..L.....h.Lz&.Hx.W.Cq....k.S_.i....i._.8G...F....C.i+.&.Z....^D.Oe.......7..P.........#?}gI...z..2..............(w0.R.n...N...j..OD"lTNj..1M.`i.=/....x...r..l3..jV.!Y.l.*."....4......?...n..ku..%I.:.\.k...|......&/~,m;..K./a7j.3..h4K.3K.

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\User.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977343235398671
          Encrypted:false
          SSDEEP:
          MD5:3CF399BBDF2953819CBA4E394DA8B3D5
          SHA1:65B48B1F1486DA75EDDB59B2014AC5F650287446
          SHA-256:7D76BC1131B3DD7CC442B98CFE005CB74C45D2ED9166A2FC845EF077DD05DB94
          SHA-512:8D8C7E95468E26EADD333BDB1A997D0D3628436370F05BDFE2E0C1092EBAD1FD628C78D7948A956207FD8BC3D6533D7CA95EFA2E9BD6ACEA80CCFCA6F2C8A89A
          Malicious:false
          Reputation:unknown
          Preview:regf.><Q.....JVeOc...m.H.D.Z;...E..u3=.....:.4.qA".g.2pD......(......}..%......iu..i.@..c.^.^.5.@m..id.........x.,F..seA....eM..dp...Wi..].L....|.7..~.NsI.0.N..BA...]/S5..LV..._..gx.v_......b1.:..z....._..nG..+.M..........s.R.>....uAbg(.cgt.w.%.S.M..?'7........HW.N.AGw..l.b..w.Z.{|.u.. 4.+q..H.|.h.._.i....B`.h.$@Ka%..OR.].C..g.....0.........[.@d%o.i.....U.<w.L%.!..N\_.*&.&=..=I.....N...JJ.B...}N..}.-.......l.8h.$s.(G..W....B.Ub#....!!......P:.8.'..%U.A-`..6<....R.$`..\..Wj.5.....Wx ..Vk.PL.V..}s*.$/.H.......$.k.H.t.;.>... ..H......&A..D..^?..*.I&....@.D.t..w....?............I.l..l.).Ul....Y..E~.,..^.?.x......O-...}..x...&....F..o.Zi{.<^1v.n9..M.....p..EM$..el...x9.RNV..l.l......X.y.........4....m7.F......O.[T].(.?....Y..t.C..Nc.+..[-.h%.g.;...e....^.........m..]y..N1....]p...*V.a........Dq....E..p..'%.i;.s..}.<.o#-;.....@..<.a.+.h...#.N...;D...Ys.socl.I......wF.MaK..!.?|..|..T...a .1.......qG~.>...=..l(M....x".A".R......

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\User.dat.LOG2

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.979161070720288
          Encrypted:false
          SSDEEP:
          MD5:A3C4608B308AB3E53232DC3AC691F2DE
          SHA1:958F0759ACD0B7EF411ACCE1FFF6F213C99E11AC
          SHA-256:6AF0BFCD8BFC7AD33D85234645F2E8A5657C7A5DCE85A1ABC67484A6590E21C9
          SHA-512:7E0BA8A4DE68D6EAF6267580B572452B8238AB8C121A3717144DE13C41B60C458C74B6FFBB7EC8772EF54A3B3DC088D45DDE9C3C9DBF322C16111D8BB79481F8
          Malicious:false
          Reputation:unknown
          Preview:regf....}.....7...Gs...:.&V..#2.>.."..5..?...W...../..8...-X.q.>...m!C_y...]..D..<....uz.q..i.r...=,...c.DZtU..2.g...^...L..&.J~.XYA....{......6.<.A.Q[....*.'.........9v!.?"..<L...7....e.wO.e..+c...MU..../O?L.-t%.....#..4..E...R...0..\S$M.>t.9#..1..W3..v..,].....M......*0...*..3f....8^o0........!..*...Xb..5..t.....f.7......zK..3o.a....!.J"8 .a.}'{...f{...Y0....#..E.Uj./..y%)..p1.3...s.f...S.m..!....s...D...~.z.u.MQ.G............*......e.g+J.[...._...kQ> e....{.A5b.@..H.A.^8.J..U...Z...........P.........O......|RXa.SF....U..2..eJ._>2{m.I.m......\..L.q$e.*. ;faNgS..P...j....L....;a....o..H...~i....1.A.|,.9@y>..^L.i..k.......s.[:,..&..}s..[a...T..9.5...Q....).v...&...npAm.|e...;...7..&`..#4.O.]5.F...D.y&.l.v4....8J.m.;.v...'.]HUa.7i.....K.h}....W.j:..a.....vR~T..~|L..39^.JI......"T.A2..L..l..cq.}...y9.>.W..M$.cqa.Qm.!^.$}"....U.\+.K.n+.p.[.zd..D..l".A..H.*.98@N.....0..8O...Bk$F/..S.!;`O..qP7.8a\.%.......:KtY.f..a.i:UU....8i.(..;....H.WbB..r..U...

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\UserClasses.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.973540924762759
          Encrypted:false
          SSDEEP:
          MD5:D1C1C7FC1405E427CF818C060BAAA861
          SHA1:D074BEA7A046BA05EBFDB24633AB91605C2AE5A1
          SHA-256:F5C4FC6000541254F0EB837782AFCD163A4C51E5A6597E91813486DD8F1F7B7B
          SHA-512:E2665E9548F5BC60BC4D51DBC16F7AC060AE67802FC32E2339115858B1EEE14FE929322E37294EFCB56609FD1348C2DBBF9DC744221BD9D56E1040EAE86643BA
          Malicious:false
          Reputation:unknown
          Preview:regf.J....4.1...&.,+...f.F.=(..Q..P.W.._N.~./@....Z.....|.x&.Y..j.....zg4..........U..x...@&.o........B.p@.=G.2l..o........-p,..X....D...R .p....ti..M5..GI.7...u..OE{G.....1a..M....d.....<....~....Q..f..t...q.q...j%.Zo,2.t.mOf....._X.'..U..TI.W....Q.N..............r.....GHr...v*H..k..#..LJ..?.<:.?...T.w..J...Q.}....3...PZ..F.a%...p........".~...3ia?.`..q....K..%..N.9...R.."5.q.#.q...-{].wV.5$_.....w(U.....(..S.Vi.."...1..f{J..[6].x.0.?_..p.^'[.d....W....=.w_..].....64..d...s....'.....g.H.{.!'......+)6...o..M?g.e...........3...R...X.E.RD..)(.B$....{.b.|w.:<2.H.9X6u..7....\.2.H5.mU (.(...MRitz....6.G\.C..]...N'L?.E.q.....*.....O.kv...._..t_..N...F..`9J.y|`.c..ppWW..U.)Nc$.....3....&.Ey.O....e...,.....b.<..f.o.....G...x......y.h<\..m......H..j....2..&z2..[.q..!'....1f...>....;....1.Y.e..5.,0..c....Cj..V..8{.+?*.........z.~Md+...G..9S....v.GL...../7`4.s...cB#.+[5..U:.Kt.^......V@+..o..ZA.....P......L....%@.q.9K.f...%5....~...m...l.'E.

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\SystemAppData\Helium\UserClasses.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.97949262689437
          Encrypted:false
          SSDEEP:
          MD5:FF8478B1C1B447E888174E00A553C8DC
          SHA1:A484A3D5673DB0D995E9FACD31E15AC3A13957EA
          SHA-256:49EADB014FE8655ACB9112CF1075037092B28439B707710D52794A2E6B5C62FC
          SHA-512:37FCE14B03C9C76DF485AFF20A3CAD2E2594D38906F4D655CCBA0600C2968494946D90193B5CA765A2C15CEC804AF11540B2F79594459816B10648FA910FDC99
          Malicious:false
          Reputation:unknown
          Preview:regf...u...nQ.8.....Y.+.). .e.V.mD..MN.1Ls..'.bGo..~.YvH.)\.....a.;J.62.<...F0...O.7.....i2A.O....\M~....(.zX.6......F*..KP..4....hv..x.z...R.....U\..2.aG.74......9..N.:...'..,.R.v71'.:..a..'.?*..b....(.a..........T-0..1..q..^8<.Z.H...N.....b.b...,E.~.+..y.[....r...sl....g_~...Ys..z..zO..Y....8.Cx.X..H.E........aTz+.iC..:...#!..<+j.&U.*O.;.A.......[.e.+......O..)..P..J..Knn....>.,.M]jX)..Z..u.;..#........e..2.q.....`.hy.8Q........W&U!.....h%........j.a.?.7...0..."G.G`.t.c.A..><(.O'.D.Wg.HjS]...F.4._GT.P...E&mey........b.a)........9.5..#....ZH...X.|5o}.2.p..1.~..f.r.F..o...DVM...."A..9...VD.?.e..%..a?.T.h$.!..S"3]....3....}..;....4M.u...B{.}....QC.jiI%..p...r..]6....?.........:.......B.%.4.._...k..5.l......../g.a.k..(.........D.AI.I.Y....W%...!.......u....`.kg.......=....E.......NFb.S.a...._...F.#^_.g.@.......k7...J.g..\..n..'....b../....j.&..8).O..>q|N..1...'Z..f'.wm....cB...H.w.L.u.K.;...@..E.....+4.C{..P/C.V..#.5.a..X..1..2..e.U....t..X..RY~.!..

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.978665258098946
          Encrypted:false
          SSDEEP:
          MD5:7C282D69EF3AAA7CD75184DB99B98AC5
          SHA1:F0BF503565EC6C746AD0CB2F5B0CF40A8CDE35F0
          SHA-256:0296B65CF7882E5A4F592A8B91EB3A33B08AA5B0ECAACA61FF442E42E1F22FC3
          SHA-512:ADE01E909C6258D2B3B12A699CDE4AE26BF524CC0C21DA864BCED0CEDFCBE0CB8536D6C913DC5E26772CED8F9B832E063C7FFECEF9443623AF9CB45103BCD0E5
          Malicious:false
          Reputation:unknown
          Preview:regf..Q..H.N..}.x.RzWa:..Z..5.Td.D].=.3. ..4Z.....1..H,....m.A.;@..5.....9...b.......b.<.~(....I..i...XM..f..|...N7.....D......d......x..Y1...m.z.X.*.i~.x..;..u..H.Z...xLIqX4.F.B-..p........ .(.A......4.....E.uc...-.._..-....9....(#.q.....q[.>.7......D4O.[..P......M*.......k....s.G.z.*.5Q.b.j.....e.Y..%.....M...C..J%..I.H.[..t%]..h.G.....5.. ...0ag-.;.i.._.dQ..qg...z.A.B.ACuO..:I...e...:IQ.......2...C...I!]}58x....K....o...j..Je.2B@.fW.f.k....9...E*8.....3.....T...,!#.G..<.1.a.Y.%j....Sl.o....,x..A.k....`_......@...s......u..3..]..c..o|.l.yP...CI<$.KNNd....F;a.'o..uC..}.Uh.LWl.d.F....r...!.......x}c.p.*.>).......G...7....S..l3.3.g..j.u..../-P......k4..i..Bs,e.*E<khy.>vW.D.Wb.qR..,hoF.@mpt....q.x......I]...f.6-.t.s..H."......;<'S..m.A......G!..~7...L.M.<:...f..../.3..>..I.@.....y.....liD..........L..9...Dlnz..,K.....w.?.&O.`.|........W..%.,.Z/..-.N.G...u....:.[s..>........E...'......dq.....b.....b.Tc=.-NP.0m....#..8...-Y&|.........p..

          C:\Users\user\AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.976913240905629
          Encrypted:false
          SSDEEP:
          MD5:1C17EF8488A4B8AA1D6EA0781F9A9FED
          SHA1:9F19FBC6186E9E669F3D66CAD124CF6120AD5768
          SHA-256:99A8D3864FBAE2DA5D62B5C72E529A3F82AC7190604B7D168AD14640FE12467C
          SHA-512:57DDC76C2D7B332684E1B821375DA2F3607BDEE8D78B93E10ECB6112AC55078730256D0ECEFE9EED3CA2254F6D372D289E97DE4D5C7D752471193639B66DA730
          Malicious:false
          Reputation:unknown
          Preview:regf......F..*.j......4.y$.....cJ.......bhC........z.a.'.z.......K..ns.o8..=...{...=d...0.D....E......./reS..DZ.`0..p.T)..L.J"5...y.d...._....}{....@I.A...i.X.)f. .c....."..8.tfh....8.....#`.U..?.r..UZ.>.#.(i.."r....F.......$...c..........fy..xp..j#....).?...8..L...u2...F=.U1..+./..Z..V$u....Sj............5. ....E:L...K.a@..........u....=3K..r.~C&;E..1$.6..!..:Y..9..l...&.C..&u....b.]..j.e..x..8..v.+.jr..cg.d.}G.../....g...Fl,.t.%...R.....]..c.=c..+..f3/.....{+..&...s..S9.....8...m..|.&>.....y;*G...G.=..@.lh...dL;.4Y..*AU.{..X.%.:...E.y.....t`)......P..D.\B.}.'.ocW..:.t.|..-@._g..~.A=)'....e".-.M....D..".O....I.4.m.a...Gx.s.d......i...C.c.Wq....V....MQ...x.%..nN..._.f|..t.....w.R..........X.b.7.E8)U...........S..RR..<..d......?.v.......-.h`W)...w.......6'..o. ...+.'.B\.oq.B..H..S.Z..b...o.P.S.!.j..q.\..38_bmn........*......l.5.bmC...w..Q9_.L......Z..;...[..a.z....1.-..E.[..;i0....z...u.1...../T.....L.cP....0.e..PcJ<R... .r.ar

          C:\Users\user\AppData\Local\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.978534513699862
          Encrypted:false
          SSDEEP:
          MD5:54401F68B9748459BB53ED5B45920322
          SHA1:42187E8F2C1E6A53EDECB0B4D0DA99AF8E6F5C8F
          SHA-256:E74ABBB08EC10EDC0A7248CDEC17CBA6D1993F5F12D094B9CD61D9BF3CEA49E9
          SHA-512:5725606895C45E64DEFEC664F623DB2BD15BAF33906593558713B876C18E7C30450D18B831C4D86272A9FB04C37D39681295D8F592AEDDA3EF3E523A59F424EB
          Malicious:false
          Reputation:unknown
          Preview:regf.?...NCf.J(k..(...o0.W<57.~.P...C..h./".I.X.5........X.+.\p.../^.3g.@0..g..'1.r.....S.Bsb.(*.yW%....F........d.[Y..2...+.D....@r.. ...-2..r..SW@...'=..E...p..D..he.<.\..G...2....{._.J....IB...........k.@i.fq..Z..|9..L.c.~...1:SN`..+.....t:.......6.\2Y). p.xL5..m><.....?=..n.V.....,..g]. .]q\....U.q....... ..J.5..z..M$.X&4 ....mIOoo..U.Y.......g.../M...;-1w.b>...J.7.X.s.\....`..93.0.g.iNU.=('[..;:...Q....{..,N.5]...M4"4_..U../"2..|/..a.=.*..]{.r}......t..'ht;@m.r.s.%.Y.b..00...'...%:_......(...Q.i.td>$Xb."=.m.....H..d.$.....P..;v.g....49.^..q%.%.V...........I0../.....,.TD.K.....-...@.=.P.&W$...P..r('..H....8..........s.+.H....h(V....8.k..x.uO.(Hvs.Jv..]K=....}S....y..j...E.*..#.cDv...5...........DF.B.....T.......P..x.l(.W...4.?Oa+.W.V1.5.....W.,.G.h.'yi....>u*Ed.]....^......I8.K(L.:y(....2?..`.....~U73'....%|.<.....?Rf.k.8:./........b.F..........]...Y.....JV..Y.P.!....Q\.J.h@...9...a;...#...gQ...)........1j..`*jL5..[.v.|@.| H...`.S.[..W.`

          C:\Users\user\AppData\Local\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.9823491740046695
          Encrypted:false
          SSDEEP:
          MD5:6490BE4CFE4969B7227AC30ADC6385FB
          SHA1:C66F34275DB2182CA14C33F76A891AD1EB3FD52C
          SHA-256:762784C6648EFD611703D4853CADAEE6BEF28C35FAB8401144812B84D86E4477
          SHA-512:0BE975BF76DA6EE57585F9D82D782C0DA064D1FA3219CD215961E7361DD42F1934672D0D14A017E3D3BB6D6105C0B9E7000E5C3C020FE7FEB3CC26528A275FB3
          Malicious:false
          Reputation:unknown
          Preview:regf.....J.....]...=..l......T.A...]....3.-Pj7..F.).......F..<...<.8.I..#........Ss...[F...u..r...]. ._f}..d...X...uH.......(..D..C+%D.....k..Gj.....1..C,.r.Y...W..'....../..._...w.G......,../wH..k.R-..xC....0.qi.......@.j.8N.L.A.8ouv.G.T.'.........i.+...J.....h ].u.2t.l.<=-(NN.n.%I.....j4.H....1...V'.I..}...]R.\...~..`.T@..0..B5...c..i.....Wf.w.b....d%<.O..E......-...(.....TE..._..c\.d.....K.l.B..=tH.-......6....."^.<S.....P:S.>.)pi.......P...n.........k[...d.5.v.....^R.:.t.......S<..0u.8.7..}c.v..>.F....hc.~...G.fj.......Q.%u|....6.i..d}.w..B....f...i....@.r;...4L....0@...>311..x.a;..J.Wl...C....,..*.......]..=..xJ......,..;..?.o.........9..f..T...j;....p/^..@...f.{..<.........^B..h....N..3..!H...$ s..:g{....#G.QE6..0`.E..g.<.........<.3..T...d'..c..@gG.oK.l.Z.#.:dg..{Jn.t.R./?...N..Sxw.gx1.B..N+e.......Lz%...;..+*...w..-L.pZmk.L.q.B..Cn0.....Qy..w.+.x.........S1./.2..Sd..s....".GF..{.*:oI..HH..6.v.jX.".~P...4.....3....[$-..

          C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977889983282712
          Encrypted:false
          SSDEEP:
          MD5:6D871EFED60762EE30BE030A8B01194C
          SHA1:DCF83F7AF0A2B0A0CE2A50BA78EE82AEE669A784
          SHA-256:C91262DD75A5A9A78B117D97DED9B2FE478D6F935A439D2F5741D3850A941780
          SHA-512:CC1B17AF740D6170A50FB8563FF71AD15A724D5488B9B9592ACDE263F32A1830256214B17CC5E7E2E4019079A2CCDC49C4A23CD804CC0658E99A3646838D9371
          Malicious:false
          Reputation:unknown
          Preview:regf..]h.\..cA..... y.cOj:.@.Z.....^#.&wD\g. `..W.....3QpS8..(@.F.@w..kd;.$...T....))..G...p..K...y...h(..sz.O6.......Pr.:..5v.....s..5.......J .2=.8...:x.j$yV.S..K...$"u.o3.D.w.V.r.....Nh.D..9.B..17..=...#....x:.Y.[..t.........`.Q..}.s..%.pB..@...n/$..d.1Qlw.n...n:~.q.K...Y%T.Bqv..i.yQ....,0....[...)".^x.R..V.^...~...3.2nf...I..y..(&g...9S..E.._d...).Q.q...K.yp.]:QEN.<.!.....Q.G......W.)A.....'.....55.a...V.....;.2..Z.4......&[2...;....d.....}.K.qf/..q.W3td....q.dr.N...&3.E............i.i..Z....B.alK.........y.......W3"}..\..uD...4.]8...C'o...T._?.......v.Q.7..+.J3N.irw...QQ.....'d|.M.u..I..E.1g!..q..K..Q.`......cQ..R..J.%....D`TJl.Pd......$.H...+..,...9.3!......I.#5.+.1.*.?%=gb6.'.?.p*.m...Oe_.N.c.{.N..Ic.g.<..&.G.....S#.*T....`.[.+.uI........J.uj..:.D......._...]i..o.=.kk.b~....C..G.f.D@dv.}k)V0..1...*..fm...lC.nb...3.....VJ..0...$!Ft...8c.i:@.,.E.?.$.3...@.?."<..5..R....DY'...O...kw$IL..4..".j.....=....RR6.S.%Qez2(0...]u.

          C:\Users\user\AppData\Local\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.974288141034563
          Encrypted:false
          SSDEEP:
          MD5:6F8BDB95C74DDEF4E32F3F4BC122CE7F
          SHA1:38F823014D9D99B57A8F0EF68A69621B5664117F
          SHA-256:75D4306D48B7BA9E84D01845A1088CA84D6212CECB0C1421273D1056C5217912
          SHA-512:888F2E580039229B37F1D7594B815A04FB5467871F6D0B166BE1486A3F10BDB4011BB5BEFBCCC4B3D34AA2501264B50D3E8021E1084B9494ECB948B4B68BBBD0
          Malicious:false
          Reputation:unknown
          Preview:regf..l3......Tr-......7..C.j..^......`3G.."Mf....%..w5..?'....}...4..g;...-RL..q..q..aK..oT..DF..7..U..Vw.K.|...a.I..T.@.B.b.....D=9v.uN.gVV..F+..}.].?n.lW....E.....*I~7.Y.|\.....b>r........7.i.\..>K..1.\I].._;....#...!I.<......&../.A...L.G.....h..x.]+..V.......0..bz.....z.[D{D.."R.....^A.H..."."..J.....uX.(cA..:;..7...*.D......U..!...%........R.#.T.8Sxb...>..V..Y...~..G.B7m.4......~!....g.%.&.../.i7 ji.P.B.-....9]..............QQ.q>*g.&..|..A.R..%U......?)^.+W.v./....N..(J...v....~.....V(Qp...>rr.*W.....k.VFm..6.<.f.Qh.uE..+.+s....m.$...W....*.z.9.6j..|A>....|.%..3e..}....).....N...e..../.A...N4.f..8..p...S2...=.......v.....Ku...>.G...)`OE.qp.c./.q..(.\#..}.L8A..t.o..SaR......@....H/...4-.....V .b.6...tTp.s..d..r.....*:l..>.t".P.........C...;...^a.._...rM.n.E......u&....|(........7...q.H.....j........@.K.[X%....Nd...?.Y7....)...%..Q.bu%.....)..Pu....n..K2....=:s...p.. .&...r;cKg...B.NZ.,N..5.3..x.zX.%k..U.....XT4.V.m..$.pY..

          C:\Users\user\AppData\Local\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.975001575245284
          Encrypted:false
          SSDEEP:
          MD5:4CB2FA8E62E15F443C8E4DD856CB6473
          SHA1:25EE529933E292A9968EFDC6A0D1E20F368FF242
          SHA-256:4457C25253296975C4ED65ACDF8B3A3B7BCA64B0FAD26C40CCA6876D63914D72
          SHA-512:731A562E13D7C14531275940B4A4BC426D2758115789EBF5A1280344E7D6AE0AAF26FA75C89D9EF7A3D4D254B5BC7AE25E707119D640CB803712403B2CD9E305
          Malicious:false
          Reputation:unknown
          Preview:regf.L`...........I4.+...!.KO.b..x.k..1...DD.8mxf(....#.h..0.........tw...61D....w."b.a......,..h..A,0._)...W....S...t.HX..8.*..r............M"..3....".==......3....d.5....m.....kQ..,..I.J.l,...0...$.C....6.c.....2Q1.&...C@....F.P..3..]E.I...<.k.......8...u....l.T....b..2........c....B>(:U...<,...v.U!pRin...1.VdN....N`v....;w.-.<......5.{|.-.v...Tbr....]V...?*>.4<E%.A...}}r....m.A*.._.x.K....]F...n......\.5\ ....v.KMa(AN...%...M ......J......2.ynd..4.....J...\!.4.05.+=...zX{,......A.......H.N.....f...6......r..K....'3F.m...@.J.....n........$QU>&.sR....j.6.G..q.V..Fc..h.*.#...3..O..r./....~.G$..5vx..N.E.}.n.?*..6...M6.i.G.PN..4...-......T..h..e.. .V.(..&..uf...j...Y.4...$.....=?..^.9.*fEq\..A..0;.S\?.w..O.....s...w..5...`..3.....<{...TZ..c}6....V<+V.r.A7....4....NW.....9......xt.,........(..t.....wQz:%.L..G.g...<Z.....'..q.}..C.....r..p......[2f..n|..*nL.....m..l..]....?"j |..r..Qk+...9....W....'.".|#........~..\..oh.\b.o2.I6"L...

          C:\Users\user\AppData\Local\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.975415848307053
          Encrypted:false
          SSDEEP:
          MD5:9C4FD03E81C9F1A866FF65A665C88FCE
          SHA1:C47880A20F9A2A9255E6F9B47E81C3FA5BC62F88
          SHA-256:587CB882935F6FE12EE194505174D9072BC4BB83A8797A3FDC620746F5B92587
          SHA-512:CFD903001C3F4D7632DB96A097DC6242604E92CF376E99FAEFA0F6D40FBA6439DDEC3812A0F0A8CEACDD27612DF8EE0ED2FFE815C098CC2856FA50A074943D7E
          Malicious:false
          Reputation:unknown
          Preview:regf.K8.F...jw.=u....p..{.+......alX..{...K...(7g...cB.f.. ._..iY.-.g.j....kG..ec.....Q.@..a}<..7..c>5.WNW..oG#...l.Y...6o.s...6..-..XM0.....[..E0.....{eaX...d.7b.j......AH.m..9..1.LJz....xD..|....X.X. .F.(".....uP...M0.>.T.F.7b.R.sU.+.... ..:t...OVe....g]..i.3.f.E..nCT.7..%d.6"Mj..w]..C}Lc...\.......k.$.g^h..j..f.yz.G._........c...X3y.TSIs'.....q.@..i~\...;.6y._...c>.(C.n..St.9.....fywFr+...L.......UQ..G..~..A1....j..Q.Y.i../.n.w...{)..U....DZ.:m..F...wg.9E.;.V&.y|.L.cj1.6t...Tg..If.B... ._.?7ql).?.3....}..9.o.h.m.......t...W....V...........~...os....1A.b...lw..a.<..*..+{.....:.q..K.P...-j....2.sgb.KC...q.s."...#....nv%....K .nk....B ;9...K.E....w....V.:g..b..."Y_...2...1.{.@.Q..d..Z(..$.=.V..j.v...*.Q.r./[.X.+....u~:.cQ.......<[.....5r.0.5i..S.Zr...cL..kY......7......]I.mb~.=....A.&WI`....fJ.us....kH4..0..sl..z.......'...Ji..R4A...h..D.%..L.ZP..?.{...Y'.4.#p.PQ.f.o...5.G.?a;....T.yh..,.D.L..5...."s.....!..(..v..j..o..C........<

          C:\Users\user\AppData\Local\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.976758324209083
          Encrypted:false
          SSDEEP:
          MD5:264B936A8943CD7B7D77D45EF26AE174
          SHA1:1FD36D4FD5FFA7CD019F08A8CC46C0B77BF395D0
          SHA-256:794ED23139EEA2A1AC4266EAE55DCF628E5D2B36F03CE7570FC1B530CB719AD4
          SHA-512:27BC7EC0041D765861EBDA62204F19024A903CBBDB984CE31A051D2E0B1ED01E8A4B1527CB5C106355852A1222206227A4371D857865CABBB2D986AE9A3DBBB7
          Malicious:false
          Reputation:unknown
          Preview:regf....=.k....&bb..h..i..gK..>..l.\.V.*1.....".#@V.l.).....@......uSY.h/...HZ.3.P.I.7...j...q%....*n.....GP<..^=Y....U.-....$...j(..1...U.]...7..9.5db....=...ph..........2.Ah.........E...J..1.g.`.0..NQ2:n.%.M.r..F.P..g#..o.......;.o...Ym...q..Y.C.[]u....3..yo..?.P.I`c9m|A=...2.ldW.....w.....`k.r...-.!N@....v?.K..@\.U.R..W...c~.]...*m...d.yi.,o~..(.'K.Z..Q....|.Zy f..._.....-.Yi...:..Q...w.b.1. ~....^S.^ .@......$r.....V......k]..t...>:.:.....:"..V.A.Q.V...K.B.@.o..r.~].>.%8..D.........%.&.h..=..[.....H.8...4p'e...3W...)$z.=]......U...WJ.B.)%4m./....jd~s.lt@0v....r..=...d...'....V.b.......z.4..m..FD![.Pk..k..7....^>.L...N....W..s..>...C].)..R~.9............T...'.j...T...]......5b....Z...^S..j^.b..#.Ni....L,...._..$ht..._.F.kL..5i.Fm ..z.z..y@!....>RO._....3........3....w.....]!ux.J...=.|.Y.R.M...=.^..SY..s.....wF...-..Y..k.o6.B...mb`.......f.Cb.X..*.C....U....(..G..-.T..5.3.gR&..!...j0..?3..b..'...........[M.% .$~wy...Yu.\...!...r.q.......Vh

          C:\Users\user\AppData\Local\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.972610280916894
          Encrypted:false
          SSDEEP:
          MD5:5BF80D9E214BCCB575219A6E699C1FBC
          SHA1:ADBAF38F87021C00CE5C0435C362382A8479EBAC
          SHA-256:23D58F309EDE9643EDC181B128E1E9D0F1C3771CE5D64C1E33A5FB0F5DAD95D2
          SHA-512:0CCBE997BA8F4F8316BC1642059B2991AD9C07461CEF4A1B2E7A714430A2D91D1A95D83F5452EC57F059D71177E95AB834D81B9A0597383BE1656416DCB80FF7
          Malicious:false
          Reputation:unknown
          Preview:regf.....p....R.F...2P.C.#..d.u.hD+...w........a.SFs.."....v.86`.@r]r.Mx...2N.A..+.(...I1....O[...#......7`0c..o.e5.s.....6..wI...aE...h.m.X.".V..8Re.....u.+....|^......@{;.5!....8@nXM.K1..#.K....%>....]..Z.I...2.......L.N..}!.V..1. ...;.......hI$.Y..no....[s...P..7z.&>.LZ...`..A....T.)x..c..}E.K:>...EK.V.P.^..}.8.*J...O!.|ezD..m..&T.KR...'=V.g....+z\...5..K.~.....SR...J...f]W#....3...1..Q.=.V....Y..8],.Q......>..?.h....._..-s9.|S.....Uc.J!.oZk/.p.]I..c2)..h}..gk.U.A.JZ.}x!Xv{.2.Y<..L.]`X!..u..~.R...T..9...e?.....o..,.U..^'>.5A.".+>...V..x....'...F.... ^N8.T...D...m.F...@.fk..\+..b>O...v..Yc....r...p.e...\.1.f.....Y@...%..{k+...y.G.*n.uvz9..3 .....rnV=..f.E..Q..#Y..u....?.S...7ok......Zp.K.;q..p....;.D...[;.M8U.4..'.....q.......`...<:l^.3.=.'.}.m(.A.>..t}.a.mX......`|[d|._.(.(&_.\..tGH...>R....a..z.J.E.lC.p.m.R.....H..?Xw...C..;...=...w...U.c/.C*;.y....d=3....... ...t.P....;.Bv(R...k9Vur/.!.0....y.j..~&.rV.ii.......o....i....J....Y.8.O#R....<b$.

          C:\Users\user\AppData\Local\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.973459165894491
          Encrypted:false
          SSDEEP:
          MD5:723AC3B23DAAF2EF65D667213CCB528A
          SHA1:993F2BFB76AD7ACA61E909F4DFBBD24E6EAC22BD
          SHA-256:8CB58848FC9AC24BD92475A36994CEC8564FE98436A906019214CD49CC9F0F21
          SHA-512:0CDC432452A6DAFC0913C669630433C7208D51383DE3022243BA6F9CE358FBE5CF9CDA6C1AC15409B461A0B64CEFA219DA8D80A65143038F2C60382A88515AAA
          Malicious:false
          Reputation:unknown
          Preview:regf..-<A...`.(...1.*T"..b.SE.@.!p...r1.uk....xC....t..<v..K.)d..@.H..s#Sh.G.6..F...,.7.fI...Oj..7..F<<.n-....45y.1#.2..:..ELK.8`...mX...E...X.D._....DJ9q..1._.h.w..P.tn..;.x`........4.....\.]Yp1...jq.+..\.....M..GKo#....;I...s..3H!..?.G.L4.....pQ||}S.}..\.-J,...\......9.86.p..=..f..`.U."......|...4..4..{F..P..d...5.{f..9."..a........@%..7.R......T)...5k"..7.46aYJ.....f.|.{V\9x.....[3.Z.....51}.?..g.......;...=.$VdV..i@.%-.?.G.<.n...Rg..8....H.....j"ZH.}.:R.+.}4..JV.3.in...)..(.d...[z..O.'X...k.....J....35...N..(6.8..|.Fr..|.Vt..1.(.....W.2-..4.'h3...$./Lll.).....f.Iiu..,...[."t7.......E.u"....1...W ..SN.m.U....[.z-..T...~t!(...,p..$X.........=.......g..`.8. ..`.@..,<..x...OD...)..W.T..M..1`(.T.Y..9....;..@.."H/.xmv...7... ..p.....fh..,R.(U.U.._..[.....i..jwcTp..3R.l...38..Q.bo%.-.../.I..le..C;P>?.[.Eb._r..UD.".V1T..Z.....%.....R.........+}.Wl...M.7..0:V...../..##.]s.4.mu...\..F..UF5.r.~?.p?..@.....{..@.{.@...h.....:....[..(.7........s,.

          C:\Users\user\AppData\Local\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.980604342376539
          Encrypted:false
          SSDEEP:
          MD5:EDAAFE251100D9D5A021231E2A6C1AFD
          SHA1:F137E915C432A5DD7880EC06A9CA11DD9C118986
          SHA-256:14739B1E22F6AB3694F414670D65987F6D41F4CDC07E1F9461409A56B1D0FBD4
          SHA-512:7C39C23BE913F0279CF78362E2587CDF9B3EDA599D02FC7EBDADE918AB13CA6E0569038F6750F340683AAA6A1228370600B46A9DD5CF2482CA868EA74CD64F4D
          Malicious:false
          Reputation:unknown
          Preview:regf..2.....{......Q>....m.C\M....f.]....]q..+:...L.j1;j...........k..*.].J...............g.q....*....|.\.so.TI.a7A.......'.....-.....|.v.|W..I.(.T..M.....2..gRu..]3.......rt.U:.*............g.jv.*d..o....._)........^..d.cH.N...{{.....h...v..1`.#A...dk...m.f...{.j00C[^.B4.x-2;WZ.N>.I..u..M-.7t>....k.....D..eP.Bm..t..].....7Dk..%....S..L.Y@b..n...'2tQ..*9.Y...k:'.z@..N..1G`B.._"~.v...0H...\I...&..C."....p...)I.{.c....B.Q....(/....gJS.k.S.)..N.=._..[nu.0..a..G.....@.mT.L.wW7.......J...$..l....I.{..[|J...k.J.>..f.o.....V.%bJ...o........`..[.v#.....XR....Zm...!.U..;...X...U......s*>.).Wb.jY.....GE...1...y\..../...}C..Ts+..p|/#>.~rj<.O]....Wi.n..Kj.....j..<..dc.5.PC~.^...!.....N.9eH=.....y.e3.W.Z.."`y.....A.y.-4TK..e.=..J]b_.r..Z.@.d..Cn).y......{\n..{8....&.....0.V.2....*...?VL......}$6.M...Dp.w..Y.....Q..)...)...!_ .......U..........a{..d0.E1<.=...".Q..%z...P..8....j.....po..M..;1t.}._7q.o.G....^..'.F..z.q+.v.2`..b..x........c. @..;...

          C:\Users\user\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.9773776957265214
          Encrypted:false
          SSDEEP:
          MD5:1DCA849950FAB393425BF6696A44A6A4
          SHA1:6CC21CBD0626228F1CFA2FE6F3DECC00A20BA1E6
          SHA-256:6AE5B18FCA1D149F5EBBA12AF1D12C677456F89388A9C792BCAD2AA4863CCA92
          SHA-512:529DC504CE221DC649B8E189BC5E673D101DF679382BE1E7624501AE4A406C2A254973F2D263FD54A7D133DA45109AE60A1D310DBABE37BC0E8924BD68044817
          Malicious:false
          Reputation:unknown
          Preview:regf.3...E..0$.h..-....ST ..F.A.Sk.In..Ck0.d..Y.\..\Uh..o.4..mH......Y.......G.s .=...(..?..".....u.'....*lR.1.EK...MR2...L`.?..-.R.i..4.sx.1.....Ub....p...O7......y..1b....C.9...~S..a...b.(..y..&....S..@.[.]~.0_../u.KF...n.Kg.b...!Em.v....l.G.\s...;...t....}.)u.v_l..Q...>..uH.......R..!...9.Hz.B.B..LlP3..v...n},i...4.....+.>.."..p..nH...,.O..B.:..,..hzmv]t...0.<...c.u.))o.#god..._...l%?[B...B.,.s.....g4..i....A....x.S.e..jwb.....,X..:.,p.]G...s.......r^2../5..X.b.2......&......j*s...LEAsI...=z.3.9..n.rK.."......b.1..C....0.A{mY.I.kl[.{.jq....V.qL..MYJo .d.>..Y...+.........-SD..Z..W......Z.o'......... .........K.u.;P....?..T.d.4g...k...6w..W.....%...:.~..[..B.....V....\.MB.g.*...7w.H...#......#..=.k.7....5..0.Q.~...K1......Se..Y7j.U5w..0.&!.._4f.....o.......qf|1.X.8z...........Tlv#....r....9.i.O..+.^.%RK}..5......m.......G......tq&^V...t...b....2[..M.6.*~m{.I.<7.n...&ON.1.....5.#..'.\.E;...../.Z.<..x....q....ZU...V.K.?.l...&......^D.L6.......

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.975174585048064
          Encrypted:false
          SSDEEP:
          MD5:8602A2C64E9A7F69AFDC9AC7DE9E2436
          SHA1:CA92130EB3710E23C5A311635E6B6002770B71CF
          SHA-256:AFD2FB2C1D63F5C5FEE4567182A4B389879CA060252D03B86DE7CB30C4DA7AB9
          SHA-512:4B554FB5BCECDE937E7547726EF4A7A21FD993A30024BE814AB58B01009BAF324725BCB04037AF25E974CCA46A16CECF778C341D06E70AB733439B7B51B7661A
          Malicious:false
          Reputation:unknown
          Preview:regf..=_....R.)..9....v.9.....kD.A'f^..1_.<3>U...F6..k2c .u......%~...9..O..M.<3R.,:.$..,..RG.m...E...T.J..`....+....Y}x...6nb.....y..cyT.=.Z.I.]..D.n<..a......9.._........g...^Ev,.u/A...d.Y.......T.......G...~....a.X......&`...`.K.&1.m3....6.... .;....` ......dP..HI..;....j.].......Z.?..*"l^gB.=}Z..fo..aF.Yz.W..s..L.>.....na.....)..;.\.#.6,2....'..]K.[....u.%..u.HJDD%?o3....5....v..)._de"..........iEW|......X]....Qy....V.,...#t\..aoR.T..`.....(.9........*ey....xrtZA.$.#B..G..V.)...c..o..}..v.H?...Z..p:.q.U.*...W.W.T..l';~(."../..37....F.V..w..........+......D..@ .....uBX..R.fNw.D._..U.w'..U....dN..X..3..z|~.@..."k..g*.........0.H.! ..f|...l5.g].'._...v.hE.@..L...>..j.&.^...*..-&I].N..;*A.U;H.....NHP..V.........(G....S.X..o~F>....C............H...q.6..4..[.......V[....eW..,.".5....8y./...2.09l.].y...K..:.o.%g..6.(`'Q..7..02..N......C...,......{..^...uZ3.-.5.....&G..%f....... ..Y.....6.'....M...d.M...5......=...N>8;Q......~.v.qW

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.979837125399584
          Encrypted:false
          SSDEEP:
          MD5:77795614EB507741E7261281340BFBC0
          SHA1:9FAA9C241893F3C6E9221EAC27980EDA1EF933B2
          SHA-256:D8AC907BEB2A3F0CACFF6FE3AC3403BAE0631DD6CFFC6C3B7D690243539B58EA
          SHA-512:37D3A45448E618947A9F8EC3B3AECF20852724EEB7854A50334D22A1126DC9078F4BE459AC38CA76F0A9B2CDEDCE338520BF00E08B21E50B7EAF3D6DFF8512F5
          Malicious:false
          Reputation:unknown
          Preview:regf...Hr..M.{.t3^'..:%aO..jm.R..k9.nC.-.O..J.WB()s1.'.1.P..1...co.k....Z.....u<H...h^.>......W...M....`(H..x..(.s..N..V..7.0.S.W"/......|..-.H.*..]."|.hcD...n.=..JT.'...-a.9..1e.]...c..rJ....q..xy..78X.._..ee....D..D1.H*..s.Pq.O.....dr"....VY.*...3).z0.$......4wT.n..._#J.raD.^...."...U.2l.....n{...........R=].....5.L..#M.....Okm7F...'...I..0..........e...g%{..........>..7..0fpn... ].;....d:..T......_Q4....4!d.%P...@c[.RY.M...Z.Z......c..w.<.%^@ .v.O%..s.W6m.B.6.lT^....F....3.V.mY.<...........KK"z..k..l..W..j...d.#..+BiE.v=%..W....bS.kMEa.N..4z>'b.8.XsD6..8....._?.o.|..8...6...8.D.V...Z..."..H.NW.Z.;.z;2[...t.C......o<)...@...|S...W.....p9..Xqd....C<..w#.Yb..h.f|.d.y.....y?...ao..1..d..#...*c.?5+$n.+..A..#.?,.%&..e..k.RJ.>.ve1.s...+.JZ.+!...D..h[..'.+d.<.@..!Vm...E.s..Fr."U...EQe....r..f....|.-K9.&.L...N&.).....6(.7.v.... ..8p.+...r.r..f..o.YrS...+..x.Z.......1.Z.h...<....Z..%0...+..&...R..&...S..({..<.Pq..,,./....h$B.#M.4.A.F ....WzW.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.978368265642779
          Encrypted:false
          SSDEEP:
          MD5:BC989987E27040C8D599A729EAFC06C3
          SHA1:0FF0861CD9D67241539145FB7E4900B3BF857ED7
          SHA-256:C14AAFC3FBE557BA48BFFBD9165C87536863A9BE3BAD3324E7E63B1B3319DC89
          SHA-512:8691611C3A22BF7E26F505347ED867A1C4927EA83ABFC2FDF988F7E39B8603E10CC780A642C0B5BD12419309BDAC108725E86908220AFEE15C220B23F54B663D
          Malicious:false
          Reputation:unknown
          Preview:regf...7e......%'.c..Tq{i$VM.b._E.i. O.o.*.Q.D.&j..../.x....B*..7.....I.x...sFu...3=......)1H`..([e.....rr..\;1.W......x.......x.R.a7....B..[.}0._..T..$..B.=d1.k..%........g:...).H. L.B..^kt.B..v.q.../...q....X..5w2"...n2..L.0J.2jB.........pys."k..h.Xb.;O}F0."..b9H...}......P.A.O"......^y.o...*._...#.R.YI..C))....)...f.R8H;..Q;...".g^....:...SUT.YE@...L..A".[D..7s.`kJ.....tPwv\}O?...=B.?.(......\.........OWs...t..Z"..^0.=m.S..Z...r..$.[#.Q...\&q.6T.....D{..x....1..cqV.g....' .x.....1z....B............e....79Y..z..F...Z........3.(...2v]P;.}..f.C..%.-....|....Q.u......_...^..@.o..X.(.`\\..@..7S....a.%z..u.T.. .%..om..g.?......;....LhCJ0=_..%z.&8y.8...8Q...A.V....7.....6.b1....:7...\Z..].Z...P...:.}..C.../.q.0....<.].,.^.;....s.....D....jx.`.8^.B..?z3....(q..q..x....G>m:.Hz.mVg..].Y. .o..X5._W.xy..s....A.k.....5......n.3..#2.X&.?...PJ.N.....{.s...w...o........<..Q..u...`...p.!......8..V...$...4.F5....(J....LX..Ez!1.=s.hh..A./...H....".....p9

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.979283638293422
          Encrypted:false
          SSDEEP:
          MD5:2C8BE44531D0900A7374B4965A0C9014
          SHA1:19C1ABB3CE94070D2F6BCC6016E136DB3CF83CE5
          SHA-256:3CFBA2D3DCA307BAF7167220D93C6BBA56F998D331F58CB2D68810C5D8F47138
          SHA-512:EF64A974C6BF83588F4DD04ADC533B5E6A09C81B8B8CD2448904797E744CD8B1F0C4DF87193D9F6064DDC8EFCE1680A753ACFD75E5BB18F36D7A81DD94CAEEA0
          Malicious:false
          Reputation:unknown
          Preview:regf..!...xw.X.la..........:r..`.(;.m`P...H.Nq'.>X..O.y`.s..).....47........Qa.?....1..8...).1....T.4..v.....g.e.....X..e...U.z\.N...W..Mz&...\$.NQ..^....[~..\.t...[..._.V.....I.as_GK*,y..H....R.m{.....,0.......5>0..=...Q.(k..BP.qc....0..=..............L".....d)yW.... .)zL.....8..t..m..8_Nu.$....l.+...a1...b.....1p..^..RnV ......f.>..+..<...@A_\...U...II......Z.S..+7R@.......\...>..T..n}.anY.`..*H.$......;r:i$.B...@dO.....".?...3j..].W....;...L.[..7...io?>.9..A............G.D.n.B......,+./<n...)4.T..H M.hHw+e...d.._a.......X@3$...=....%Y...V*;.zz..z.........[...F...k.f.J..~.S)....\.V.......|.......0....C.M.Q.s.........)F.]0.M.Z!..}i/_.K0yR.+.c?.}..g.S.@.RP..q.?.(LfG.w...H.....&F..CY..%...D.......?A............8\u....T..n%U,..(.....s.../.....Q..^....v..>.pH.NZH..-+.g%D;.<B^......$....`...\I....;.'.H..h?n..T(&.<S.~M_5F.....4v.e..,.]...p{.....U.dkS...|.a.~R.....!.m....U.C.X..+.d.?....n;......K..r..bt..r..D)M-!=&..I..1 .;.$e...w....7..

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.edb

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1573198
          Entropy (8bit):1.330618444832993
          Encrypted:false
          SSDEEP:
          MD5:1065B8C1D0E61E6137A8B3FFDCD8C33D
          SHA1:E6B860C1B00ABE8D98298C58126F9B477A1D65C5
          SHA-256:1591FE4BC92DF15B2BF43F057B0A2902FB2FF779C02160CC3E5F36882EEEABD6
          SHA-512:B8773B00053AB4D4AC77487B7B6A0ACB026E5AB7B99D9D79F559371F693F4887004388666C25420A2AF7E82623EA776EB7ECDE7B3890B76F0A94F127EE4D9965
          Malicious:false
          Reputation:unknown
          Preview:..i..L.6...cr...C..;..H...v.l.c.[.i..K..x..|P0xl......U.W.1..ev.#.JT$...O....1..Cu..B..^..i.y.n.;@{T.....^.b....?l'1:/.9.?..N{...[.g....-"ve].8y.,.%Z..\B6.3...=Da...)elN]......Y.3.5....rV..bO.D...AYBH.Z......f.Y.]...0...BJ\....+z.{......Y/r.Ty.a..f..]..YqH.eV~.....z.?...wZv....p.w!".2.%R..v?"...V....#..%..h..j..l.3..$73Fm.QU.X..j<.&l..@.....i..D.~__=G.7.].....\q...D."FiN...hd1...AI...B...O..O,..`Eh.d.{|......6.7L..d.~.!\..[Tz/.)j`..{..nh.F..}.luD...+....h..7..J aX..A..#\\...6S..9.j.h.y.J..)Gnq..".J...q.....W..3.Xb.=.Z.z.0.N..M...,......+>......Wf.Q..8.7.l>.8...E.....ga..d.......Y.:.te......v.Lz.....?.:T.Y.."].r..v0eH.;...O...@Q.r./.h8T>7.^.......U.B.q.`...?.....tP...H..q..X..0<.....!.[...#_D[1...d.z.......|......J3.%.2..m.%.C...Ud9.AUa.)...!.~.Y).1.....3A...w.j.0....VG...C.I.....2M..%..,T....G..z...x-h=...tY..Tb.K.\U...,.f.eN.fG.... ..].F........rv:..2+..d..$..e..Om....4..U8.K..U....:.E.....q!2G.:..e..y.]$.p.u..F[.q{".mF.!..!/}E_.!....P.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AppData\CacheStorage\CacheStorage.jfm

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16718
          Entropy (8bit):7.9880160849147845
          Encrypted:false
          SSDEEP:
          MD5:9F8C43428462F64B0F1BBE87378A2490
          SHA1:CF70B44D13600B4D5838A9686A69529C3BAF9D44
          SHA-256:43F2351976B2853825ACE9D059B0B89D242FB6848BF65C16D84589D13F241C7E
          SHA-512:B64145F150A0AE19B91E2704A3A0532E10E39F9AD1867DB4179B63D7B5F60137FE2FD9DD36F30E82DF85E11849CA9C2CD2003643E73BA6A9DE76EAFEC6F26D73
          Malicious:false
          Reputation:unknown
          Preview:.j6..>%..X...=...h.?0b..9v......'6$..7.......F0p.s.K../l...w8...iT.PU......_kD...P.w.6.........-....+..M..Y...k..-.|.S......C\\.e;}+7.....8....@,.nf.>..GF..O..3e..b".T...a......1...Z.=m...~....`.d";..7..c...pl......g*].....:M....../A;0l+&...f...E.*.d..?r.....U.?c..,|....D2(.=3;Wrz9..gx...Z2.6Mn..-.*=E.,.y.+......McX..~.h...(.c.7....:o.]w.....S........e 0q.*.<<..H..~.s..{.9........L.*..I..w.,.&..?.k.^.h.z...U....2...!.]U..S..tA\t!..F...{.C_..9....../.+@S.2.e........if.O....&..l...R.J.8.N.-..x.J.P.Q.e.,.SZ...2...i.1.+..AdTk9.r>..Z..........TSZP;BKu..~A..V.~H.....O+.+.`.....%.<.{3cn...mJ[&P...>$7Y.......d.....>#.H[$+UA...>..3..{.-....N?).....}..&,...qv.5GS....`1.W[1..^...~P.Z..-...Y.....>.W......\........[.:y.U.(....%G...[...H...."..x.$...6.Q.~~.Qe......GS.g...3.60.......".....S!J..jY*......9.A...=..j....6..9D.gjl..>NF+N.lh."..s.op...+......W7....r1.Y......$6.[.@..h..`u[......S.*.*.Tp...#..t.>...v..d.s..M8..1....f.*...L~.[1......]

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.979586719027168
          Encrypted:false
          SSDEEP:
          MD5:E89BC1F0FD264DB3C6095086DA1A504E
          SHA1:E5C2C111CECA98F7E95FA2277EC83B91AA2D80DF
          SHA-256:F2F3FD9E1E71CA9FF6352E76A9409B525137391215EF01E8155418C9B70B2406
          SHA-512:B3C66DFD1FCF2BC726236F0FA68CE07549FE7B1B165DF5385455FF91476B2F5CBDAEC5995090E0D75DA04869F521B368DAE5547E4C8C49312841C6206C8F36F6
          Malicious:false
          Reputation:unknown
          Preview:regf.t.h.s....g.....*..H.....2.6.Y....4E..C8TTg......G.eT.....U4..a.)..W.[....o..t....F.g-.X...Y...n....!...h.gt*(.,.,.....^8..7.*.4K...).\../...S.INW.M ...R>e..xg.2...91..U.m.n......7Re..H.4......O....2.Q..1..0...[..md_.......<Z...)m.1,..\<.N...E`.x.Px=+....:.#..G..:..4KZ.J.P.S.F...3m'3Eff...'.p.0........E......Y%.D.V.!.}.....u...'..WI.Pd\M8..a....*.p2.Q-....[e..n.........@@v....T....b....`G...v....4.....f.(..D....%..3.*.......f.n..S.P.i...rf~.p...4S...p....0.0Y...J...........dpS?....J.1<...y.I.\..).s....K..R>.LU......j.*$..d.;Y[..z.....?.u."w$J...Z..IY!..W../.&x..G..&.1...+.(R>...........K..O...0....].>B9A..FE...yE.k....=d_...BEa@k$.}..?..;.rC.....;..D4.`.......g..K...}...X!...;....gR c......92.U.O...<.V\#t...u...<....8$0E...g.m.Q......#B..)..#..P...q.i.Jc.!.....toM+...(.F6.o....."...I.5......j.Fx.b..6....+...Aq..6Jc..\M...j..9........].H..h$.k..b.5......P...\u5.4..L...D.x.E.Jo..\<....qaM.........bM.}...l.......d...,..'ElE.5P

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.9760600549412235
          Encrypted:false
          SSDEEP:
          MD5:E905AA15C039948DAB8EDE54AFE15D91
          SHA1:64D3A8F288D4AA34F470292116C10A4A645162A5
          SHA-256:E46C2A9E5E3860519E76440A19F6E63DFDE0DF1057AF6EB342E762BD88BA7A13
          SHA-512:6F8E24532E223D9F78830E5FD20E03AE880E95130F64C13A6A8171BA657782554276D02A9227CCEDE53CD67A07A96D0A70A2086311ECD23A19C18B7BDCFA8299
          Malicious:false
          Reputation:unknown
          Preview:regf.>.f..Nm yK....xZk.......w./j.:.v.L-...p...m{..E...5.BW..rC....c.%.(.u..G..\........3...d.D.....,%'r..w..}.L.D...,yP.@...+@1.1......NH..D..O.".V...Zp......U@...VtX.i......t_.qf.pv.7.F_.._J.2L...o..|......r.N.q....!..R.X....t.o..3u.s..CW.m...z.<qX.$...^D5.2..a..*@.z0..H."...I..a........lc..r`.az.....?c.".......4.d(...,....S.J...*.}O..r.d.g..y..........I..0.....Cc .......q...e....M%,....\~c..(.7..-.73.O...1'..4.o.....:M.S../@'i.>j@..\.u....j.C.Jo...n(:.:g(.>.t.%75.H..#......`c._...!..>...t..x.?f.......V...u.........I.$\..!,.QT.8v...GJ....B[."..p...hK.5UH..%....;..&......kif......g.n.!...._-.h~..p.-`.)...Wr....'.....o.......E|&.%&..#..p....7L.' ...i........b.Dy..3.f.6.c.+...w.q.e..p.....T.%.g........x.S.....M.{...<..$..LV.Pt_..[t.{O`.#.L...A.C....'...[..\:@.6.i...BJ.f~.|.....ss.....g6.......(.$.Z+i....$,..m/!m...J?"......(....p.[........].9.*b...q.....OD(..+...X..N....l.r-a...'i.,.&..*b..Q..q...V..~..I....(<.T.^.t-6..a.*.r.......;pH at.H..>F.b>..d.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\1462701a-a6db-4aad-b385-c9d9c754a01d.c9601ef0-023e-4f94-a064-97bebf0058db.down_meta

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1654
          Entropy (8bit):7.872785486710795
          Encrypted:false
          SSDEEP:
          MD5:0476050FD540F2CF20C2D88E442C0D0D
          SHA1:0A7AD9CD0F0409D3150BF19190FB3C4D871BBF8C
          SHA-256:1EE20A0A60388E8CC444FE7A7BA55FD882ECBCE87B09B25D5C26BA1447BA4387
          SHA-512:A6A5547954BE821C7B10FC64D292D5C22C277ADDDA6F3CD26497CCF26A96106E4EAD564B479079E3A4F876350EA653046A38D66AA111809E576337D71C7F86D9
          Malicious:false
          Reputation:unknown
          Preview:h.t.tk.....X.zS.^..T..x.|i;.R.X"\.K..y....`)......D~.X.-b._w..._7..QK(....o..wX]&.C.y=..u.......P....m\.C.Q!..}...`........3{U...1^/|*..[.X.6..rK..!.#...u..p.=..U..yI.....6..Tr.*...g^.).D.6..5......{|+.2S..W.G.Jkn?`$4X.POMa}W.....+.0..^....@.....y.c.)..rr.G=..*.-.i..ZE...L..`.2...J..\ .....E;1...I'.Z.#......i........jt.[.Y|..0..!doB.....o....(]..]..be......i..K`...T_.H.......`.>!.}Shm.1....i....|..M... .y..W....o.C`#...$l...t.../.>wX.....2E@f....WCX...Y1...D...I.."...Ki ..7....B+|.._..8.1a....|.).XAS..Z..0..N.~....2.I:....4.}.......S.vW.}..}...[._K..4..+#...../-.n..y.F}.L..hk.l.#H.S,..i.@?P.+.ch'..7Kb.......%.t..H2...J!q..FYCV.~.ME.@m...T..S>.^.. 7..6B.;...........QU....)dY2.%...=..F..sC2.._..y..\B...1...# ....=.F.g3....+...RR.Sr.+.0r...D.....^{..M....T.d..4.4l..7..<....1G>.w....z.....k.ZLJ..8(&YU@..Dd....s?......Q.g$....ka.|..#.V..V....>+SRXx...0n..|...|{X.].HH.......(.B.w..2+n..h....rC.Jz..p....*N..{..;._...$F..T..Z..*.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\1462701a-a6db-4aad-b385-c9d9c754a01d.up_meta_secure

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):836
          Entropy (8bit):7.771682740187461
          Encrypted:false
          SSDEEP:
          MD5:382D1FA87C6AC5839EECB91679A0C0C7
          SHA1:FDC7FF9A04661CA3B6187DCC1505EAFC6054F4CC
          SHA-256:F90FF01CB501AB9F421679CAE279D37F5C1290FC8D0FBB04CD10AA817EFE8632
          SHA-512:416DB324C867E02FEF4761F10A41A0278ADEEE4E19DC0FD6D52929869DFA6AA5C443CF9F44EDC969D4DBC1C886841AB56D57FE6B7582BD243BDC57C467E97141
          Malicious:false
          Reputation:unknown
          Preview:......^7QU.Z,o.O..z..Z....R.*..<<..,.P.c.r..J...+..M....V...m.k.3...-...!...1.......d..=...C.@.........bI.....B.6.I...S.K(.. @.x.).N...S ...j..p*.Hi)....Z....Jq..p..._.......3....)..YK...m...$...."p. .H...W....v...:..@|vU|....!b%..d....?.D.5.N.}~..B'.J.}u.r......;d.d.|.......o.+..Q,.:.I....'..0>.9...Eu..L8g...XU.*...qb....&..N.5.. ..5...9'T\..QZ>nG.%..<.=.Gy.-.vE...<..Jg.C..5]k.#b..)...........h6..x....k...%?.j.[.......;......S3...2.bh%.6.A3...%.c...E..........cDU..(Q.....~)* .E..n..f.....r........GU.7............YXi8.$...[.9.l3....A..@..H.k.E....,.n..y..F....W.np.....S.lF!....[{g......'F.... .<.....yD..\.....F(..XB.........l.p..xr.D@...v.....-|...{!..q.+T.r..et.&....X.E.y&Gc,v>,=.!.1.1.y.#-..?......+.._....XV.<..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\1b0dc70a-9618-4dcd-a0b8-b94ab91a98d7.fe7f4a76-8a21-4f83-9b04-325f7af71bdc.down_meta

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1428
          Entropy (8bit):7.870401097825051
          Encrypted:false
          SSDEEP:
          MD5:8A08563FD4503BCC9CBE2467D8C485F4
          SHA1:5B70FC9D06FFB15C2E61E2259B726F929DF7B094
          SHA-256:26A1ACD42253437C6FF2A4FB0AE8B367E64140B7D41A834623D02EF8318A6647
          SHA-512:4CFA2BD5B00E045174D0EFC2121C86FC54CF65EB65C10FEFFC59380A6EB75890B50F4BB2CA067C0E47853F554159222ED0BC3E4E73A3643968230507BB0237DC
          Malicious:false
          Reputation:unknown
          Preview:h.t.t.K.....g..g.F.......C\.:........gO`...... O..........#.....S.x....q....K.o...d....oQ*....c..'....E..xh..v.........JU..z.O.L.....P.*..~.5...D.. 4*..*.....]<.9v....1....<..e.......D.......\.!d.G.|~....9?...3.x...m.$.ne..9....J.`......H......i..m....\.....Do.."9"m..i.z.....7..C...t-.k)+..j....:.a.m~~...8..+..T....:.......:_.....(.$St\...+p6Bq...."...X...L. ....m..R.h.y.q......85..k>j)$...l.h.6.y..rJi....J.......(t]......7.2.M:..6.iep).I.....?Z2......W.!c.-...$.......~J)...R...h...[....)O... 'h...h.Q.9.......}...ERI..8m.....Eu.~{...{.Sz.[.......q.=...........N..h....R.........T.s=`Z."[..,2<l.L.#f....%D}.F..-..dw)..FZ.]...T&..g....2..?.7^..0..Ecx=8..@.>....'4/.i.t.~...Xi7....{.....v.....n...w../< ......G..<X.... .D.zU.ABq...v.M.AW......;..Nu....k.&.3bo.`.<y.......1..t.{..y......0..h.....T..x....u-{..`k...K&.9`07.y..J1s8.;....?..8..a...).0I........k..8NI.....&.......D.......[.V......2,..W.e.......H!.e.Y..O.i...T..3......;..o.h.c.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\1b0dc70a-9618-4dcd-a0b8-b94ab91a98d7.up_meta_secure

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):964
          Entropy (8bit):7.78256479886408
          Encrypted:false
          SSDEEP:
          MD5:DC27F83443C2BCE6A022DFDEAC772579
          SHA1:493D7EC95677BD3766624EC2946A79831625FC69
          SHA-256:081266A0B502C3A42BAB5978E205266F725D0B65801260F1DD6A543CC7C08324
          SHA-512:CE4835448BBAD7D97F68E4FBBC38C888FFC5CE92D34D4135DB5F69B18112786137378BCA2C7925A1AE5B314541F5F2047F1A594B0154925F750A9DE5A043DFA4
          Malicious:false
          Reputation:unknown
          Preview:.........5.^..+.:...b..u.d.X~.Lz.7..,..Pu...T..F.d......@.#..\...>..Ofm......b...a.....g`..;.6..?.j.8.2...rm. .r.,.MH.%.K.QD.KI~>E.4.8.L.qVM..<...B......\....|.Pf#. .O...xm.BU2.\..UH<.....Q.y.7yH....o..^e=p.Q..>..s........3..:k8........}../G....v.=3.].p..a..........`*L....{...,..z..zUrM.P...A.U.v..\.l.....XJ.\!W..wQ....kj.._~.".Vl.73._.I..7k.z.,DU..i..v.N.,.)..TS.i...m..}.^.i...&....>m.-..l3?................{...i.#Im....9..-vg...X..~.@.}..E....a......7.7....8.|.N..i...m.Ls.{..!...7H.D...(i...|>B.s....&...?....C....tbS...<_!.._....|....[w..kT.}..E...t.. ..]...v3^...U....i!.'.h.".V....2...M.L.nsh.hA.,.YW...*w.]...WK.;>...s.b.?.....F..A^.rAS.\.w.....FQ....Lx..k.H:@Qr.YN...y%.......Sm/......H.A_..F....44.I.U.mN.(-q+.E.G%%..4.RJk..~K;k.D.<.Z...)t...M.........^..%...o.P{`G..s....q.{.o.p_n..y."%..mfj^..k.?gX......(.m.V5.e.:..7|.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\22551497-ca02-4ce0-99b6-c0a912f8688c.a0c0cd30-5ea0-438b-8404-f2995662b7bf.down_meta

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1658
          Entropy (8bit):7.882038250503422
          Encrypted:false
          SSDEEP:
          MD5:0CCF685A4C0D6D963BCC5231848F4ED1
          SHA1:F310AD98C59BAF45C53A227F31C21690DE4A71E5
          SHA-256:CE83FD639B540380F662167E63688109A448CCE7F0FC787214D826D459FC3AC3
          SHA-512:0001407AA707C53705D07B5DFA21A3D84A6F3187A94708546EB8952EBA3797BC01435713E2B5ACE4F12A5E31D932465233BC78D661D3C0226038EC3BBAEBAD32
          Malicious:false
          Reputation:unknown
          Preview:h.t.t.5._..........%..~.9.&q.h.M......7.2\.Z..xu........%,.Nn2F.k....vIBu^........F.=...k..3.s.o#.!..#...0H..X.C.G.Lw9l.{i...mC.."?....b)..K...z...h....Y..].e`..T...%}Ty.7..I.... J\....H.O..!}.^;.......u....k.$.....^.@..:t..uK.....|. ...$....k.V.k..A?..{S.<...9...N..I..Q.HS..&:...R!....g.s..Y.T..T|X.....#a"...9.3......\X.o...'.|.v.".`7..:{\E....".S)F..#.tX\..z.i..#.B...W.).!.XL*I......u .8_.w.0l.H.=.Z.v!....U....y-2.q.QV..e.?..._..IK..2r.ck..(...).@.\.49.1A..3....nxA...jl...i.r.D^.\..P.=..]a..h.>.T...3..v{a..D.J..=.Fa...Z....d.2..,r`.%V.b..r.V.).}..w..A:5h..`...m.q?.}E..z......,*0)Cg...:..S.......].`.. ...g3w...m*.y/h..G...%...#.+.....=.p. M...I:..t.B.@.F...7.....v....N....C;...&H.P......Fk..(....]....Oa...2.t.x4};.O....O..;o....../.M.=r.@.)j^U,l....q.C...~J..k..:K<....9p!.....&..P....BJ)3....@na"...Iu.FV...Fc...1.....9.v..|"`@.../.>[...x.....@Y.tg.^..9Mf...7:..mI.s.o.9../...@a.F...(x.&.,....+.D0.........dL..=.........1^....^..V..n..

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\22551497-ca02-4ce0-99b6-c0a912f8688c.up_meta_secure

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):836
          Entropy (8bit):7.719195080696344
          Encrypted:false
          SSDEEP:
          MD5:393D3FF5868389C981217E426084F7FA
          SHA1:8B087AEE2742FBEC4E71FCEA7F8574BFAEF82E5C
          SHA-256:C5DC1C56CC7E48D9A29CA264816D82E7AB2F85C9DB550FD8547B1F3F7C9F93C7
          SHA-512:4C279FECD3FC3D51ABFBD4441E2160D31FD3B0FFCE9A91A13D182FE9F8570AB8346F090A67302678AE7FBC00F9668D71E5C32E221C28831636D71C31DF45F59B
          Malicious:false
          Reputation:unknown
          Preview:..............s...!].3%2.&7..Y.......3.&Js.B......tQp`b..Y6.......^..BQ....$,..@.z....%X..jP.:....PBs)).x.Z.,.-..........@.)p......H.fe...B..... ..aB.7........A.85...wgZ....8}....Pi.&.*V'...r......n.I8jx.A..3..r..b2;.s.v.kb(..lpK@*....IK.....#....lHTBT.....L...VW....H^A6.ZG......J*Yyg..J..]qe.=k#M.?f.5.O....E:.y.#I.;.ssg.%..I..4t...\6e....(....dM}+k.qHH.6...V..3.yL.+{.0..&...... ...2h....)#..8C.....j.sJ.G.[,w..<...Jo......9......j.........R...Y*.,vjJ....@0..>.>7H...6.,.}..o2...7.-.F..lJ..9..J.q....Vx.A.\.j...H..(..xU...!.6...g.Q2..>..W!q..2CW.1e..m.!4X.0...T .\..v......P.*.$m...R..dle..Ic...a..3....rb...*................i....2.....t...)2.XSw%..2.....t.~MW....l..I<c...=....[);g.2..D,I.o.:(..SSE.#.z5H....HA..X.^.D..OXI..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\3ce6238e-2895-4ba4-a6ea-2bd648a0e9c2.up_meta_secure

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):964
          Entropy (8bit):7.800230866488976
          Encrypted:false
          SSDEEP:
          MD5:626E0C27584A0DD9DAAC6EAA0C7AF6DC
          SHA1:D133CB5A349F0C70A805728C7332F2C5ACDA658E
          SHA-256:B9F309DF0BC3FA048D2990992A91AAE7F58E28DEE89ED74951F6AAE2626C2922
          SHA-512:97D66A4C0D456B41B51C45B91F348A0A5EA9DFD536E44B475B91E0487936A4B9838961A5314511DAE3F64C1B5B3A0EACCFFF12B17EAEEBF5B7DDEECE92454413
          Malicious:false
          Reputation:unknown
          Preview:.....zN+n..t...tL.#..e....N'.f..b..Yz6.W%.....!.7..W$..~..\.mW..-.%..Q..5U.`.......|O J8..`.Vw4..epZX*..o..U1...M..-2...{.P-EH...).g0 ..<.....<.$.@U.....jKk............]F...*.....E>o,..f.{]F7AAX..4...>.10........uH.(G..x~!.........c8U.z,.b..._..|0.&...1yh. t..!4......;....4...o...R...M..7.d.nt.$vo..H.~y..x...q.q..Y.m........F+.Y.5|..o.-.d...3K....].g...\......M.4.t.s.x...Z.....a.F.$.f..P..:.n....'.....{.x.)..D.V...F...X.S!0...&u..6..A.N.M..j.q/.ay..M..U...7..E... ...Z.+..As..O........z)O...CS#..~[..E..Ye....^..p.V......@....M.....8....%D.mj..s<(.:2s.d33i..v5...qe.q6.e.Q:...jT.`8.Y.1..?..;.....9....O.Z...9..q@_..=..h(....S...:.z.Y2.^\E..MA.......F..z"i.;....D...~..U].$e.7.o..+..l.4....zR.k...'._.@k<.oja.....2v.O9T...m=......M...$.g->.o...8.5..Jw.......Dk........F`.......@....1Y/Pw..I..........[3k.g-L.......r)Q.......!.........V..el.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\314559\eventbeacons.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):10664
          Entropy (8bit):7.982085326128729
          Encrypted:false
          SSDEEP:
          MD5:C57D03DB5F93125DDAA5B9AAF19C2DEC
          SHA1:5E886527827DA945E9FCB6AC51CA3F850CE41295
          SHA-256:15667F989D5ED3755CF0E3B82963CB2C08A81F9D5BB4B2FF085CCC201161AF90
          SHA-512:7A3D8148DF94AEBD6A2B878C3F559A5C1E6B5E4289BFD868C60C127C42C3492D8A00239A6B23376CABCF9B3C473B336D1E5B109B41F8803FE2CAA401795ED018
          Malicious:false
          Reputation:unknown
          Preview:https]......{m.R..y...<...eY..i.eo..'..;%FZ....r.r..B..........M'7..{.....7.C<.A...?.]..G.-T8....{....._-.;\...8./h..@...F..(.....GQ.c..hm..Dr..^..q..$XHW....+"Y0.8...q0W..\...,.....H.+y=.`~s)~KS....8\..../..2...:..q.7R.l'..o......b..A.j#.4.q....E.o....NF.x.;..d-H....=Gv.......ra .g....h..(n.)^.I_>..9.k.A....O..)......`.Fq.?..w0W..-....{..R.'......j:.2.H..&1J...%<...iVM....w6>.p"h|....[.i...p....\.....1.4...@...V........[...J..Lu.P.~.~..q.N.5..1...."hS}w.6.*...>......x..........V........g......b6^.#.4,.Xf1..$.j...N*.6\e.{8..v$Pb..}.q.....Pa..uA&@.NZ.....x.:....6..y........b6..!{.....h#P....ogJjp..^..P.....XWFv..lI..p.<L?...:c.\>c!.[y..K.....g.".&.G..jQqC..w...?>.........3....G...>.r.Z#.;R..~..|....i.....d....MS.P.d`...g.vMr..a....;=..B}^..H....T...^.MS....V4b.P....?......\.p....n2...[..#.JhCV....j. ja.[.x7_U)..&M%7............N.=.... ^14.)...#P.k....._.....Q..XB..W.8].@Xw.o.....)To..K....m..(#.)....?..z..{..qW?!.2...Q.A0.`.}..:..I.8

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):131406
          Entropy (8bit):7.998578289055537
          Encrypted:true
          SSDEEP:
          MD5:58D71CAA1F8432DD0B9AFFB3CBF460BB
          SHA1:C8589FA8818BE362451A7B9E6C2AB13B32040117
          SHA-256:CC1CAD16BE7CD02E2C694A3DBE230AF060B5EE1F2A3E1F92D0336CA7BEEE6AA3
          SHA-512:D6AD154C8F46A5AFFD53EB92B34FC1D90C0F94C6E1F974DFEFC7293D8611D8335BD0F7B594A9A3A17BA8B9C2EBDE2F54F7C92C667699BF77B819DCCCB7A69CA7
          Malicious:true
          Reputation:unknown
          Preview:regf.A.tO...F;...X=....}b...*~.......]LC.$.T..i...d...M...@Yp....5cs4.0u.@.=?c.....2%..+f...i.....[.................gS)..g..F....c?].X..v..I..{$.E.'.Y.V.#H..m....^Q..........Y.....s..4f=.x..j7..X..n..\.........a]....(!<..qM. .,.8`.B>...w.Q"..v)...0.~.....).../n..QT.x#.D.1....X8..!./jS.Afo|..:?..~Q..v@.yy~.G..........el/.......E...z~.;..lb|=.T.8......[`|*_+. ..D.]xP...U3.[... ..@%..6..........T....,..B..U..HD(..;[.U.0.8W.8.RN.U...N1n\.G.......>..^.......1.(......J..{..S..I6.o..b.Z....9....0....3B....]....?..R.....b0..$.C-..b..D...:@.G$|..D..O+pxYzR&...8o:z...C>.U.....1.....,.......w@4.G........Do2.Q.Gj.s..+.....E......./:...N..9||V...I..~..u..{&......[....K...bD.:....R...}............p.3...).-.HgH.r?t..}W4lQ{.Qm)...!B<.c.x<h.y.....tJ@..@..."..]...G.$S....S.b.aW....FU.2.p-...&.._..hD..N.mj.J..ff...>......Sl....lL..c.2Q..V....t.VJ..2s.K.q!o'....$...*&.+F..'|..U8.[......w,vU..B..RN.>.~K)..4..Y....#.....`.+.e./..LX...L..S.q1..q.OY...6M..a+u.L?o&.8...A

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):82254
          Entropy (8bit):7.997831816928579
          Encrypted:true
          SSDEEP:
          MD5:1F530C2906435119654E584FF810B2F6
          SHA1:739D998ACC3B46D2DF49B48728207486B8000F27
          SHA-256:27EA17DDC4756406028F2B4A8E27A3123C2D69D63597CE94E074DE9D96FEC1E0
          SHA-512:0EA48DD61F69B277EBBDA6D8AACB59B59FD72B050596A4B18FAA69F51610270A4C92918A67290BC0EE3C671E96E322559713EE1650F684550914113856EB0ED2
          Malicious:true
          Reputation:unknown
          Preview:regf.f.P.(.S....[.....D..#.h.2a......^............%F..T.I..h...,1..V)...2'@{}...C.y..Ph...k...f...<....D...+.........^..`..|........`.^A[?).n.=.:.....P.#.-.6.z.t..[%0z.|.../rQ.....}_.5..W{..s..s.=p:.3K..."/.._|.?1..~@.O.............k....=\z..@..@..7...... ..`..^.hi....F+.V.u..!B...2<.j.9w.fX3*.....Tz..P.F....v.-.am''i8_j..9.Q\...0.:..0..S...N...:Xt....h..}.Yp.l0..`N}........&\h"..>Dg..J.....u..K..../..}F.L...*.....`....>.\.l.xQf2*EdcP.....>.S.. ....gQ.[.....+.....v*.H9??-........G.*S...Oi}..z.K..4..@.Z..O.x]{\I&....ER..:.....mR..1..78[d_....:S..o.d.i3{.0. \....FwW.?T..e..'.I...6.I.2L.1I.|......vSY.@o..&....o....\P..C..j...x.".............6.x.Mp..g.T+6.._..k...VX..Z15.&O>.6~.-g.n........{.(M..@7....zk.......[..].Y~z5}D..q...x...c.]Aq..r.S2rM>....M@../..J.m^..=.......P....k[.OgY.}u.#.;..P....-...8..(...,.......bE_N.|.o..C...V..1....#....w<...?5.->~...-........T.8.BR..3'1U..\.u..K.1~./.t.9-...t.....3.ex..+.dx>.6.*:..e0....x.\T..#.....E.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.978892463665552
          Encrypted:false
          SSDEEP:
          MD5:5CCC4ADB1FEC9D6AD28C55CD2C3B6814
          SHA1:9DCA91DFAC9C2ABCE275ED69DBC453A9A50DB887
          SHA-256:2D0EC9E52DAE6C629669225B9F94CA2664B011A80D86E0CE2BEC7C13329CE8EA
          SHA-512:CB4EA6051C7A61543D8636B488F87FFB788F01281F811D086828D36E3C01D5274BBC8141C3E5A5A71713310F10BCD2B35F51CCB9F9E73FD077AA3C4DD0F118A2
          Malicious:false
          Reputation:unknown
          Preview:regf.;..A...R.8.....HS.z......<A..~e....A..=E..&..x..i..=jR..zC..RT..B....[.k.v.}.....V..rj/.S"}OH...../C.j.I..*UTDEW........Lc. .d.m3S0..T...e.\r.....QWM5*tv1.n.S...Z..[.ao..9.4.O.cW.&..F.7#.B.y+..J:...4/.G.UB7....^&..H.4..I..u.:..n......b..]1..~[...O^e..........g.eO&y;......J.7`W.2@JO...g...._...q...:.H.l3WM.....p.k.Y.e.a...v.`.j....s....S..g.Y.T.qe..~g%....'w.H.}L]2.>.t............D.R........M...........-.&!.y^(........0.S...(..K......F...4-.?WA:.!.3^.15!.........R.9...Zf..4S@kl...}.S._.5...?]..>x+/.c.4..K-...ItQ'.p.....Fu..E....1..q.="<.v......<V[IGn.Z......XLE..Q..gG.a..T...,.b..Y.AI..T.ld.)c.[.....,..E2 8..ZNB'`b.%....g[..._<<..[7h..W4.....l.|.g5.<M..9..-aR.....A...$..N.......p.&>.:.U...\..u....M.j(..@J...2G..k......+Y.....r.....[.!.f[..n..n{q....2.,}........<._r.[..5....T.urZ.?.jn.....m:.zK+A3.f....o....G|.G.....9^w.......1r....n.d..v.<.@.;..>..:.&.#.:..(94....?.......>.<.1\.....-v....~...8....-/....6mf......_.%........7f.%.......Q?.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.982297354742659
          Encrypted:false
          SSDEEP:
          MD5:33A713AE96AF567A95EC6E94E9B8ADA2
          SHA1:E21CD395B0501DCA520C55A315961B9807210F53
          SHA-256:AE93E9AB9F39B4C12381D04D6B917842B8C3861615154E62FCA82CFCBA4D6732
          SHA-512:B582145380BDF907D476194F7C942D1B393C215570F53D55AAEC0B694218CA46B22418AD5987EFD3C9EC9917200EE8E20106B410B8E25A2B979E86949CDA9B10
          Malicious:false
          Reputation:unknown
          Preview:regf....B.Y~.....'.H..!.w(.6@l0.y.\....J.....0y...+..|...zF&.....;..a.(6}......8.8:<.4...@.r...vF...o.vS.B...n....TV...F.=4..(..f...Q..*...>......Zg....`,..D]....*....D!Vg..W.!.k?.\.S.`...qx)/o.n...:..Y.p#.t.;.F..e..u..W.<..Q.WJ<...=.._...I...A,gNl....6qz.%...j/H.)........G.O..?......Al-.....@}...U.D..J.B..[e.........(..V}........Gw.0...-..T.k.0..1..,$.../...Pk.{..PR...6b-...3....D.V.... 0.._...E.L...WJ.S..eI....S.Ii.....!..\.+..].2......z;..[....."w...0'3..l....S..4....8<nM.T...<f#..2N.hL.-VU/lka.MgQ...}..*.1.s3..(J/...~.X.=...GK........}.+M[..s..'........a..k..dV.....>.c'..-..62...9enS...UU.[..i!g.X.{T...:.....bg......{d.m........#......).\.S\.>.L.7.8.5......r&)..e.Y.D.. .....r.n ..u9.L}..t"U.h2.#iO..q4)r........K.........p..Q..cw..HIi.=.. .(......z...........{...>.*..........~v.}g..).Z-......7.cz....X&.`..D\........=\.*.q.....S.v!.g.94..O....C`.wZ|Kx...x.z....s8..|D....Mrq6.)46......z.#.%../o>w.`.6^........X...N.N.A. .?.%...z.^...

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977423790070953
          Encrypted:false
          SSDEEP:
          MD5:AE23FC3385AB6E4EC045E4F33A0AD722
          SHA1:67CF7C7B93DFA294B2C0F9561969419870DEFEBC
          SHA-256:6F6E8AD2B89E1B2D6251259FB06E39F60DD3C18452B76DE9C4F2556F3D485694
          SHA-512:6C9FF2493E25C9F8AB2D9387F42A46815566CFF3FEDC214F6504A2D5B62DA84EB4C2F83DC374B6D46E25094BF94C88226C4C0D51342D090383923E0B857E3323
          Malicious:false
          Reputation:unknown
          Preview:regf..+...@A.m...Qj.{)`f..k...CM.D3....U-`......waQ.@;..s.9!.k.<..6f..............8n#...j......m.!..a.+.....G..%3.#.+...>...9Vm...g.Y...n..G1.[*.m.`.I..5...o.,.(...P......#......K..b.-O/`..x.W....)"..".....Tp..\..D.....xb..e..o....{.Q.d..$.e..%LR....g.@..Y..j..w[....(0f{o+&g..'.i'..Zu.ROL...<......YO.^. ..[.......h..-[..Pvx-o.....:.Kt|......IV..;t...#?..O=y...$qk5S...2....ZRB.......0o.s....K$......I.7)E..q..U..9hDQ..&/..xs>.b..?].7g...X5.\......h..z].=..D..y.G...)` >..".Hl...)..Xs I=B..[...k.9J..........~o...[..|x.6.%]..4...?../.....b.....p...Y.u....c.<]*K`.KM.........-Is....%5*...!.*....\dI..$Pn.X<..)b...]O....Ac....J.......Y..F..........#.....>.@.....a.#.-U..2.inT&<..8......S.`.vFz.?.K..h[C.tI..........j..g.u.E.-.....WW..........Lu.\..};.....;.k...l..$.9^.O!>.PFY..p|.i/_3*.F.~.M.AT<......s.d.6k..I}..|.s.....7..9v..\...qg}..k.T=+u.Y...A_.?.jm..E...]..:..U":......vep#.Ws....5V..5x.].Q'..._.e..H.ZKo.....*+...$.P....F..'G~.P....s.......

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977890387692469
          Encrypted:false
          SSDEEP:
          MD5:5012B5FFDA2EB788877425BFF7C6F23E
          SHA1:D362069494888BC939A86F6449F4D3AEB989EE40
          SHA-256:094EF28D3847C7D2809C2D6FFF2638B9E0CE4817924707A1C317B5F3F57A6FB5
          SHA-512:DB3F10ED9293CF525190FE7CD59B4D2A831B57BA0D4D0BE583A3EEAA59E70227037CA1D3873B8739E46B33C5875BA684B62250FF903965C9347A8EFB3FBC1E97
          Malicious:false
          Reputation:unknown
          Preview:regf..9.Y.....]....)..5.(4N.Y..oZ.9m.V.......p.xq.1S.3.@.z..rDnD.T.....d..U3..#.C.`..Z..:.oox..%.e.j..:B.J.$l.x..8...9.QRy.C....FF....k...-...W.*......H.mS.....T.....+...a|M.....t'..=/.VO....?}. B=.^4.bm..e.+...........$...GHDLM....e.y.R|.....Q.:~..>..hf..E..&...>.Y.....|F...R.........:.L............Rt...5....G......m.9?....;....n9...X..X28..$.#...w......>*4^Q(.1a..gX....X..h........H..)...8.3......s...g.v2..K.Pw.u.w.X..`9^.OLL.2+:..x.^l.5....{..=C*...A[I..>4.Q.0..X-....B...td.H...w".T2ch'..6.....C$.~.......9.....J.....^..s{...|.{...Z..JF.v..Q..hz...Ig..T...._c.y.;..d.msr.......Y...&...u....W......l..I.)}..M.T.VHt8.....3./P.%j<)E......p.8%..&....0a.....%;BN.).}r*.....T.L9).*X.......4...(.W.o...#..t..W....]n.)...9#.r.ue..X.z....L...V.T\.......dtpw....j0..Z.B.[G....}...........(.W...v...^w.+./%n.q.Y9."I....{..@.$e.%...&1{=.m2.....B....$....i.M..HX<..'.C.g2..D...kF..L..9...I..?....N.d..~.@...~78.b..~..s..'.c.}.!<....{h..2..!..h...T.a$.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.975314774861432
          Encrypted:false
          SSDEEP:
          MD5:26BACFA7A492909453F8A115C8382941
          SHA1:65BD830A9A4AFDB26189075BD583DF7930E524FC
          SHA-256:729518D78DC896479471DEF35FEC196D6CF2CCEA6DC33A6C97654A42E0C09E2C
          SHA-512:4143848310FCF4244242CDBA236AB932AAB87D13080C6C2FC6E1D361203DCBD6DEDA73FB3A232FB031B6BB9D9CC203169084AD017E5B579C7AAC8D36170DFDB7
          Malicious:false
          Reputation:unknown
          Preview:regf.f4.Y..a.4.,....p.UL...t............2.e.].. ..".~.S.....Y..e...7#..o..mV_=Gj.Z.c. .-....'.......F .Z4.S.{.Kuw..aP..&..>......_..9l:%..$.....y..0...i..;x.{...?be^....t.b=...|.FU..c".......=-...D.IR.T..2.-E.._`'....VVx;di....h.vf...>....p...#.' ... +O...".@O.|....x...Fu....,.+.$......y$F..X..6.%..v..h.x.w...KG..7......+..|......9..A.]e G....z.m.......|....K......R..j1/..OR..:|..b.....>Db.dH...X/.v%._.gb. ..`F..zz....\...V.4G..".....k.v.....P...=V...zU.....K@eu.....V.^h..a.,....Z.J..Pri....!%1...K7..B..M<.....<C.Q.-.Ry..m.....t..|.@pO...\\ex.m.....s......o{.btZ...MK.5~.o.......I.GAG.z.I.kWW.;X).....PX....(..<.ik..$........h5...#.S2.JT`.q.*.8.Ek_O.K..R.S..m.M.A...Q...<.........oP..RbP."tY..9$a.D.z.%.a.X.....Tr.....\.%...d...+.N..`E...C%.%..9...k.l..xUv..........}...-.1.].....#.....w.....8]N.Cnt..\.C=`..z.........+......?:OX....w:.Gs.g.....~..Q.`....?.....X1.Kme....n..:...W.....u.i.....LX.........:%i.k6.......:..ri1..[U...f..*.l.*.Q.....mz..SL..b.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4430
          Entropy (8bit):7.955263313992425
          Encrypted:false
          SSDEEP:
          MD5:099DB8129F00C94AE054B945A27890C6
          SHA1:18F6D609DA5D3E150A3311B78FF4AFBA086C4551
          SHA-256:146DD1F85AFC6C98502D7692DF1D485EFF9BC7F56387A945965657C2FF384CC3
          SHA-512:CD0FAA2AA626964D75BBD344FF36B34A3EBCD53B9CA490451340CA63B95F2A44CF2631205F5E0B719BDEC577FC7A94B6D2A413773EACD05C139388555AA5FF41
          Malicious:true
          Reputation:unknown
          Preview:SQLit.....+.Op....K...v..-...&......T.0p.$3........l...]......(.fw...6...C).V....>...5.h..:t......X.I.c.....OO..H.....c.w..mD...P..s.7..qE.p......7..ECHz..F.w%...d......l....I....y.N.w..R.[........e!....CP.#.(..(mM.(.>4.p.P....i.....t...dy...mJ.F2...kh..@.:..@..n..^..pD.fe....GW..M.y>....Q\....i..p.].o.._..C.k`.TX..s..~@8$M[...|...^..8p....zQ.O$....:...a.....EF.... ...)..,=S.6........P^.Gx..zY.^.*.....U......E....:...ti........7bX...J.$...%%.FB...`..yN..h98.O#f..ToxrG....2@..HI^...B..y7.X-Y..R.77.K.b.9.Y..S..BfQ..3...PN.n-.kK...xR.;7.X..D:.8.(.'.29....0'.L.d-...q..R.g...>.o.r.....394.kqQ>.8.....wZ.K8. _`...g...*..6.......M.,.6.....b..bYNz....;.&.....aS.w[9..P...f..4.b..f..". ..5..A5...8N....F...5..:..F.d..D.X!...c.v.\Np.5.~[.lFh.e.|.r............-"...<We...(..=p....W..).xR.l.EF.`j7.<...r...=J...o.f,6C.-.3../G/..Q....j.....l.Mq.[.J.G..^.!b.~;.../....W=....4..<6l.z....+v.E..~....;..........:J".P)..... .].:m....h..`hW.'<,..i..%"c.....Z.T

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):33102
          Entropy (8bit):7.994480610197646
          Encrypted:true
          SSDEEP:
          MD5:5751FE2AD8D5922B2D34CD1D362B9563
          SHA1:1B5CC84E4C24661B1A4FE701537023898C1574E8
          SHA-256:683CB7608C132FF383B5C8292E583159159D656E69A0AA4987A04367FBA8DEE9
          SHA-512:CAE64F3DF7D99097EECB461C7A5B73C4783F2D5DA8E9B90204B59AB1B12B6F3ED07E4267C3FFA0647DC8AC1928373C6E2C8319D65F45E757805361E076A739C5
          Malicious:true
          Reputation:unknown
          Preview:..-../..<r...n...._<...}..T/?K7:....2.w.h0}_v..V(.>..........z..f.>/...U,0.......=..1.......a.....0...:.A..$B.n..`.)\.m.1.m....SH.!4X+...4.5...p.._2o....Q.L.W..O...)4g.R.-...]."......rZ.kLc........6Ed]...N...l`.C*....r....HAA.=W...z./.>'....!&.q..fmk.....zL..?"-.g...e.Xv.........o...wT0...q,../..".2..../.E,.;..g..y\>...]...c.O~.~...r8?\.r..8R.....g#..e}.P..-..Z.Z,.....Q-..dB8ZZ.qP.b.!...u.3=.G."..0......^..>]....r.|...B...>.t....\.&.$E.&.i.w..1,p....s....spY.5..>.....d..a.Kb.0.ks.s}2.a...}3..O.E?.I_...}?.G8.L....U.eD..i.>..../..I.I.,...:.a.*G..d.T...m-..l..4hM\.5d.....}..>......&...#..n..`.(.+......k69.Cr...}C..h<..t.AH2w......b.H....)N.......L.wT..7.J;Y}/L...).O..d....[e}/.....lb..]YM.....U,....y.e.E..R..q..j...`[.#...<..j......,..a?.f.5r..t.#..w...K.....wV..._.C........Z..?......F..(....U.....XT..z.....8.C.IFi......z.%.~.c..+.=..f"....p....T3.f....3.7..Q....yqrF.U.}....Y.....r.6Q...y..<.........i0.U..e.#....h.}......ua6A...r.....E.E

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:SQLite Write-Ahead Log, version 5591136
          Category:dropped
          Size (bytes):1392926
          Entropy (8bit):1.9271755856896606
          Encrypted:false
          SSDEEP:
          MD5:065FC80CA0BFDB4FFF0E25DF4E3505E9
          SHA1:5CA500AD14E68CF2D30A97E8638E70256E647B6F
          SHA-256:4BBD8B6FD028A55A0D355B95137E5A08BF347F80F2FC3E7C02CE59CDCDF3F874
          SHA-512:54FA39DDD344666D2FB93994C3E6EE13DA8190B2662A2D372E333A238647F169B4A148DBC58FC5818EEE24F5DE18A237FEE81E21F7069F9E1EDCAA7F0F2DC0D9
          Malicious:false
          Reputation:unknown
          Preview:7....UP`....+r..._.[g.F.T.Z........4zz.g..y.Q^9..&.j...2.P.3:..dV<.-%..}x.)Q...........f..J.l..|....s@?.%.H...*z..b.c.Q.}.M.@$.?...VCe..D.4Q....@?......\M.h...3.N.......g=a..Z...4b4...D.H..2.XFj.....z.@S..D7%..b.k.sS....... ......<.5p......$..l.T I+l...y.......9D}.r.S.%.....6t.X......[...o.z.......qP*.*d~.N..4..%....C."..2.?.?V..G.w)....../I..A....^}J.l....QGff*.bD...O.e .~....w.~.A..0.:j.:P=$.....F@wM-{..^.....n.O&......6.b|.[rS....<....Xw.>.......R.C.c..r.<..P..{...........?..D.(..\.|.b].. .+"a........K.`B..d.........F......6..;\/'.]x........5a...Pl.%m..|I3.?.):y=.-..f......#."..b....6N<...%....C..e.+..B..........F,..#J.$~.7.C.8.....N.7...A%....2....z..^...@..Rqqze]E.q&$..K.[....2..M2....|..b2.Q.5.V..[n....~6-..n9'..z.M.~$...$..2. .._....D.[.8.6......t../.Iw.9..>%..h.#..3J......P../..a.7..PQ.......5.j\..Q*..A..'..-...d.<N.M.i.....u.t..w.6.P"...3f...Q.rd.v.P.........._...[.)..-....".v.._3vQ..l$.._......Q..x.d8.....Y&..R.Q..o...D].e". .3

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65870
          Entropy (8bit):7.997197621017363
          Encrypted:true
          SSDEEP:
          MD5:D761DFB78C4156C10BFE41B8BE2778C5
          SHA1:5A433D8634B4B88D8865A956924460CCDE7DC3A8
          SHA-256:F8698B3D418C1C92DF136DD9785D1EB2396AF1076710CBB3325882A327A29D97
          SHA-512:42394FB2306347E1F3575511E0199E6F2B0415BC27F7DEEEA83D2FC0FB69D6BA89927958B0DA42AD01DE846FAE8F81D2251AD2F2F000329846A0F2A1C43D9D30
          Malicious:true
          Reputation:unknown
          Preview:......U..Za.M)..D...a0..T9...&.:.....?..".~....]...g.=....._..v..fSr0...J...^BuPy..>...u.E....q...p.[...%....e...&..7c........Fi.H.UV..KCz....<O....7./.]..*.5j'...tPA/..4.....z..#F2..=h.Bh.Z.x.-....&a?...'..d.f...H.J.h.L...Jg...$......}.....VK.I....N.`o.~}?RsL3%.Q.$....,..\.X.K...u.)....i..3D*..Z|_..e.2.~......7..M...&..z.a\.y....|./.t..yL.\V.R}..~....VaO.....I..n..&i..3...*u..._>M...7=..x.r..5....k{....XkA..[....6@...7X K.v2Fn."...G......&5._..TK.j...J...z..E.*.%..L.+..a..3..>A...w1u ....^&%..C...J.e.M..d.R..,.. ..\|...En..v`...d..c..X...../....#X2J;._..z{z.C.[..&....P<...[.iGz>Q.Me..%R..f.4P..w....w..W....6.5.d.....t......."..u.{d[.i.ak.$..vP.g..Y. *..l.O/...I...U.2..a....blB.P..t+%......T.....Jw........My.?_$...a{. Gs..U..d+....H.wj.L.}1z...............@..l../...s._?.Rz.....;.[$............"`q..........:.0.f..xS.f.y;....M...DK\.....C..b.u\."z]...!..y8.R..[f;&:...].,/...k..a.G...l..5.{....o....gV.{...P..E..k,).G....-.yQ:.,o.f%.|K.5.$.....a

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):16718
          Entropy (8bit):7.988297448726132
          Encrypted:false
          SSDEEP:
          MD5:C446E3E590E605A65F425A429B9EC834
          SHA1:AADC3190483D6079C3514CD03C3AA8AEAE6F41B1
          SHA-256:6069C01B66535EA0D22248C94AE5E3E25570BECC8A8E23DF6AA75089EA010403
          SHA-512:F088EA06AAEB7419338705C5DB9E192E6F3083ACBEF117E2DC211DD036E36C526A535D1D0AADE46A43E4D27FF580B9332E6FA805445BF40959EB09793EB4CFE8
          Malicious:false
          Reputation:unknown
          Preview:regf..".#....?.nrSk..-M..qp....x..=.U2..'..|C.]%q.OG.k..oI).......`.|T......\r*TG.R...-....8!.....I.t.Z.,J......GNGW......1.Dn.F..K.......s.Z.l.t.D:m...7....`.y....+c&^=.z...>L...m.......|.E.F.R..'F.6S.@+e..]g".Q..t.@.v.AZd..W..Dy.4.[...X8.Gi.?.0..*>.=+.G.+xF+\K(?....f..<..~h...$...Q.e.h(9.7p<O>.......^.....*.>..up<0?....gI...Sy.l.ZxB7....z......B.rh..s....g..0..j...U.......{.Sn..*N.....@..3..U..yq..^f&..F.......&......p......8!.k....mh..3$...-r....I....db..My......s3...5o.;..Z..'.)..3.m.....Y.T;....p.....A..Z..f..........>+...HF...I........^.wwr.....D.2Ke...v.ng}..JZ...16X....J5.T.d.HCOZ!......'...6;SdR.G..s..c...ck.o..`...*vq......S...;..Mp..w...a.....w6d....O..t.n.&...|....2...[.Z...{.%.]...kY....YD..e\.g.....z.7.$..~k.r..........h5...%...r..c.4'..`.......>...H ......./.ui......[6.@Q..P...e........6.....l3..).{.h....e......K.#..=._.....L.......d..q.R..~.x].......:..K.3.PE..sr`....k i..f..........t..U..x..q.;.....N.....WZG9.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.9800346093959265
          Encrypted:false
          SSDEEP:
          MD5:7F46A5853C83690452DD79E8747019E3
          SHA1:411891A4BE6C55A79169809A1AB6475346681E85
          SHA-256:18C6F06ABE0F7DACD764C2275B8EDA2C5B73B5F53127E8EA57EDF9025882973E
          SHA-512:B958A3D5A7AAE310AA87ABB1696F5F1A3E46561836344957B5BB3EE9BEAF33C6FC0914D53F465961F2D48363B4AE53ED1ED9FFCE64DCD9318F33494668118BAF
          Malicious:false
          Reputation:unknown
          Preview:regf..i#.T_..2q.}......r..o.8...;.....B....=.=#k.G.8..]6.<..9(....7E......$..B.*yS=.....@\.J...).Z.....T...#.:......{.,../..K0...R...l,.c...9.....5.C......]...c..~...?a.O8.....!T..;t.._m..U^....m..[....'.F...9F.XO.!.y..GJ....._.F]J]......^...`..c......JB><z.!.9.,.......|......M.'Q.M.u..^./m...\ .+..@...k./....s..v..F.?.p.`.9C..K<FJB.]U.`....rd....!@2Q.(_.......O...B.$.4..6.M....\.l)...:d!9A..|.[....AN.S..U. ...j.,..s.j,.?.hiA.+..-.$g..C........X.S:.g;A.2;.-.~...<...O....!.<l...{i4..?.!..`Q....8.e...a2m..J.u.0...B.NY..8.L.k.;.~.. 3D........a.t...c...a..o.....f)...)..Ee.6....2{W..v/}...g.<.fF.;.g7.8`F...UB@..l....z..tNa[....D*.......H.h........ld..ur.s?...9.;Y.......b#.{.*F..,.D.3.iI*Gj.EX..q.......Z.NY'4+....T6.D.S....`._Ca.L3....@2,...x$la.j6.K. ..^...:rpY...Z...~2....W....e.|..n..8...BU.H.....^....=H)....so.....K.- .`...j..ky.0..A.t........6&|..m...P.pp.v.zL..)..3.nb.[.l.P+r:..B{.eb..TR0.H......G.A._.@..I../..z....p...K8*.K...!...K!..-..#. ..h

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):12622
          Entropy (8bit):7.984945952571506
          Encrypted:false
          SSDEEP:
          MD5:7542FD768BE6BBE8FF6CCB02981A4FC2
          SHA1:C96695073AADA1C722A057F7E4F803E0061BD895
          SHA-256:ABFC85CA6BB8A50842E570D8636C73E033AFF7A9E4255D2A1CCC4BFDA7A6D23E
          SHA-512:60682D4DA9CF60A936A908C0184F64729A1D3075195B346FEF6BDC5561D9AF727BA38A810A0F53C5F416E73BAC3F125FB876778D9F05D7601C958C11F69C5825
          Malicious:false
          Reputation:unknown
          Preview:regf.&...t.3.jh.<...B..b.q...0*."........_.H5.X..@k.....2...NR...;o..h.k...jkk:A....tkL.u..'.X....,.s.'....C.......F..h.[.R)..Xn.].CS.cbI.._5...W.S....}^.1...zsb4.1e"..9.....[./.F...S..0|.d;..x`..^HS5g...p..%..s&4.....|.KwD..d.jA....xa7l\.~..@ky...#...%.......a...e............;@...F...F..D.T.+..&.4..vRW1R.......M\J.9> .. ....l.k.......L...9y.^.9..-.>.g|Z.m...f.....x_...l.K..W........S.\J......F.w..$VF..R.-......\....`..y.,............u...X...V.....z..5A....Y........Y....+(.^H..... .t....$s.v.qE_..wvOH.(....y.a.7.N.&....\..9+...+....'I?1>...XR$..ir3..U.%...t..$J...z.......3.#<.....I..9....."@F.c.....[.wS8.a|tM.[.6..Z.....Z.}...q?..5.Y.e.5.NJL(...^J.5......!>.."..8...>..K#uO..30....)k.....q.?!..i..{h#.[.i.....@T....._.`.D..V....-...0...YY4.N.....b....;.2t.E..U....$..J...B%..f|.....?.0/e.!.....`.HiKc.....Iw."...,.......Y..g....U.R.b#.Y**..b...u.@...O..."rXK%{^8..@..07~...Y.#...'.$..j.&..xo.G..Km...?x.......~!.X~...%.<3z7h.....S.h|..\.tU

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977632297651941
          Encrypted:false
          SSDEEP:
          MD5:FBCF7A94ADB9F5E0422916FC62537A55
          SHA1:F7FB6EFBA38BD17A2C7BF3F244BC3AC87B1B9781
          SHA-256:B1D7533E4A60470459DF5713EF2E3AD2A3F82DF266570B3335B3DF6C3631C0CF
          SHA-512:7CC58E17E7BDBA8E5EE525B77A2EF417C524138453DEC2C101EAFE330B9DE21074CC2DFF3440F51D80D9CDC3AEFEB95B66F7195DEE9D8B23A8048271098C2E8D
          Malicious:false
          Reputation:unknown
          Preview:regf.C..C.....`...e.~..;....".KU...8.3B.k.V...|E..........]..g}g...".F......v.T..@X...St.eC.)..?.`.f_..VA.H..Mc..H..d.1..".T........<0x...b*.?.K,.....%..E........h..".m\.o.|..;...<).....h%.bK!tG.{}..4u..a.P....x.O.....w/...q@'.D...|U....`.H...$..KZ):q.%..]<....&$H..-.L.R.i......`.:.n..,.XZ.r\......9xP....k.!.z.(vU.z....6...a.zwt.y....Dn6.i&q...I..e1.n..BT....b.4.N.>`&.|...H..."...y:]L..Z8C.wP.aX../.&..k..'...c!L..a.Z+=..\...1........TRv..q(..=.....j@.0i...J..d.h>....F...W..f..l..1.YY.O|k..,...$3.P.."$.O23...@t..Q.."^U.=.u....zB..w8.n2..6...[,.....}....L.. .1It.._.....{.an...._(_.....-..Q.j..8.:.Q(....E....g.6.D_X.N.....6..%.....8..;..Q..B.....LX..==".......gD.WT.R.1./.x.....c1!..\.VoKFK.....$Q....?.....D.~.b7....0.`...t.7..]..2.B..+g.Y.....r..Sd....|.{.X..".N c.QF..2+....jkd.R..N.*b..r..)8.i.h....)..c%.^..._..w.=P....U]!...d.plNs....H.=).........$|.I.....awT..%U.....Tf....cey*j..........]e.(I.=y.hn.\.S...1.!G.+"Z-9k..6...s.m.0.;izYg

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\1Sd5265G8OlnRColAI8O_SxSQ1Q.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):126414
          Entropy (8bit):7.998592737949041
          Encrypted:true
          SSDEEP:
          MD5:B669DF4451065BC5E71155C9F50C7ECC
          SHA1:754534F43D7FD6CBC75200421A61E9DFDCCC0410
          SHA-256:EB7D5798B5BB8071046A17128B69AA25F4BB549F181BF1E5EC58A525FE2A24B1
          SHA-512:64E9E6515695EA72139C4EC59E99757C503FCFE44CF4C1DD2E8F2FAB44282D35CF4EC38882FE64311C17500AC5EE52BD63D6BBD72CD09AA6DA337C4C77B87080
          Malicious:true
          Reputation:unknown
          Preview:(func=7G.ub.u<V..W.........1.N5xz}A.....*3.`......?..y.&......>d.<.h.$....Q......x.2"2.5..u.......rm8.`.XW*.#..U!..-=K.H..B....#....f.f....".+........:.J..+..ml..^.Q#{...n.e..3.&'....x+.'....<..0\.:..WV...Y.$.oQ.....f....K.\B`.V.,.,...6=.k..bQ..`.L...r.s.c.jL...-E.Bi.........VE..........G..R..,.Q.c....k..m....M....K...j....`G....3.=..9.e....r`.....5lV!$......]..a.&......p.H.......n.o.`}G~..7.t.XY..I..$.H.,.{.Y.......k...2u..|....r...qX.1.VM>...$..!y.....U.3..C*..D..Wy......5o7Q.....E4.j....-{...G...v.z.Q.$=c%C.a. .b....f....R....!.k.J^.R.#.{..G.f...Y..>.b.jT...v....s}.=).S.tC.......TH..yW.O...w...."!.....d....d....o.D.4.....'...dI,..L...D.s\Gvf{^....5.._y23.cx..j.#.p...|.}....K.j....@...ns.$i ..4.j..}....h.j.......2.....+.....#..}f.V........?`..J\..]....a:.... .....X}u......R..f..P<A...."/%...z.Aj..\.M.JY.HR.E......a...$....3.....5.r".&....P.<.J.".\J......kF.......Y.h0v.....vi.X......g'..........+.FPo..QX.....H.........T.6.....x.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\1Sn5SNt0IREcKFlp90or9jPLf2M.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):15263
          Entropy (8bit):7.9881045719358905
          Encrypted:false
          SSDEEP:
          MD5:70D2CE28D8D888837C39359D0907236C
          SHA1:EAB0D223AD354D9D0FDC8BA066D9579BEDEE0C28
          SHA-256:9F6CD66AF05850BBD55DBF322FAD9F3C91B6324167287666E65EE31275D81E48
          SHA-512:E6773782FAB50F7B1307F43E901F08487191856A7143E401A184EE69BF17D3DD626E8096BB7A440D0B1D0A362C4F185CFF87E5A86EEC449184F178628DFE381E
          Malicious:false
          Reputation:unknown
          Preview:var W....=....u..X@.........'@..4.........WB.........q.....a...q.t...z$..d....vt.....=.i.6\.`-.....F...g....X.....~r.......#..<'3.H.x..=.Zl...|....5....^.w~f`....m....2jz.....7.[.UUM4... .?.l1.6..Q..`#....w_!l.:UY.@^/..fMRk....V.....x3e......3F:...Z7..._.NN$.Db.U......O..".|.q...J.....v .....x.j.X.qv...@...U......m.MeS......a...4.."....J-T.r.I..?'...g.H+2'e-.]J.....*P6.z...U.c.X..S.\4qG..B...AA.8...w.s..Q}WA..F.Yc...fU.}.x..ti&....U...5..........'t.v6...G~....D..Wd..I~.%A..:PjY....N..@.......K....<Z.6>....q.lv.T.!Rx...>.b+....U3..!P4....6.e...Y.5?Q........V ....s.;.Cw..[..".9.......<.>`.....+z..:.sf.*.H..I.k:..W.I.e.....&G..?t./.H..\<......!.+.yf-.)..m.......P..<w..e..%.....e.....a.y.v-..<.Av..O..>3.]......X.c)p..Sje.N5..&>..`yt7.F... {...u.f....".".v2...7Q.T.$5.L+.6\x......R.....#.JC....pQ..n.....+N!.9p;.^6.]M..7...<i.....<............/.Fh..o..b.1.!.G*....8....x..ox8H..`.#B{...H.^L.....?W.y..n........n.Pm.n.J....z..v"ubL....1.I..N..\

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\1_gc11zDuaJOyBP7gyptBGdPRf4.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):59937
          Entropy (8bit):7.997150747075042
          Encrypted:true
          SSDEEP:
          MD5:700DDF3669755DAB394865B487393A07
          SHA1:2E29BF53D2A2B52D772D79721B4D2127B27664AA
          SHA-256:18E2575AFC4F5F6C185F9791CC94440D9C1A59D599E7CA3CBB0CC282DF0E21D3
          SHA-512:A05B1096C30F23930D48F236E066FCA9BB51113B12180D1CC0F9F778A30BD75FF5C55FD552565D9FF3ADEDE28D812053219B41EF3DA58AA24891F43051D7D4E0
          Malicious:true
          Reputation:unknown
          Preview:var W.... ..;....R?.T.v\c...0..9zV......3.z..G..MzL5.[X..t..-..q.6.-..!....BlQ...!.^&.>.A........G=..[(.......E...2.^.Kv........75.....R....d$.._I).Q..&..\nT.<..=..m...Ro....@......%.0..$FI...(.&.{.*......6..*Z..MYZ..:.Gz..|L......Z.C.Z...X.-6-H............Y....w.....^.(Q..k!g..{Y;C.......dfq[.....p../.c-.t.`;\.#\?>...8..g.q.*9.3.....I..n0.B/.U.p....).6m..a.fG..7...d..]&h..W5il.I2X...s[d...b...`...H.p.ku...=.|..}..Cr?..1f..G..&...xz-.%h...9FY6.$......&[..l..t...%+.=W.^..rE..6..?(..y...]....8&...<...tg.|....dB..`O..KXr....=.>..J?...@.....M......a.....X..V...#.b[.x5".?,d......Qv.W..e.....#k@*.....)@...f3..`.1jd0.Rz.:z..JD.d.(........$...FyE.j...M....CsP#_.v ....f...oYu3K.9.$..J>..N...o}..u...l"..l.I.V...."P.KL...D4........(..?j..I.._Ei...m.T...5....=.Qy.:Q.}...]Db.g.=.KWOO&....-..-*+..."".R..)#....c4V...........-..;.......5..Ale.2.......8;.D........[...<......-^X..?.3IA.4..E..3}.|.!)..{..p......;.n...........u.i.7....LLK.....}w../0..@.q..t...A}.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\4-xJy3tX6bM2BGl5zKioiEcQ1TU[1].css

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16301
          Entropy (8bit):7.990018856221525
          Encrypted:true
          SSDEEP:
          MD5:6B79DBDCE239970746A27B684CC14EB3
          SHA1:FC5B42A654B674796AC27F7AD901A4C0D252A8B6
          SHA-256:6965D88F0ED27406B13BE9A1BC073F4BEEE8754E5C8166F7CC17EAA66FCE79B5
          SHA-512:38CC19ED36C02306655FCB2D1E8ECF99BB540C7B460E8E209680CA3F055317C3863CBCB79D3AA6754D145D8BEAAD8E0776BB4A0077A3BF6C7C70013A8B63B67C
          Malicious:true
          Reputation:unknown
          Preview:html{J.$~.......[....J.vVk.D..R.......bU..?...Y. 1s..7.\C.Z.L].:.t.)C%...O._.........|K$Cm...TIf.6...f.:.....?V....gJ..hv.6...t/ZK}}..BU.a'KF{.."F(e..+./@|.=..].....[..V+..(%N.6;.F....9..l_....,.T+........>....L.wd.+...s.r6.|..U.7I..U.~..}A.....8`Y2-...6.m.D.k.....V...(!.s[fV..].%.so..A&..L.Z*..B.....|.,..&P[...Qi$6?2...."[$.g..#...@./.|...'..G.=4.Zv<.D..3RH3l.....3o.z}.zF<.......:$....G..\.v...D..`....[.k1.G......:V.....)I..o'y.oe.h.=..;..[.5i...I....$..z.....+......B..p.g.D....\..2.OjD..0C@....\....4>'..X5.W..W=....._oa.s.A........M.D3.%.9.....r).W..`..,....?........t.......T.R...".U......p...R...)-...9H.B.@<..<....2?.c.,hk.8F..5.......U..L..U.U..#..$..gl.-......W.......%.X...S...m.g.Q."T.q.....,..+f..O....'.....#0....Bh..PO.^.m..8...lEF)7\[.#.'K..].ju.A...O....f..d...............W+.<3..y...{s.`.u.....-.Qq..[D.H{.U.7.+{.....\@.W.....:-...o(...E..#.Gd..J.=.g...T.5..J..c.#)aI.vB..~...>...rM7.LX.T.".zf.!Z.-...D.o:.......nd..@m

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\4BpQ1bD8vX1mXuJObN-gg9RqkyQ.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1284
          Entropy (8bit):7.8428544160028375
          Encrypted:false
          SSDEEP:
          MD5:69AE0F9FDB7FD1FB388CEF124AA81492
          SHA1:598E11391C9842625E13F6B55B440A026D36E179
          SHA-256:2806F997B0547F77EEE636346CE6E1EBC46FBEB28F567BACBE2C8376686C6841
          SHA-512:46964DA30A915D38DF1C31697E109911A614EEF913ACCA5AB94F37B97FB5ED37959AA239C203D89206CCAE7A897C0CD41A7361047FAF5E6E4131F794243B6D7B
          Malicious:false
          Reputation:unknown
          Preview:var WA........v..........C...l+..u.1.[....t|.BS.}.....v8....L.#..{.?..*......b?...HL...Rp+...'..g3#U...HAOZQu....U....~....Ft.(..9P.t.K'...u6...n..t.....d[.,8.\.....v...>{..#...........n.vo...d..<.9.r..x1.t.W....Y.@?.F.c3....n..s@.U..)!d...n.e?.,X.F-d1./tc...$..^L.g]........p..@g..e...@.oV.s.1efK...e. 4..4.TH.'+../...#.1[.....>...vbB.<39v./....H..~XV..>@.,1.....-.G?..'.0.b.W@I.D.....E&..(...2....r..j..(...EY"|.........=.U.#.......hS7......F...`..7...a....-......4D.~..v....aI$...9;......S.......,.Q.B#.?.....\.8{.....;~.r.k......(c@..q`Y.N.............>M..^..U[qK._.KO....3.....D.sE5.BQ.D.E..o...4..b;.R)..P....J..3..9n:.l2P..J.A.H.Ue...F...QCs.....i..0......=..sp\._.$OZ...F.A...L.~.'.w.4......b.H.BS.st..@.0$m.qi9..0.....8...G..Qc..W..89=........).7.......8...P........e.J.z......:x..h$.2..9.I.wg}2%.....45.K.................!.}....M.x_..*f.$..8...Q..J_Q;.D.Q."q"....Ev.s.H8.Xyg...X.....R......b.....W:..bI....-H.x..DF._......w).. .y!].=w.....

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\584482RVjBIoEvVSe0RsuS1I4YQ.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):45781
          Entropy (8bit):7.995905090825658
          Encrypted:true
          SSDEEP:
          MD5:1A8067F3579C579DBB31F631DFD63359
          SHA1:077A5F9A68DCBB10E7AB6D37CF0DDC38891E9924
          SHA-256:86E233A613EAA2E28198D8F1BC0767E1A443E79B34F2C748EF95A87495E3B99D
          SHA-512:AA48909DF409376AE473771D563C06F5B5F36FFF1F740FDC29A528064A9AC2A9F1499879D42990FE29B4B5891124105910BD3BB8163217ECF5C9ADE758A2CDF2
          Malicious:true
          Reputation:unknown
          Preview:var WS...K@....g(....X..Qm.@...8?Q;.../{w..#.)t......._.].qk.j.gB..2G.U^K.8..~xN......L.my.%y.`.....[.E.Zg..V\..k.n?.y..ff.~.{[..%..-}....|A.......`......m2..w.Jm2..8x....s..7.N.2..a&.\:...H..).U......u#..&.{.!.& q.b.:....H........N..d.].W!d..8K~w=*...iv."....&..W>....^s....t]._....31.. q....:..mr...............wK..h.....0..Q.......&..h..S....|..0..8..0..E...;...<.A%c.[6#..4.&st&../6.^..9....h.....l......,...&.v.^x....2.... ..K"...B.~..D.b;P.X.`Nz.....c.\.r........w.."..'.U.5....6c~O.M...,.[.`+5.....@S...DZ....`.#..z...s..d.!.0.-.-...^.k.Kp.[..E3...........W.G...]......`.bv)...h..$.RW..........m.1>.uK.C.s.\UE.......!r._.+.f5a....@..]`..'........E.=7O...}L].:...U.`....V...L..R.Q.Y.[..\<l..Mr......+}.E0p.9@.94a..Os..Z].>w{.Q.......6hw.mp..$...Te.<..{.x.p.LD......S.}..c..)[..Z..L......u(I.|......B/.T4...OFI...MQ..c<...A{....t..q.j.Hk.AEj.T57+..."t0i......V*HqK.Nm_....Z0G.p..[....l..*..J..HJ.3^.).j.-....mY.9.D.#+.x...pz... .NX....u.7x..d...S...A

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\6hU_LneafI_NFLeDvM367ebFaKQ[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):22183
          Entropy (8bit):7.990662071312973
          Encrypted:true
          SSDEEP:
          MD5:AF1A4168D91786A6F2CA833CBA9DA7EE
          SHA1:B85CF9069F4AF806FE940EED51E04BD1449F1189
          SHA-256:76150E02539FC18886D3AFABD420E17BC3EF20E0172DB89D7967D8048D4145CB
          SHA-512:47EDC7501D32C9E4686EF819FB81EFAD98FD96E005FA59B0523AF8B3B1D07FC9B76B8D93E509F9B514D55337C9B4C204CED68252A21230735D20DCBB739DBD1A
          Malicious:true
          Reputation:unknown
          Preview:/*!Di..,`9k..t.i......k.$4.;....'.To..e...r.&..=T=y.C..D~...;p..g.K....g..g.P5.....1...Y.8.:..$..Z..i...G..m....N.3...g.=..!Rs.:b....G.......k=....Vk..c...I$.}Q8!U(E..<~R.?].Cuj.`.j.......@A...w..z....[....qStI.F...k.b.r...F...An...M........ZE.g....N..|...5.S..L\...zA....!.S.@..`....Y..h..)..c.l.._XH.......UeE../.>.D.I.v("........~n.H..9c2.}....SGL..hpbjNp...]&...l.6....WFX.."C.>.N.*.....8.......r..3P+.E....f.PL<W.i....$...Y.8.]....S.3...D...M....h.\s9t.I.t..o.M.n\{^..D..P.1v....U..DfFW.DR...h.58.G...m.%o>..(....pF........FTP...gs.EE...K..Z..2.Y%..U.-9~{a{.$..(....5)!.....@vd...P......c.`.3.t7.I..H..F....5u|.H...+...g'....+D.?..d*@U!..H.A..h..s.............=..g.,H....c.....S..;...............Y....-..C)(<]..9.........&..@.1....z...0d....6%..,N.K....qE;.*Lv..R..v.Q..V.K.o?....b.Uy....c..E...Rp6...".{[...7./quV._..G5.U.c..j.l`Gq..H{..^].f.f.7Qt.D...T.8-[..^.#G"z..I{....z.H...<=.dK.>.$b.x...D...y..Za......%Of19..C.......8c...7&.....l..M.7

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\6qhc82nhlRe74lC1CBjrzThsaXw.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):39360
          Entropy (8bit):7.995223086759912
          Encrypted:true
          SSDEEP:
          MD5:E21C6E34E64C6F52518B837E16836742
          SHA1:D7919804C189A569C372103E7B0B7164379E23A5
          SHA-256:E6CB46D1D40CAAD2BDE0A898CBB58448DCCA1234A37A92DA56C8CC7084EEE76D
          SHA-512:CE996ECB0691208D46EDECF432DA1B9AA2CAC724B7F0651F7D11C49CE5E52278C5F99158F2518C28BCCC49BC2679CF6BBD478574A7CDC91FCDAB8F6B35137D98
          Malicious:true
          Reputation:unknown
          Preview:var W#w.....V. d.......:..<..........,h...5.S`**.P.m!J....4.....;..o....P..Z...y...P...x. ...().BV...V~~7...Q......S]....fz..xI8.d.Z....h.....a.%.....}..b........?.MWXU....h.....\ft.%{}.4...(..@^.[x..n..v).B...%*H.C.y4..........7...+gh*.1q.......{........!~...Z...z...l...7(.'5"...7(..7..NcKU..G...Z.h2n...g83..=..n..v...a. ...-.K......9..N.....}..J%...{Q.n.iI...}..>y...'..|}._.<..\P..5.>2..e#.<..T... UW..T.....#q[.NU...#...x./+..5.*.'b.c...94......>.@.jv..A1.." *r..uy...z.r.....\L.!g.X.........r..3.9u.d....P..h..Q_7..H4w........".....,.....j.....F.`IV...k....L Z.z..Y.vk.,=s.[..E.........y..A..REFm..`...jpG7......E..Qs.{.....~.._b'..x....+59........G..`]".......h8.."T'.^gb3..rw..D....o...2.h.~U..ve8..A.`....IKL22.=.u..u...P.f....^K.6..Y..EE%..E.......K.:w.}....7.fl.a....s...Mt`.\@..=..HE..).bN.9.'l...y.2........+._..Bv.Q)..@............[.....T......=S.[6.....vY.8......a .`m`.d.U..........~h..b#8..f...a.....nfUm<J..]r..q...g...T.B..`.2o....

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\8ymkR7XnGUAdX0znnUDbeICn9Qw.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):10755
          Entropy (8bit):7.983546104001266
          Encrypted:false
          SSDEEP:
          MD5:406EF53D49FE23FF5354840D6E81FBDB
          SHA1:7D940D5B9C70504448E1C9DFB1D502222D7A3173
          SHA-256:B60A333E3293FB6B475C68714E7E36D670C9657C80A5211A160C409AF439284E
          SHA-512:0033DC9C4914625FA6B46402FB3DCEEA33860CA46B0EF63ACE888228E5AC09259881BD1ACE6FBF198F8EAF8DD313C837E90D6052AF55A495E453219151564038
          Malicious:false
          Reputation:unknown
          Preview:var W....-...y.X.H1j....L..VH.....3#.G..o[...-.....z....;q.5.Z.....h(.....4.B....n@.x.cIY..>......u......166G.KB.._.....G.8.E?.1..........I....!Q.y/QZi..C...._.....{....-A...)....5.w.7..k..hT..P.=..01..P@..|g.....b.....3..z..R. !@..[J...0..."L...q..'.a.d.....m.V......EL.........i-..1...e...i...to..F.jT34!..N*p..%...~..A?:..h.U..!.u.0.\..C..3.+.z.d.T..'..)]..FDmeu.....I.a..qao........s<......wn.vKD..Z...d...F.}..\...~C ..\l1.R!......;...o ..:..M. .E..*....Ne.=....#=...v.....@{........NN.T:I...A..E....r....z.....b...@..D.0C.)r.S..+..0(....rd+...d.t.......]#..Oq".5.%R.F.e............j.....%\t....f..#.y..(4f...t.-..A....$......;..FD.F.E....GH.......a.It....v).,...ZI.z.tQ....x_......D.D...V,<.3..c.......qQ.GT.3.....Z$..f..X.(.........3`.T......qb....'P...n......|..ms.Yx.S...%.g.-.............e.-*.....7..mm$..&.e..Zw.?.-.S:.[.R..UCo..Y...R.Hm<......1.r....K.N...i...*....,.A.M...j...I&9[P+..`d]...e.wzE...)....k.].[..L../. t......%..[...E..js.=...R..

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\9eNI3ykoxUBcfNRgDJaF-g0a_0c[1].css

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):9567
          Entropy (8bit):7.983133903457732
          Encrypted:false
          SSDEEP:
          MD5:033912BA0320C6A3A006D63F1E708A29
          SHA1:9D2B41A0D2153541A025AEA261D927ACFA34C69A
          SHA-256:381FE94B04860FF0A45B93C8B2B7465D66CBF149C0C41D7DB1E55666053B00A6
          SHA-512:883A5BEAD6281BC1C18654A7160D52E5C6F5ABE8527E07DB8D338DDBCDB58C6946554951A8421F57046D71B4E8995678FFCEFF9B93A0E6447B8CA0CB44465352
          Malicious:false
          Reputation:unknown
          Preview:body ......G....*?..7.?..Q.......e?%h\..!.a|....>..C.Q9e8.D....'....^J.7........p.+...+.sQ.K.n..:.3..J...2.....T......Y$..A.....h..kU.nP<~S..K4.....u7..w...?-.0..SWQ..4..qNn=....ax....D......9.tu1K......#.D1t...|.i./].x}.A..l7..'Q....W.d8.../eV..]..n..Xf...X=.!.4........O.f.`.u..+.F.5..K....X..|$........n....eq......LaC.AH\.F...V...b3..R.......Bgz)L....I.X...n.G1F...|..Z..lC....f.`.(v..P...]..dA....b...b.u..B.Dj.fscv....%H.:...."I}.......R..!uU..(...Eh..9.j6(....b.v..w..r..ZL..G..t..2....?u....6]w.5.........X-\.>.v...g...........>R..s...A.Q......ey.gt. .........`x..Q.a.j.=u......8...W......M......?..}..i.77'.%..[.V...\.o$R%.&.....?..6$........E.8......-s..z.":8.C-......+.)=k{C.V.:.......cj>.....A..y.e...r....OC.;&z.1"....W..@..$..."./._.|.X....@...7...Yf.Px.x..l[...X|....L.{n..N......K...{g.+I.P..h.k. 9..,vh.2..k.4Ca..!k?W..D.CcI.k.....s.I/...?{.GZ..u...j..V.V...%.....L.k........K..t.1"..O.H......_G..b:0....tc+..-............

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\A5JmJm6oR8TLYM66NvehlD7VpZY.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3215
          Entropy (8bit):7.932596443548488
          Encrypted:false
          SSDEEP:
          MD5:B9890265220C48DEC952635342C4EB15
          SHA1:7F8B4EE15B410614AFA66E12C06AFE7D39C31AF0
          SHA-256:C1179CA57569744A3C88C9247B5DD924F41E7701DCB793A5D25E5C3B0E55E292
          SHA-512:AEB5A12FD57DC35D05581E4DB749BBD508EDF446253C57497B9E6AA3981B3E8F9B809F5CA0187500DFF136EF1D5C5F60985AD9D113D44E4CF35E83BC142F02A4
          Malicious:false
          Reputation:unknown
          Preview:var Wx=......W...rp.x...D.....33cx....4.....".p-..m.,..N"..b/..I..Q.(i7.N...p...S.xj$..DH..6.]s.FT....A8.....=......{.'+W..x5u`O.`...g.... .4b...P.p.B....1..T.V.,dar.+|60..:.JpE.3..8.....Lt ...`...bL.-....f.C..z..B(..lV.V..J.i5...6i..3....x......Vd.e>......N=.&u..,..HG....V...-.L..|.b..i.{..Y"../.ow..GH.!.k.v....k.@....e..qdKL..t.'xs......O......K..^1...1......Y..MTU........YD......R.h3..lb..j.p7...5T..'....X_E.A...`..Z..:...(..v.(>.._.\m..c~h.\;....Y]..Q~o..|.....eP.E-!..m2L....[Z..[.......F..|e.......Bc.:%......e..=.....C#L..)$.V%...n.,..w..>ll..aF.Z..Sy.cQE;O.U_....t.(...8N'.T."`O..$0.....z.........5y.....-y.6.......~.@..Y...!5.N.f..k.1#.x#..n.k.H.UK_..?r._... ....v.z..l4.%Al..i+:...*.W.)?J....-...........$..Ym#F1..%Ql=,..`M...`~q..Nd..lI.*.6.2....>@...3!..l.&.E.0.F....8...P.5Dh^q...Lpp...E.t@I..Z.lr._..M..j*d-.p.zC.sd...G.L...:...1'.........l..X\P.x.....0|.x'..a.(.e..5...U....]%......R.0..!..id.-[......B*bk.B~6...v.[.<.%....n........

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\CLHrhPHUrUN-iFM4IkduCxl7WR4.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):12445
          Entropy (8bit):7.9836634701366735
          Encrypted:false
          SSDEEP:
          MD5:A1D1CA4A465070D8E998259AA78C0227
          SHA1:D04EE320F7987EE64333002CEF6BB0B572A1FAF8
          SHA-256:A06108E2D39C579D925990564D429819BA8146BB0E05CFF6BB2C7F419C913258
          SHA-512:7CC6999378C33A0325D0401164A7C9397F10EE5802FD4A62664E5E8F1AC8BB014ED32D842684911D3E62C780F49B6C6F33DA085FE6909B08D967C6598F3CFB23
          Malicious:false
          Reputation:unknown
          Preview:var W!/....Yz.Z;o].Ht..|..J.O......{|....W.7.$......H._.[;W....(........'M......A...u....._..0Z...0t..3z...jS.;/.sKG....!....Oe..Q".j)%....7..s.`...n).<..l....|O..4z.\...'*..$[M.~'..S.&.EMk.......9do..s...D....Z....;...8zi....ha/Q....IF..A].1!......ih....t...5..H....m.s.:....g".s..C....].H.A,......yMB.1.....I.IS.V...U.x.{.f)..f.Y\5..(7.P.?O...........T..(.~l..zh#..[3.8.R.|d.H.y.t.(C.f......g....0......|.=.d.M..@.$@.=.'=.3...#..T...+.I..h...P.7..0TVfz..N.=--^}..........mK../.E....8v.)^[$:....m.f.h..b2..u. 6C...5.[1..M....E..e....J.Dn.....S.4...............C.Y8....t2..Qd%.a../....p.+.-/t.(X.p...r..}../.......DE.r.M.d..!Y..|Y../.).O...ED.K*.(IqpMho..9..VH...>z..b.........O.8M....aq*tfJ?cY.....G..%........i./L.....a.............Ds..........!.odZ.)u.;H..P....K$\.@..T...ehV..WZ.7.3.A.g.2.....J|....R1..q.....3.....9...M.A.uM{...+.s..q.w.r.R..D..ab...(<..0..N....d4E..P.?y'.....-.?....E..+0.9...3...r..2?R.1....9..........B...\..:.>.H.b.w

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\D-oNnp40DqC4OQCR13oBZlsQ7cc.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):15077
          Entropy (8bit):7.987440272935091
          Encrypted:false
          SSDEEP:
          MD5:5D2D34244A2C4F11C227F826A0397C24
          SHA1:4E4F1AEE4FB3EDEAD7402B2D401A96AF31962DFF
          SHA-256:E33BFC26920360ADBA2BF21ADF69C02D69A02174468067856E401EC374348785
          SHA-512:11BD5E5171FC41A4FC28001BAD6CF44FF5B15305C1BAD0BBA105825E96A6A6519C8D849D736F539B84D0AE5AAA058F264F68787F30D0170CFE6394B593244060
          Malicious:false
          Reputation:unknown
          Preview:var We<.#.3..3Y`.......Wu...h.....O..X..5.....g*."1.( .y.l......W..&h...u...a./B_.C.."..U.., .eP.7....Y.~..kdn.+...&k..Sh."BGt7.-,&.P.(... ...&...`7+(wBg....XHW.B~.2.:Jz...z..o...g.w...!Oy.....{)...'...X.Lr.L6......CW.gf.}...9.u.J.z.u.[..&.-?&..sn.%L5.)....t...?.A-Y./...y..xF.K..E..._4..o..B.v?}D....0.{./.C....y'/....x.5h.hHkwO...(...V....'q.k.">m........,<.Ro.=_...Vk....pg\......P#..6.~..>B.k...C.?..wl.....<B....&.'PQ.....+9......O,B)....l..G.2..f.j.K.U.bU..K.BrN.R...u.pn......I_a..7.W...m.....q~.g."zE..P.h.?M.,U.r0...k..5.\....FpY..!...%|..(0.....6g...0.....rpT..T.6..``.../.$.'ryT50.......0?.s.86.E}....+.|.L.....m.......fK......-M...VX.......XEN.7..^F...m8......Ly.1g%8`N..7C......X.\.X....DZL...;+........2%.=U/.x@y.y..V..._g...N.D.dk....2....'.hgI,Q...0.*b.(.(..B..I#-.1.~4soA.....p....1n...#..LL..J.%j(......i...C....).9........@W.I.......@I..P...u.bqN%.b.:5..}......rY,cO.........d.w@$.%..~Q.'...[.p._.1.......?...&.t.3b.5SxMm.'X.;.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\DccpWCpoNzCwM4Qymi_Ji67Ilso.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):131722
          Entropy (8bit):7.998681709411649
          Encrypted:true
          SSDEEP:
          MD5:EEF962A84F058C99AA407CC612FBAB13
          SHA1:58FF8E37889AF962A48FB6D57B54D4675EA5E1EC
          SHA-256:2DB1AFE0D4DA231C78EBCCB6CE757D049FDF5D67746B15C3682810CF5D262A42
          SHA-512:7447FE62AD618BC141C569C9B3C8D7BB7199E0E9F04829648A611D1700F1C67FF84094FCE3FB7FFF758E4C8665AC033B85793E83D66FDE9200C94AF022F1F955
          Malicious:true
          Reputation:unknown
          Preview:/** @......d...t...pE..[.a6l.C0J.x..)D..T..g.....>......r....<....U<s.......[x..k..[m.@....?:. ?.SZ.....X.G.w-.%.qH.*."qf....OH...>.....V..8KP*......{.jh....]........".....l..............r...>.U.sW..[.Nwd....8B.....). ...*._0....Z....k9....m..w?8s..I.@.\...0.M........#.. .I.a..r-'...So.n...?l....~./U.{V...[u(AK..e.BM...N.0!.&.2*T.:$.1..._.O..$......3.d..C.....6........78t..#....o..~.&.9w.h....O..W..jy/.DN...L$d...q...H?.s/n\..z.-..J..X[.^.^8.'...F.H.$....Un....C....D}&.D..[;...y.H?.o..bf....\1'.+>Cl90FM..xj?...._.?j.Fw.....N{.yz..+j..%NiN./.wb#.D[\..[+JM..".......6.p..sp..... .v.......i.a..[.[?T.D..*..M..Z.d)c]..(`....<"Sx......A..B..y...^./..@T'.%^.].....L...`.......LJpA....pM...~.EX.X.....d.c..O+}....g....V........0..p.......R.....&:$s..c..V.K...!...%3$).y.c/b...$*.#<XC...8..jY.W...G..........j.Z@..1...?#..>6T...T..xmW.FVUD.?-......w....Gn.T.8.`n .;....tB#)<t......U.....(q] ..T..n.3.t$mh.@.9.....p....G.@.-.....J%.s....c..m.5.......0.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\Dj6m3cC0PNbgt98rgkHoHGstYio.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):9322
          Entropy (8bit):7.98092449652417
          Encrypted:false
          SSDEEP:
          MD5:20709DCDF065717C87C170F2515BB6FE
          SHA1:8C22C953AF347DCD20A58EE753E959F1CBC940E7
          SHA-256:FAA0D2BA63F7A1CA136AB966C1857462CEB28118B5000044479263EAC86DF7BD
          SHA-512:809FFCE2B349C76D2E079926B92C96C5151A0730613F378F5590EE88CC70741CF9568AF34581180FEA7E883F2B0638DBFB89B0E53925EF627C08032B973C0C68
          Malicious:false
          Reputation:unknown
          Preview:var F....\4....".).P.@..m....*..... 6....0.....@P.......E..S.SxW....T....*.S......Q....>....N.y.}<.1.[.2..Y..k}....1wZF...x.|/.f..e.....Az..Te........fbd....r..S...0.as.j;g......./..T78am0.H.-...'T|=0J.....di.XE........./m.F.]..5o..^.R.%.. ..!.`.F.{.~.,"l....17.el....q".[^.Ef...]."..Vne...q...j.l::...e..L.....,........t'.-\..9*....-...A.S..4.o.2.[.!f...4........bJ>,..D7... +h%.-.u.Q.qh~../.......r....I.6.iW...&=!.c.i.R..f_.....O....bxY_.7.M....X.Q....Tf..T..Z....V..<.#.].L7z....\. .6u..........1...w7=...Ar$....g..,q.M.b.v.8..._+~.f.!..zUI..J...L.J......)...i....a.Vu..!..mBi.n.nRZ.t....j_A..R*...J.K$..[......}...t....._6....U*...z.ud...k...../.#F.LE....B.`..z..;.Z.....@....S........Bu.5....3......4..5.d_..AS...#..s..Q..S...E)w#.38.&....i.N.....".b....|....ly...=.U..=....s..u.w.3*..(...C:...J@8.D.....z.8y(.]&.+..4..Mj.H.......v.*.F..w9y..z...1D..q..5[..fl...>,.N.4%N.H.U..q....U}...B.r.v...~.M....:...I.. .`.+..z.F.6.;Qq.$"v.6_.lJ?

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\EYNLM9RfkEXFtD8WH1unvJjwzGA.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):17832
          Entropy (8bit):7.989891002591516
          Encrypted:false
          SSDEEP:
          MD5:FEC41B1AD9BA27FBFD014EC1C7667292
          SHA1:CC0DD58A30F153DD8B1992FF4F7B906E126949B5
          SHA-256:373BAF0F1FFF7D77374C52E57B183571815BEBB216AFD858A8890BDBA8B1D653
          SHA-512:8D92CDD6BE23990289E1AC4F1BDFFF0E83AC632DE272D6AAF6DBA9313F18097F950486D5784FC444EE633834DC8E1E4110EF515EE121B7B17126ABC901C07A11
          Malicious:false
          Reputation:unknown
          Preview:!func.51...h.=..\...h.rE..T....Mf.L&.....L...A.F........s0r...nm.3.\.k9...n..5H05u..0 Q.[X.....U.f4g.._.@....B.....-.PG.....T..6*......1.-.7...0.2.... .....hzj.^5.%..W...R...(........o...:..b.YKe....8....S.%g...BdyK..Q...K!..o....1..ty.+n..+...4.......Q..+.=.L8m...t..p....-...W..Y.e...Y.)k8B@..+z.XC.f..PP.q.E...\Lo.G.<..d^../..D..i.`..d.t.S.!5..kSN.m......OZkr.. ........,.9..a.Xi..]KQ..|.yl..U.....".J.N..'.u<..m....x..,v..Y.9..9...'?..UOd..F.U....H.`H:.y-^.|..k...+...P.QlO.pkE..{.g.s..J8+)HLw.T.2.b.m.e.u..TO..W....*`...aSU[...J...k.o.s...%...p.d.t?..P.o.|>...G.u.Lu\/...+..R..d..M..c..@ ..........r.0...2.9'$5V...o.]..6.$.].......{.W.S.8?.-......\.q(%G..Mn."....L.=....._t...#.4:.._.N.;.y.Y......U-..g7.{.w_M.q..;..@....#.%sT91W=.M.....-....Y) ..P..J.k4..L.L.).m......+C..h.........@9.p`,f_.)c..g.\r...|..LN...~e.2W.......#.H..w.cE|K.5..j&...$|...p .}}.G~.rr...........6..Z..p..+hR.<v/.^J.M.P.....:.D.G.f...@T..J..Dq<{(.....L.c......../.....M.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\GW3DpE2qmyibnbFrEIzpiD0iGLk.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):825
          Entropy (8bit):7.754822801062759
          Encrypted:false
          SSDEEP:
          MD5:BF5A43F5AB00AB73D1B2875E6415B2D5
          SHA1:750CD519032A76560229452383B4CB9ED49107E0
          SHA-256:97F6C6218B0990C43B4DFB785AD2214A61E7D5A7D47E7B32EBB2415F0119E133
          SHA-512:A800873E300A2FE199EF0580C4806AA0C6D316DD2864E0FD826F22FCA76FC2B2B2A2101D2EC75231E8AFEED3CD4A4F1FDABA474F232F2241ECA70753AAD68370
          Malicious:false
          Reputation:unknown
          Preview:var W..t...&JD2.Rl>..^'vM..m...W....T....h...wp....8FU.....(.d.+.......*.......HAr.Z....c60.. 4..2.3...k}Bv....F.A.....A.I..P@q.pJ......0......5..x.....[.a.G?.:8..9.O.l.....f.H!o...=.......C.._.....e&...uJx$p^....-.ZG....(4..*....a..[.!..B...:..[..k,0=......*...7."....uk......},3......[..R.H.....!...8.).@....0t....&.u.Hk.g.`/s...1..K,.u;.....6....H..]v6.]Y@&..N.]Q..N|.....6...Rf.-.UH6.X..,K.68.~......G.J..3....=.n<.nw#.h.......M....&...wO.F...0.4...t..g...).z..[...2..jF.e2.^..`p..3.../I....W{.J.6.Z.&JV....@...........X....9.v......WHbO..r{g...[.t..C..T.X.o....o.~V.M....;>W?7VL.1....)K.....-{. 4.U'.L.......p...L..[O{..fQ..A:.s....R.......Sb.n.>(cj+....+I.9.>v....d.....BV.>...{...WA......L...6.q.~:9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\HSDak9V_lmtkNU64sorwQW-6T38.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1810923
          Entropy (8bit):6.562529457805964
          Encrypted:false
          SSDEEP:
          MD5:9D685728632E2DD73BB6823731ACA262
          SHA1:17BEA25240DC9609CA5923DE5626AE01E34A440E
          SHA-256:FE2855421F5B24A115499F98C38DCD137CC881374A772B5C0B52E500153D275F
          SHA-512:FCB87B5801A318F2454C85AC7F0340A3BC8192FC54873B8B06A9E953796E915186ADD1D461566FE0B500306FB02F91978D3D7396145D6FCF5A2677B123834F27
          Malicious:false
          Reputation:unknown
          Preview:(funcx...`..G.2..u]...w7...vsz|. d....V}.G..}k.;..3.}.C?..:.2.F....C.'..S.$(.(...i.......l..kx..e).D&CB..b.~.M@.d..;i.\9Z.Gn.D...O.....I..>.{5.u.d..87...6%...K0..)/.......0..6..~..5Z.T:.......Fl..U...s..J..Ot_..7.d...uV.T.....r....ou.p..c....$.d..Nz.7.F...M...vn.....(;<..V]q.`.tw..+_..iH<.y.A/"..{No....B'..........W.UY.P.... .'N3...G.l.....J...TN..A)/j.i..<Q..A.....g3r....q<....U..<nR7.}.O.zJ..5d~.58...L.......0*;.P]...Cu.Gl..q.U...n*.YX..b...........F~....WJ..W...........t..g..n....c.o.4.<........N.........L....g....!..k>.y..D.b.....i..$.I....[.l....Q.....I8...4M..s.^.-c7.j.,.....4,.....z/.b.f....I@.TP....tL..B..3.K0..al.j....jK.s<.....K.!..K....q.....>y.tc.{+ @.......~ ....R..c4.A..c.%.&. Ys...y.|...ps...(.......}*.}/Ypm..&VV...wu......I..2a....D......^.`...#ZG#...X)..h].4......|...%....0.?....n..p]...QkEm{.id.q.....;...4.mM....y. !....1U.Z..x...L..0.H.....&.{`..d,..Ux..$.8..)...yK.n...."......w..%Zl...6.u)..o.......h.....Ky.......&8.E.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\Init[1].htm

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):118787
          Entropy (8bit):7.998691060130218
          Encrypted:true
          SSDEEP:
          MD5:F150A9BE1F11C3F35B3AC9FA5330D7D0
          SHA1:7040476D284B712C569CCC5FA59FD55997E3EFF3
          SHA-256:51F51431FBD737DBA2BED4E94424A2B4002FD1B673A3574F4C5E75A0E71D3B2F
          SHA-512:D2191F2F014804BBAC6CBB4FE367333BCF21754DF73B3AC6FE6FF4285C52022A069F0D64489A66B3D420559E7D428467B3202D93F1002704E8D2FAABA4D18841
          Malicious:true
          Reputation:unknown
          Preview:<!DOCM.u....O.cO U..uLwJ...M4.D...B..)...........kO.s.7..iS.O.;#......F...fD...F.8.]....e<g.v.k..s.....A....U.2...e..-;......P...._....^k...J/.D.yX:r.Z.....i..L.8..#"Q.;.2).h..*..?..U.E.5`.i..3.....p.0l.FC.=8........@1..=0v...(..|.....6.....}...2.mM,...N#.p..-..0..O.....|. .>..>.E.......(0....%....a3..KS.]....A8.;.....mfpU.W.X..1&]...6......a.!.$...V.g.J...p......mv<.....|m%..-vx...4..dP.r.....C.xC.).P.M.....).X_..f...'.7.....V%..2..1..f.-z..qkW...h....B..H9V..9..E.....ie.*fA.M..i..j.t@_.x.[..O.. >..4.c.L-..N:......E...A.uW...o..#9..._...]..T4.{2.H..U............8{....J|;...n.g.....>q....|.9B9..x.b.qdT....Z.......$......%.M...\.QB.........5.K.9R.an<&..~.<...k..\`....>.ah.\...:`.....7kik.|R..i.S..S,....F.......x1Y.',.H{.G.u]..0.).=..|Q.raS\0.%./t=}...\..M0^.....(.....N.&7.K,1.....?..m......_....G............A..|.V..1.#.|.&..G..q.%K.(%.....^.RYj.eu2j>.M.G.dL.N[..Qy....r4.....!|.._A...c&a../. ..~M.8._i....3[."fO%!.Q.@.)2..J80....t8....P..?.f.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\Ix6gLNUjdsfo1b44Xv9sX0Ilnxw.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):89835
          Entropy (8bit):7.997985196746425
          Encrypted:true
          SSDEEP:
          MD5:9D78DEDE1C021382DC02D2590352AEB8
          SHA1:EAED64641A0612E2C3937C2EE6A02FE18B17ED35
          SHA-256:97809997C8F0D69C602E2B672CF409C0D0C3CDB6B005216B99DAE918767D30F5
          SHA-512:EF97EFDD269A958627EEE0A126793597B788055838652ECBFA24165192160DCF7A3F67C3AE058FEF5BE670458DBC1B8A01AF93868E7C0054245F004AB179A8B6
          Malicious:true
          Reputation:unknown
          Preview:var W1?Rz5;..\;.....!fSU....n..&...A...L.c..m...4."l.....cG.+..8....D..6h|.._:e...Y..,......K1f....Z..".?..]!..............W;..07J.. ....5........&F.]W.+.5.."H...q'<}ZQ.I2..9.P..W..u..*!..E...k.../fd.m..e......d......`zj.OCtQU......t.H.....D....]..)..J4.7CX+9i....W..wN.[F........C.......\.......2..>..5....._}....#.|U.4......<..gx.........7......BPw..M.-o.f..B.Bi......%...B..gC....>.Q.O..>X..,.a ;{S.1FD.I"/...5.:..U....i$O.Dh}}vH.D..n.*.&+.....P%...$.Q..L...'..'8..Ii.B{.......M...c..$p..T.P.N......W\...|..)Mr......8.....!.,.e.{."......u....'O........"...Y....r......i/'".@.J..e...tP.$K.F..4...%QLKt5.V..F/.....B.l..3=.G..w.c@Y>:...........s2..>.+n8B.]....U.Y;.C........*F_.i..e;.1C<z.Ps.M...s..r....../w.f..$....x+[.*...~y.#f.,..!.{h..^.K.y$..f....*.r.B......W|.S.b...`m.R.Q%.....eeH...`;.\.....*.z.-.0ai.O.. b..(....3..!.....}..^.hV*..h.]9h.u.W...r."..C.Lo.w.........o.....c\".._z..Ms.Y.5P..k.)s3hb1..../...Ks1I..F.n.?..P....r4.....\....),...A..

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\Kwh038ybdvX_puLwdopqHydJtVM.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):467497
          Entropy (8bit):6.286971514879831
          Encrypted:false
          SSDEEP:
          MD5:ADCD60EBF67FCEF4A970DD701785BB81
          SHA1:81F06790E07420A63309B9D7F2F4E74766664218
          SHA-256:7B3AEB5908F20BAD8CCFE71AF8F4165F349EF52896EE792E8713149AAB60E275
          SHA-512:18A98132010CB16EBFE5E4893207622CC6529D1B56198CA71D59E48301327DEDBD5D1382C6580369FD615C7BF1A1F7F2F0E03DCE45C21293305E87181AF4DD83
          Malicious:false
          Reputation:unknown
          Preview:var WR+.<'.X...h...pe...+....i...W.DBr.F.YH.E..bW]...9..;.%...hx...f.._].( ....?.._E..I0....u.u.>.WO..;A.'....u.SoB.Z:..}/qy.."g..@2.u.f..............bn)}>Qf.."..'....O..t....I..<S....`..;..H)6.......A.}....e.B.S.y.I.S^l...]......"<z.] Y..FO..I..........*7.U..'q..........2.....8n.o.V.t1..(..K.O.-aN...ND..p..r+Y..q.J.|/.02\7.!.Af.M...p".........9.|!.@{....b..7'...Qgv..T....<a..9.D....;.......>0.....o.g...|l...C..7l..B.-........K.....w=h..Q.>.C.W.4&`.....%.k .t..Q<K....Om.?..(..........e.p..d....1.R3...y.F.}.ov..L..$....G.?.A.w.l.....B...g_.N.&....$..g..F9..t.o1..B..f]x.....@.........v.._._[..M.HE...3j._WI..Vz@*.b....m.B.$.....#A.l...w./v....D>HN..e....,UT../....:..._./..N..y...D.ND..w)P.I..A.]..JV.M.E..y-,...D...b^@....-.[.5dH....o..AR.8....L...Q}Q...J.=C..m.I..l.P....v4Z.,.s.(.7.W.Z.n.....0.0.w..j.6......!..>..Y...h.i-...b.........!.H..g'...`.SS.@e.G%.....iZ.aM8E.......i..l.....$.......%.z....h......"..W.`.+J.~t.;r.4Q.D.....y.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\LisgCZCwGQ4lRz4go9tlwPslw_k.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16105
          Entropy (8bit):7.989109639550051
          Encrypted:false
          SSDEEP:
          MD5:CDFA33B7AFCE77F3199DBB49C08ED273
          SHA1:2E666B29FBEB3F914077436CE260CF76B4A9E074
          SHA-256:B9BC71FD6F4801F4BB02723598EC22E92ACE2E85BB1DA56CE556D20D236EB079
          SHA-512:42C9D8A8ADDD699738FE7D7D347D8DD996B803C0337DB7E0C94FEB583FFD7A322EABE446DE6EFF42C25FD0B7DEDC6610C527163B4CA718882EF54DFBDB584A68
          Malicious:false
          Reputation:unknown
          Preview:var W.M..Q]....p.........e.tQN...h.z........\D.~..p..6^;P..sc.VS..^.*.~.:..2.5.K....t>.......h...sS.E.....7...h....?.s#..l0...?.F..L.9.1...o;1Z.{...MEQ..~.9...qk`..>x.&7...M.....sN..s3Qx%+.c./=@z...q............Z..F..,...J...Y..Bv..$[.9.U7..:....(/...5....2TbPX..,...1.|. h..t.8.JB..........7.!C...."....:(#...1.[...Q. InZdW...1.j]..ZA.i......D..?.i...X...fq..4...Y.f.0i)...[F.C.Ut.t).o.z.x......;.RRz.y#@.xW...@.g...JvR.....\>..`.ha?N-k 2z........X..&lrT^..vI...1..Az.S+.&.........y.a|UH[.4qd..S4.$(.7..x...5,:..R.t.|.Y[&>d@*.G.K.wsE.'.....SQ.6...<..8.D.........Z...h.9X)..90...u.W]!l.`....u.S.n.c..N.[i.1D.tC......................Yi"n.R.L.P`.7..,...w..a./.k.R}.0..\a.J..k..".L.p....r......O........?.2...n*.y.x...1a..dhE...p)`n%Bj...._...m{...ez.$..g...S..c=.P..O.ZC`.5. ...6....!?.....x...h ..k...@............z.......?.z..0q{t4.&A. .#5u..a.n......7..rb..y.Dr..F)?.wn.q./~..1..D.jE....+...'S|.O...d....`...)+3;"d...-.(..d.L....>.^h.r....GI..}..(..I.b.r!..

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\MR6Zgdyo2coaDBmJxRBOLkPvlpk.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):258900
          Entropy (8bit):7.4748346405332935
          Encrypted:false
          SSDEEP:
          MD5:DAC74BD6D30C3627434D10DE1B2F0B6C
          SHA1:135A5EAC6923C248FCC8E4D4DA4C045635C687C2
          SHA-256:B4AF299835C3EDB5AB618E3C535949933EDB6E563FB2BBEE819D17664144D379
          SHA-512:17A634574F8296A29D8A82C95E5B3B9003A0C6EEEB661E1650E839B5DAE7E9789F55153A8E4EC8D80F37C269FF53A76D1246B795B3DDC660F5DCC98A98205A1B
          Malicious:false
          Reputation:unknown
          Preview:var W...c.TLZ..l....Q]..D.k.,..k*z..x`M.:...[.:JS=.7|.......&^4.......A3.0......lx7cx.XA.o..-z~..h..o.<>.p..I.z.Y.}J[I..!>[...}..@iH.8bF........y...a.:.P..^.:rz/H..t..........Y.........."...}...,.z.".U......./-..3..&.....myv.f..._Z..@$.......<t.K.jW..^s<...t"..M..]....~c...4..".....v.m..7...o.E8..s..`K.R....a....m.%..;-aW....l."*..EW.K.z.gJ....i.[w..J.6.}Z....J.\.1F.....MB......|9.c.=S....ff..c..../....)dor7.....M..2.%f.6.F......8.L.X..9,.is...x..@Z.|Ld.f.....-....,>.3.... h.j8[=..m......jB..8.N......O..:.S:.>.............C.p.....=M.{........;...M...k..S?H...Hc.U.#x2.7...h:.%...e..\....v.+.Ip..`.9.;z....]7N.v.(.3'...F".}g;.A.Hc......O8.]...~.(...<..JI..Y...}%.........fKF.f....,9^....r.|U.a...6q-..Q.9e.E.L.{gB...E.M..._..a...E!.+e..).Z.....O;lfP....;.~...q.*.o.].3Js5..{...L.k..#..U...\....8P.+.........y...g..Y.......2"{.."..9..V..n.....]t..O.%].u ..h..@.[.]...z.2a.&.w.....J.,.....!.<M..XB......n.E..q\"..wR..,....,......@..b&..C..a.....Q.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\MgSq5EEOyYvlI1qVlLOXfgRHmzM.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):105444
          Entropy (8bit):7.998176770021329
          Encrypted:true
          SSDEEP:
          MD5:58011FD7C73521CA76620C9E8A2F9DC9
          SHA1:264293D90E266D9AC126E64FCC84165F175830DB
          SHA-256:13146C2BE03DAC41B7D15A918D42A1DCCCF7789F76D4BF00EA61AD3EA3DAAB56
          SHA-512:2E6217B4C75B8A3E20E1F134FD184E9236A2CE3F224EECC39534AC9C25FC7F468B36CCF6CB5FF3CA64586542401A55003F795AC109EC0A83B94F0D57E47D6670
          Malicious:true
          Reputation:unknown
          Preview:/*! Cu}..g...}.....xpa9<..p.'..^...g..Y..d/.....4..<.} i..V..*CV...zE....uO..\.^\gZ.......Y`.&.?..........dO..,..b...K...>..V.P.z..+..\...4qs$....f.K.U..cxz#zR...Y...S....mb.h..6nP..F}.M_....V)y.yM...yQ/.N.Y1$.<.....7y....>X. .......@..6.!.......G5..=p..B.............,D..psU.m|..I.4.0...~.VrWm....o.1.33......-.wRY._.S..k...!....8HMl'-X%]..{J.../.....x.#....U.*E..w.[P5..5M.n..>p.../..Tw.6.....?.f9...)4.e..;-...(..'.E?...]J..k..b.......22....%?=G..b.S.A()..s}.E..Q..E.D..T..V.\....U.|.}>.6...uS.3...h.S..j.ON..8.6wc...D8..F!o.....(.N...._\.4~K\..:$..0*..7.&6.....`TD*.V]..&.....g...&....e.>.`Y.....+.b....?....1(K.sP@..bR..j....Gr.\./..MJ.:.J....O.^j.nhh..r..."......T.B...C7T.".d.7...%FP.$,.%.l.(|[.....[..c.3..s..../.4..2..G...U.,....).e.G..9.-.'G.B...fk5nI.A4...y.f~..0_.sl"?T@W6.gL....R....S..X......kk.Q1.6u..@..V......oC.P.%.}..1OI...@.I..nl<......]...]..Z.x.I.]........E_.k..g..*.Q.4....c..K2.l.....r.[...g.$.....%x.X.!.._.._....`l.>..St..F.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\Ov6JSivEymftttgBEDwd3JIRgz0.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):230984
          Entropy (8bit):7.6353555356770935
          Encrypted:false
          SSDEEP:
          MD5:23CEC266854202B01508141D00F909D1
          SHA1:8FD6120878C6F68D073CB0014492F4288A04C741
          SHA-256:17CA849BCDC7B74AA28CA9E45DC9E8701CFE356317F5595D01CE6FFD82634AEE
          SHA-512:D88007819AAD1D291100AE3891DF21F22068A6FE9D4CC7A6B0E1F5AC47001413352C2A268657D4A485B0C9E03BD532D76C7397CEE7D4EA4BFFC0A8D6B9005A12
          Malicious:false
          Reputation:unknown
          Preview:var W......E..z.....j..^.P*......-.....O...jH..n.%..J..Z.$....%..=..j..9.....q.N.b/..Ak.......Q.M.2K....w......Q..5..R.9....rl..^..[L.8..Y.......+.6..N}.....Ly...=;.flN...%....#?F6.....]...w..!xr.k.Z..#!.D]....l/....n.d..u.B..yRM..VY.0.}..Za.tJe.[..>+.i+*..3.....MCt$....<|`..o......e.g..23..Z...d..4E..$'.l\.M.8w....T.Ggr.B.. W..#...3d. .S.nIh..!..'..9..iV.g.....om.!N=..E.}.<*....c..'.....p^5.c.n .\.~4.O..._Yh.A.{..Pg,.AN7.\.y\%(G...+!...V..6...m..f.+...s.r..lXO.B.........G/....F.qG7...x..m..l....=..Xz.3....m.j.vuy...z..D.t.$..!=..i\...WS.a..j.q?....@Ouo....K<.{L..p..q.G..lD.....;.D.;,...LLj4.^P.'l.....j.T$1.t.A..?.......M..87..6...@d.....;.f..iY..*...^.w..'-.[..!.S..E..8.z.N.i...mN........R....n.."..k.&..4b...cD.=@/f.Y,{.,....G.L.e]........O.a.k......z.*..._Hh..7HY".2.k..j..B_..\..)s.......%.../.ZJ...:..Z.0...j}.Y6.5.6.=..Q......Q..O..,.g.l.*..{....g\...{..T..`.<...-....VdJ7<6cG...?..,...X..8#......G......u.J.z...^K........v.:H$..">.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\QNBBNqWD9F_Blep-UqQSqnMp-FI[1].css

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):340
          Entropy (8bit):7.2671199260187
          Encrypted:false
          SSDEEP:
          MD5:034D359F96770BCE0CBB307C39CA7960
          SHA1:A3328CBAAA9EEC555DB37527B91FB55092B54521
          SHA-256:E90F75FEBCF060A82876872269DE45DBCF14CA476021F14021E7C559124581A6
          SHA-512:BC7F5F3B9059CDB529F0E1E501D72F795D13EE5C12E206737ABA42CDBB6C126E6E45B9382A5FB69D9923814A0734C8ABE78F530E5B622BB6163C4FD831B8D363
          Malicious:false
          Reputation:unknown
          Preview:z{a:1.\...S9..r.6..I.....2....t.J2G.e......GP....Q.w.|:.a...zL......N.($..z_j..G..EZ..0...d`.0....*q...........H?........V....~%X...,.e...=b..M!.4...../.)5.U.....Y........O(I.&.Afx......O...QeR.5@.......GO.....@.O7.l...$r..,..jI.nR....?..O^.60....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\RfoQ_WQ8YccBpTTC1JFx7r-9GWU.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):204933
          Entropy (8bit):7.79863358655821
          Encrypted:false
          SSDEEP:
          MD5:B632B7016177C3B3032ABE5845AC54AC
          SHA1:A918464573B8E1DD2F925C4689E2CC9C5E4D15C5
          SHA-256:D4FB20C44745FE220C16F57F587F6F80B10137CD2853A52F6F3C214B2D292E65
          SHA-512:F74C14DC39117E947F268525FF2704BD7357F4AB34C884A10C7309B7C6FB9C46409A46AFC86FF4C5EAF5D9B799F09BB7E8C2C7558505A65F8C1EDF3D734D5A5E
          Malicious:false
          Reputation:unknown
          Preview:var WUV....P8H.E...]Y.\......C ...:.6...?.]."..u.$|..b.K.c....j..O..@....q...).Z..P.gv..u.p.3&....N[j5a,)..ihN..a.o.).y..9Q..1Q.L.....K!M.....,.e...F.......=.....J..T.U"-....%.._..0.=.{.f27..??.j0...vg._.i.....M.~..Uu.....{.R..mB.\g....N.O.\P.4.I..^.H.p.T'!$Z5......~.M..^"J..A..A.LX.....J.!4......V.D...$.#O......|.2&M......d...:...|1..?x.........a&....,Jj)..~_...G...a..j.....e.b...r.y.,.f.q.].....q.4.......XF.V>"...f.d.~X,...o...].._..<(..J.7.9|.............,..7}y..X..)....-............).zb0,.'..%@@|.......}.L.5g...6.nW...r.1.U...x...9.t.y...7....XUi..5c..8..A1..5.x>.KH...... .1..G.....N.De.&.x.J...?P!.Tz..;r.P...P.8O!.zVM%..t..G...>kYF.P\.-.W.. .e..<.r%..8..R7$U..0.j:...B..O.cG...D.S...C....+.l}..Z`l.`.{.S.1q_..#ao.L....'?.9S.7m.....vx.....-.p..@w...F..y.Z.e..^.[....#g...u.O.S.7..#I....~.d2.....x.28....\Au{b...m-..gtww..#.w...UK.?.Z..{eM..7..c...."..j[a!|m08'.b..r.bY.....3.a.R9w.1........J..,.D3.....jd.hIs..>..T..s.&K.l.. .a.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\UHyc3IjuWFO6s9IoOlmmJWw7Jqs.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):538020
          Entropy (8bit):7.042678424977766
          Encrypted:false
          SSDEEP:
          MD5:2B456A4DE58C307C809E865AD6BE84CE
          SHA1:19C79524704900D40DFA7AFE60343FA8A7D5E24E
          SHA-256:A67D4C61F751ACBEF0D5E518405D3215F0CDF1A4CCF7CF61A62D668C76D6C228
          SHA-512:181113481CB1730879F7F5C5DFC9704452AA5C0FF2267086300821A2DE90E49388E55956842368372FFB4B131A5A979A622AA34CE299CBE3A70650AD1B0E38A7
          Malicious:false
          Reputation:unknown
          Preview:(func__3>.6U..Uk.=[......m.v@........ ..[..@p.u..Y.0...0.....[N..1..#!.$.B.rDF.vPi*].Z..S...k.....K......9.%.x.+..1..0.V.......j$Axl...?`..H.4.[.D.K....R]b...Kg..-..~.1<.....p.H.P..k.@dW..W......G....w.`..o.N.QVp..7dY.3..o.....6..n.\.........q... ?.."u9...*.......k ..P.6{.*t.d_.G..i.........F........;.H-N<....P.$...8...d....} .W......^h.;.QQ9..o.....)`&..Z)I...5.G.....&_.....E...I......;..2.!9.r'..S9.1S.(...F|w..@s..f.......'..m..~..B...<...>."......;Y...g.+2%..,.4.h.a..P........{..2....~..@.ak|x|.SL^g......f..U.4..SF..m....zK.!..f...5..).F..*..(...(.k.5..f.@4u..PXX..F..0.}i.xb..%3.I..0.z\..?..B......cc...0..&N...I.x.K.H+...L.Q.3.H8-E.Y.....[..C...}_.=...r\-Qu.e.=~.....}...\..mX..9V....&....RC..B!..0.Aw2h4..85Bh...|z.Ru.{6..,I.(%...r.....D.....f -,.&].+~.2<..$JUAhL...-...3Z=v..._...0.`.kf.CC.s$e.....#Y...h...{}92#.H;a..)n[.i.j.....#OOz9..%hM<o.K.....a..*x...._.@8$.|P.%q.S\..i..8].Cr!~r.-\j...dd.\..Q8x...R8..t..[.2../..q...#7S.s....G....F....6..

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\ZNvOyS-r2rT3Al22ByUYXLQ5kPY.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):95233
          Entropy (8bit):7.998081958037751
          Encrypted:true
          SSDEEP:
          MD5:D2DEED7C674E8E26A089695D614225FD
          SHA1:4F8877E074962F320E23120D22A0D06108A4BE8E
          SHA-256:736F8983EF18E94D008A56D8C4273CEE8EBC3604EF41D9DEFCEB36F81F3E9822
          SHA-512:95B393D096B232976462854315954436536425A4FC8A42F43BAEA02D5ADACD9EEBFE87D0CAECD2B4F9E87E19F3F818EA23E8056C405F96C0E039EDD34D54CDDE
          Malicious:true
          Reputation:unknown
          Preview:var W...m....B.x.3.q#U./Z.....m..5..g.^.G..).....s."..c....(wz(...0..t8{b....d.c...8}9.B7g..z...;_....W......S.=.D..>...o...>.A}s5.. ....A.S-...^.AJ.i....T.d....o>....qi.....[.%u..z{..5P.~B\~|`C.|......Do..H!.L.....7... .n..Q<..U.....o.?.5.,..I..!.1.../.........sK.E.A.Mm3.R.P...3..ZW.}.p.J.a.p#..."M1..+B...+..:.1.w.w., .AL...?i....9t......X d....>f.........s.lG>z).N.&..<"Dk.`A...0.......|.^hW..7o../.....^'0..!Q...............-...q...KE........k,.z..vF%*......~.n./`...7G`.R.<..~uQ..v.._.._.._s.x..u..O....uv...^..q...Q.......Ky.e...GU....g..u...{..T..!?..I.q....`).....v.....4../bi.`....n..&..=..4.o}...`..VV...-.....`...4p.4..."..2.>t.......5..$..<\a.mP.$............C(...tPZ>..Z.]n.H....l.."...N7~J..a.Tt..D.&.........c.~........$.ks..y..(.5...P.*E...m..3.r...=9w..[?`]...~K4.L......U...3.m...z..G....|.m..t.m.............W......i.c.E....'....l..v...p.e.....AU.......6.%.....^2..m.xI.x....k|....;Z..>..<.kx`.k.@...4..L..~.`....y......#.l~..

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\_Flhim3Dag7tsIXg2zUCONaBlAY[1].css

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):288951
          Entropy (8bit):7.215154817239479
          Encrypted:false
          SSDEEP:
          MD5:93BF76C1BD54A1566CC3107FA7CBB29D
          SHA1:2EA04983FB251A7AF70D45A110546FCEE0D642B6
          SHA-256:E7FB1F7453C479E9BB0058C2723DB111C9665C1C624D6961C56E61146ACEB5A3
          SHA-512:D7A50450CC142B0A3AF3CB4CD8EAFB56415FA0BC767CA4F09DE17F7FFBBBDA165AC57FACE19F1CF57CDFFAACC9E1125B63B157F1B7BB421048567DD61C9987B3
          Malicious:false
          Reputation:unknown
          Preview:#topRb...o..k.OO./..Fh..f......H/..-|.N......C...b...s9......_q)g}.oF.....o.2.1#.D6.V....y.(.a....q.-.I...z..$..."...g....n.2..*2V..%...^......<..._/..x.BB.~.8...A..=....i.I7N..N!...../..i...._.dS..e....o.Vc.>U.P....O}O..(..{.o.I.s..ij$%.....E.w..%..(...7C...X\...U-w... {....C]...a.{.`.Lq.g..$.M...\v~..1.i.........v...e.............+...^.2.I$U...#...<..A.....pY..n..$E.'0.t..#5...2Rrt.8.......i:....,.+.#....../.6F.Br.....#l...T...]....'.]....."Zk.3....b>.].SU..._.^.. .|ST..p.y..[....v....0.9.=-.........jd....H........0..g8.d..|K...l......E...*].N.e.`.. .1.. ..2+...P......Y...f>...a.&.......'Z.Kz..[..h...7....<...h!..T.......W..h..2...lA..(..7...U.b..H....Gg.......}...x.......C.!M^d..m..-W.%..a0.G._..k.pX(Y}2f.]..K1h.............JY..N.}?V+.I..'.....`.c...\..<gq...Y.....~{.v-:[....*...p..t)"...Q...I...;...3. .....2F.t.c=s..1..o.D3.Ca.....d..'..Ll5......L...][.p...:E.f..%RYz..F.6........?td\..x.U.. ..........+t.a.....k...|2f.].......{.h.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\_b_--9riPDWFG_ccxbd4AdoeraI[1].css

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):421014
          Entropy (8bit):7.032114459169741
          Encrypted:false
          SSDEEP:
          MD5:C7378EC00B5474E6CE311B64EC0F0D1D
          SHA1:A654B821BBF09E1B8142F2CBF8CA0CA55579ADC2
          SHA-256:58A0FF9671075625E5FAC03C05D83B9996BBEA04A5502044C6AFDDBF79089D3B
          SHA-512:2331460F7CA74CE9DFD72D507B0F2817B80D89943E81B92F932C9B69D3153C640605D39B9F479BD3C0CEDBCDFB9C4BE187D696FDE9C1F437C4289224A9408D07
          Malicious:false
          Reputation:unknown
          Preview:.scopO..^..X.....k]..\.w.`..r..+......D..q........e..]9.'t^"SS.h.4%./..".c...]Z...-U...a.k...jo.;..@.....N...h.G..A...E'j|......X.>8......e....t.l)../.^~..K.Q\=..~....V.^Ht..F...qlc....{........P.kc....s.|.D.H...+%..W`.B.....]K....y.FX(....>.3}..TW........@Z4SZ..7.q+..&...z.7.......A.P....^.....n.. ~..[f...b....S..u..8.P.8..;...p.D..Y....(......8...B7B...?..,........b..vAj.F=.0..u&..\......5^...h.....B....^d......i.q...M......%.Z.Ww.8...*....7.|....5...U.,..ks...........8....-...C`.~..y.v3{r.iAv..e...>......J.......^..O.......Y/..../.:..)=*..a.......Z.t.:....}...D.u..........v..W~.s.!...c.p.......4Q.l.....&..\@.....43.}....*0..'....>.{5.+..Q.q.c5.\....)..9.Pp...s...c..*.seL.2........{.....&.Y.......-58..H3..`..(...'.K2.]wpQ.R.?"...<j.?~..H.....ne...ZlM.^.Y\....`.....m.v....U...;....5.p.j'z....+....v&..i..<...K.k=.n...,7..<.x..8....S..~.x+/[.h.>.3....EA..KB..^.=.....=s.:........&A.6k..\...u|...X..e..jH.^?.u..X.TT...%A.B..;..R...kL

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\_iMzWFZ5WSH2oNAkZJxDGOY5q2Y[1].css

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):6309
          Entropy (8bit):7.969239217359702
          Encrypted:false
          SSDEEP:
          MD5:D26B3E3872D3211B5E30FE49AB2456ED
          SHA1:1C192FDD9D274CDAE2E1E636B8451AE19403F3C8
          SHA-256:6CCBE665BF5E1F886408D355FB0C9EC0896A5F9D824FAA3685A2A9660BA824F3
          SHA-512:91F5103278EAD3A0E65354E94653017291B3A498CB0F51346E444F3C33154FF72C4941E84AC19A1328BFC6E8695BF991342685AEB7EB102A5E55D35D6AA26153
          Malicious:false
          Reputation:unknown
          Preview:.b_se.].rD..*.,..?H.>....7...D.....}.u...L........|..J...{6u.....b..c.....pA.}.P.....F<......ma}A...*`.......Qlz.|...1.[.bk.`N....x.p.e...m..eTo.....2.q.os.\....a.bsY.Z".q..%.k[D.K.......]...w.3.j.7.~w....4.\..~"&.....Mkv........(.oo....$..&(_<'q5.u3.&.......w....x....>....&.(t.._.]...D...7*#....g.FhM.....&..?....FzWI .E.5.B.M9.>z_\.....=....:6...).^r.....m.......i).V.M%.....v=.F.=..Y?.MK.H.5.......lH?&..T.=..o..q.......}..m.."K....B.c.#..#&.'...sw.#8'..i....,..f).....n......k.J.M.....I[.wP{..k#....h.......19.......K....=...K_..c8\k.....n.&7..<.6...l.z..~.3#.I.b.UV....Wi...hyP..5...V..#..Ss...&..@.E...{.)A1G..8f.6..<A.#.r.....V.#..=.....;m..GU...<.h..g8:.hm...n..0...A.m.q.A.\...gaZ.N0SS..d...?.q[^.<X/..J/~nO.k.w..E...q...U/=...]...<..5w*...{..{.K......i?.1...K...[.+.r- ...#.i.%..[P[._B^e/._O....i).)c.&_.....D.d...V1...>/."W.g.l.=!...b.V...Z...3.JP.a~.T` @&..~Gtd.4.1..`......cc....q...`.._...@...!.J`x.K-e.H.u...u9.j..W...m..........pO..v..Z".$.8

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\a4PqRmiFC877txZZ0VJ7G5bIAUo.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2345
          Entropy (8bit):7.907733867306788
          Encrypted:false
          SSDEEP:
          MD5:133AAE6B8F78EC902EC5D196F085CF5B
          SHA1:544E9950D77FE5434F9DF108193580769FDDCC16
          SHA-256:E2270CF0FF89C74AC992FCF6739C2E881C79B6ECB613CCAAA1037B3A90C4C5FD
          SHA-512:54578536CCB8E248F009FE362E07502953983349CEBC77594F13518BBDC0A0550A56A5B120CEE961C6199D78C8BDD507E79252FAEF2DA58BEE25AEB2579D4E98
          Malicious:false
          Reputation:unknown
          Preview:var W.XX(5Qx..)H.Q..NaH#..i..H4ZX..v........U..A...o..l.<j:..T.MCF'.o..eO>.....'Z1Yx'51..O.h..D.x..,...:....c,.=J.l8i8.y.(maH.%.Q...V!>t.7..W...e.v..x.y...S|.u}H.%|)^...;&*=e!..z....d..O7.2.I.[..P..Z..3...EA.B..O2O....R.2..c....x!.......*XO...(...._+....a#.....H....U.l.....si.....6.r.....'.....&.....%TF;.......hP...\M"...La...K.>;.lz.'..aHWM.On@+T.U...J^...g..L.z.....3Ok..b.*.n*...$...y..D...t;..U`amr.t.*.... ..3i\...9fTn..Ca..&)].....=.a....t]..p^..J:X...I`..i7O>..VD......]OB..b......Z..f..K.B .'..f......hl+...?(.. ..A'.....k.j....-.q....e.@..Z...W.Pj...u..@....>2s.....@......&5N..;.x....6..b.z..z.PQ..U"...=/...D.../c<J).....*.zT;..Z..>..y.d6W.>....^.,2.P.......C.%b.Q.....r..w.3*9...l....X._Y.L3.\..b66 0..#..%P3.C...98.>....P...|.u.<..b?.^.\..TUf.a..})...v.r....U..p..J....Uy..G....%.z>.....y.v..H..@..^bx<.....,^.)..3......?....$.....:...\V.8Q.-j~....uE.av..p......c....\l.)...<@./6.n.....T...g.r.M...T,."&I..OQK.0D.1...i......A..4....<..H.`./

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\aABLNT_FV45QjYQfnRHrBCAk4GU[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):121548
          Entropy (8bit):7.998431496078336
          Encrypted:true
          SSDEEP:
          MD5:35D180DE29C01C18CE1503D7457B5FF0
          SHA1:AE3D470F34A61C38C2518BEB84A40FE4F48BAEE6
          SHA-256:21E7FD80F46958BD454CCA8CFF8367ABDD6E5F546662412574FE226C32AF39D3
          SHA-512:D0B4890156314E1927AFCBECDE7B34F80A5DFB64E1CEAD60222184BAACD87236A6B8FE0CDA1E81343ED098BBA7472B225223A262ADCA1E74B806BB75FABCD711
          Malicious:true
          Reputation:unknown
          Preview:/*!. CC..w.y>NB.5..P.1..:.{.u.....B...4h.L.?....b.%.L.?.)vD...}@..b..#.t.5.!..C......5.&{..UG..&q..:.;w.2.hw.....+Z.3d.u........F.~\-.{...CD.3*...(..y.d.e;.|.}A......E.V.C....\.t...<.....h..-..w....r.b.$0_B.."...0..B..X..Y......;.n.Y.s.+.F..'p..y.U.....9....C.Y..X./Z.jClQM..n6 ....:._.>..+............W[...z..9.6Q...g..|.%N.w.9...b...`.#8...ZU."<.Q..GL+Q.jC..-._..5M:.U'...\...W.}..]..^....&..4...Xn^.f..e.......!.&d..(.... #...hYQra6B.........U..6#o......l..Y...-.\+aJ..z...j%.y$...2..q[..}x...g..lw.</......=..J..Qb..8F.......\......V$^..._Q...xkVE...(.3.4.xu.a.J&..(...0."..&.s..)).l..f.8..]0jm...k.x{L&..>Io.^~..I...xT.........RS.>?d.....?......5....D (!......=R)g?.........!r.....Y..h...A...\e.5.%...U.Y.1x..*.v...]p....j....].......C......|n.J&....)...0..i..;.4q..Z.J.NnI....Ct..a|.o....\.*.n....s...E..ibg........qI.$.-._;.u .HTe....H.6..}.!]..v.[...Z~#.....ZK..W...(...R......>,..2t.,$..>N#muC.E.#u..j..(....:~../( ....2Y.hV..7.....-&..

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\appcache[1].man

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3715
          Entropy (8bit):7.942417380640259
          Encrypted:false
          SSDEEP:
          MD5:B6C2190FFB04F69D17E935923DD9761F
          SHA1:0C809BFD45FB4A0815FD2F92C2B1393B79426DC2
          SHA-256:143F6A2BCA94A6A047DA741B39931CBCE581B36C16DC5752E50BA743C3316E24
          SHA-512:5960C83F00261750AD1BA8E945693339C850B29A573175630E22AD97A13A0AF2B70D66D61C8B7544B495C423F780A202E400D7CA380DE9EED2579EB356E6B986
          Malicious:false
          Reputation:unknown
          Preview:CACHE.5S..U..y.pv...!......0..76,z....Y....bu...9M.A ..ZS.Y...\...k...9..,.2.8..p.A|kw'+..UV....%U....v?Y.Kgmv....pL..l..b.C..O<..Z.n......IR...HSiT...e.I.......b.%..$c.\..@Z.s.s.....H/..@0].0..A.Gr&..,.z.Tt.N...n['.M...J....k]..i..*..w.m....cw ....P3.Ne....x.....l-.....T...VH.....I...g1....\..k..3,...bG.8c..4...`(j.X.H.P..F.+.=...:k..P.Jh..<.a4.T..wf.....tz<KJ8..i..&...2q..7.t..n{E6..<f..#Y.m....B{t...K....*J.....u..I.M.{.\y ..o...+..k0Ab..v..Z.U..f.M.L%^.....k...].el...D."1.0f.*....f...."..c$.=....i.@...h6vM..N.O.t&x.<.!.1..N[......}.B;.UN8.>./....g.H...y..a....f.."uF7...tXu...b....e"a.U5r*0..).e......v......L..{..V...VG..p..i.8..y...z......".H............/.Tl.....(hyb0.`....*..........:2_.l..\.|...n...t4..Vl.D.H6<..l.7h3........Ky....6.|....U.(....6AbL..L.2v...v.v..'.j]..../....m......\.......}.\.sL...p^.@.r\.pKc.<..XW.....TG.>:&.?.j.Qp.......jc1.Hf.b.7...5C.41b..C.O.B.N..rq..2A..W.....=.).2."...U.*<N....\"X..".......*4.d.[..FAQ]...+...@.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\axXWui3EcbJQ5EbqyMZWmTud9p8.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4070
          Entropy (8bit):7.952152156525395
          Encrypted:false
          SSDEEP:
          MD5:04A0BC896F4011B3406A9B15F342F79A
          SHA1:FB5E95D9FBAD0A5E40E7B5D98541ED19BF930A92
          SHA-256:E8898C1EBF4983F47DB03B051CD15B225BB061C7E28B86E4748AFE26D622A0C8
          SHA-512:0DB9D4741A622A12E853CC7B8BA6F374BD635CF3EED9F7CD459558F1211A58BFC5F31685F16EED599AB835E59572D5FFD59473318ACC42B990EB523134DCE81A
          Malicious:false
          Reputation:unknown
          Preview:var W..P....-.......|...;..`],.d;6.". 2....?E..q..(.A......k..c.=g./.s>h{.w....Q+w.....V.....w`R}0N ...."o.....$.....t........`.\..1/..3.'.O}..............?..}.U.W..m..e.8..e...K+....E.P.........S1....&'....k.\.2Q..nq./"..WO......gY..1ec....t.9..1.d.....<.C....t:qf...xI._E.b..7;n.*_$...da57.EN.g!/7.V.N.`0o{?x..? ]!.2.....Q.5~.?.%1...J....ee@...!....?...%.3..?.#.#.x...q[@...3D....9.LH.......ny.T...5[.{.)w.j.a?.%..r4.S.Z..SD.a...p.@?Z....74F...u. ..q..xbY....vD..|..Q...!.......K_O.P.........m.EBbS.U.O.5O.x..Ig......._KLs.......(.^....-.....FD^...f.X....;..!K.8Ts.c4].*/..M........d..#.sB...RY3w.v...\s..NkcNw..W.g...kf..s.........g....$../.<~j..d4.ED..[B.....C......y............w.1...<..(._)`8.P...g...DI.X..Y..X.N,c.>i@....]G..EW._...H...%.Jk.\q..o}.q.h.:.+.l.S.R.&...i!z..../Ix.<..=.........(....\.K.H..'.O..A.....j.8A..4.....(m....s6<.s@Ft.~.e..?P..e..~....*Kz%....4.T.+k.)C.h.g.f?3../..K{..l.~|..w.z9...'.X..|.......A^.@...1.z.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\e1-xFG2R7U1WW0CqiDQb99OPDgc.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1805
          Entropy (8bit):7.881372776923539
          Encrypted:false
          SSDEEP:
          MD5:A40173B5ED324D838D941413932DEDE7
          SHA1:526C53D361C712C33A772258D7C4591C27472FD7
          SHA-256:FFC87BA11B8EE32FB65B93CE3AFB660958D82CC622245914E827FAA2439CB19D
          SHA-512:D18EC567E96898079B881CCBCE8EB38D1A3019AEB20C9AF5F33613A1CF2E782C52D8FAE687BA8AB0349106BBA88AD9292B66231A8C3CFC8ABAF4A52960CB457C
          Malicious:false
          Reputation:unknown
          Preview:var W..14_.H........E+g-v..U.............CR*...c..u....#..W...s.....D.j..<:.O!?.;...{........nOQ/AT.."..........T..b........q...0..H<..<n_..S.,.O.v.^W.K..+zO.=....=..<"./....%..r..V....<4H(U.N...ub.....[....me93.j....)kM }\.Aj!...&.D.(..Fx..."..X.`.Y2...I......bO..9.4..L^\;:..'....ElC<..6.`...O....L..t.....uAFF........(..9W.N..Q...qC....l......~.AZ..nY.....Q.;.<. D.B...:....<PD.`...\....P..&..H..;..q......{...s.O...n(.....t@.h?...Gq......Y..yY..]./qI.T..<.HM../%9p....Q.Q$.qzO....4,."...Xl.....L"Kr...'.j. .0....3.%;Y.i...#.!.x..R.P(.a.M?.Q.?....k...H.....8...\......#q.X35E.....t...v..'K.-...l'YzH$P.k...2(.Vi}..$C....1S.E hMsB*..v....*U.../B.8?[..9.B.._.....q?`.....p....u<.$....AXr..4..)\m..t0.b..^..wO?..I..._...w...p... ...P...t...)F6R.f..e..+...!.g.UKV..K.......T.*.<..D.p.b+.N.!..b.'..'-..Y....O&.u.0..\..7....2R....fQ.s.....B*+W.........8.]Xer.....V..xF.`....|..j.K....7D....t._.-.......SF.B...v........]...N.K..SVg...].KK.f..oK..

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\f8FI06PDUmw1Zws81nUDYY3bWsY.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):45259
          Entropy (8bit):7.996048570867635
          Encrypted:true
          SSDEEP:
          MD5:C7EF3140FD614172ABC261362990167E
          SHA1:58A98D2118C9BCC26B8F99E7C107A740B3345CC4
          SHA-256:745416EC50F3CFBC9E8FA876313C8B0002D5A19DCF1AF793B86152A240F04A21
          SHA-512:055FA3E3F2005B1CA68BF06854C784A8328134321E2AA9DDB6EA9138E9F377CAE6E8FFEBFCE9CF6E7E28B72E44EEE2F5C28A1D51A7D79BBA5B1470676DB659C4
          Malicious:true
          Reputation:unknown
          Preview:var M...].~.~.o. 3...\...ZGp.0=..c..w.....(.z..w..!{."...0.a...vu.6g..y.\AT.].......o...?LH. |..X.L....P.u..o.{C..[ti{....[L-B....{`4./".K.:.q.............r......Qm]....T~5<;.m.;.......C'Z;....4.....-.v4h.D?...5k.._.<..n...^\...vq....|.`..$..]..YA.y..[...l. ..;..e..FQ....D.....5+.F.)....e(.....l.d f.N.@.J.....3P.\......uk....O.:&.....G...;.=.z....=....=..b-.z..5o...~'r`s....U....RF.i|.....T7._.F..K .u..N...w.5I.'....g|7<jK.W.P..X:.....0.......0<..mLs..........a../.."..2.P4...P.H.B.3u..z..D<.gH.L.M.g...tv..R.k3bV]=%.8...|]D.%.......V..m.c...I..MyZ.:.....6h.4..c}.;..i.Y;...P..8.m54..}...ZS.o#S.+g....<G....*s(Zd..q.cB......_S.....}.!;C.\..V...)........rTB..z'T......,n.......X>....i..UIj,C4BWoKY...Y'jR......V>....^.....X@m....?....}.>.}=.....x.)H.-oY..%D3SW.j..%0P....j.9......c.5F.$Qw}...]..........Q.W.U...v..z..D.....(q.w..E....U....o...|I....=.aoL...^...U.p.. .~A...M..a..[;.G....)e...$..<N:j....Zu..L...n..........d..b@..i;....R].N"=.h

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\h0_ymK9wPEJMicnVALPw5taHcNA.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2224
          Entropy (8bit):7.910177488614362
          Encrypted:false
          SSDEEP:
          MD5:ABBB4E530BC6A57C1587455C560D1E92
          SHA1:D11415C73A88627BF7534D2AE2B4F82617A9C88E
          SHA-256:DCF5BFCF2DCB94246E204CF788EFB6E0D4FA2B75FB3FB37A47541AEE717E2C9D
          SHA-512:42D8A90D5953BF0518074AB9F4390FB9B2357E72F7AD6F8473FB34E92A81D6D4D618D0CF8DA2A683262D6B982FA0595C5BD7DD8CA138ACC5D59FBF24DECC5EFE
          Malicious:false
          Reputation:unknown
          Preview:var W..v.E.4.....Qq...`.Q4LKSkKA. i.k82.h..+.$...o68.........N...#..%&O....H.h.56Gi...i..S4.]n@..g...&....N......h....z..Z~.Q.VB(.<.t..:a. ...#.-..<q...5..A.\.y.e.V~Y.6...z-..Rw.s!a.a:n>.h..........s...k.oK..b..1{..8..k.B).U.4..J.st..dLd...WX.....:.e............\,1.8.....;..&.f8...{<4.`Z...O\.....B.ZG...~..@CN[...._.E>p.hUX.... ..:M.#.D}...7..Zw%t4m...P.....CI/....^.'A....K....L......'.> k.h...Hu..K..<. .)E...~.....nD.r....u..IX$.V<*^...'..1....9.....G.k5.M...)Mp.H.n.N.".K....4.J.u..+..u.....&.S*..l.dx.q..$.n...4p..g./....ba........;@hXl.L.p...f..*H.Z.u.K..v...Nn..]..df..P..v....P...1~....z..Bf....A..t...'..Y7.5..cz...j..zE.....u...m...c..B..34VX.&....~n...........(.1.qf..J1..+m.. ,.....4..>.R...^O...7[.}/.......k..D..E...>..K.JL..@.XC...8`O.7U...v...@..g`......0....I.[.b.N{2..=.V......w.;9[....o..(..-"C.J"att....o..[..|.N5B".....5.;^XQA5a....h.c....~...\.4.%l...'...uk...-].{../.p!..^8....5Npbq'D[.d......V..Y......V.y/.Pz6opx...-..2.=

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\lh0O3d6Fmm9PYPDqG8PqHJ4MS7w.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):71049
          Entropy (8bit):7.9976767518442
          Encrypted:true
          SSDEEP:
          MD5:3A1A735D7BFF3CE0C410D997FBF7E243
          SHA1:619F1F2B923FC52382F3F9E93DE174568A269AF3
          SHA-256:2F0A485A1CB26827D787D9D346E0236967C936519780A24D048798B4D723DBB0
          SHA-512:BF4F04CAEC9A638628E6141130617761A3D472B3459DAD0BEC3D32E4744F2280C4B5A1D62FF9145CD3564736066865BD99FEF3D7F5285D0AB83D47D10FF8206F
          Malicious:true
          Reputation:unknown
          Preview:var _i.....-l...]?...t6y......h.nw..d...4..r..J..U....}.....`.D.HP.:.S.N.k..#mN..."0/.9..../).1...P....Z...%.d...(].3...i......C5.s8.w.....3.TX*(U.lG....c.{.....|J...q...`;.....J2....H,...7<._|...J.^.....K..i.Be...S.N....KM..a.'.1.#..y/..>....BD!.....x2z.......ZB..u......N9.JB[......g..\..m.fF..A5+.8[@..mLS..&.].....r.L.0.UQ...Z.&_w.}u..O.k~...y\+x!.o.f.--.q.L"s&.{1J....9./$...M...a..f...~xe.S.[N...'.Q|..ag.U.u...O..($.....?UB....YE.B..CA:..v...{v/RH....#/...-..8"v`>.zY|..D.v...G..Y....IE.o~....O.%C>.......,....h.TJ...;.g..Q......~...JN..d.8..s..Q.25.(8.....}q...3.$.o..R..b.7..k.....{.....|....:*g..<.2...,..}.3i.(_..eF. K.c..2...1.lw.gd`..?zJ....uS....|.)....n..b...#B.E.+'..,...f..V..vO.0...A/.K0..7..T..JGO ..-.'.....@J.E..7.<..;x.e}L.......DZeE.._....6.E}._.xj'J...*.0.....P..x@H.L.. .Brwm>.l..-..7.a...u..w.7K.?/JE......8....<..~.aFHw..W....TL...t@.#..t.Sj...|D...Y'.t.j.Q..Y.F./[.i#ZU.....ha..a.xcr.H;.".+.fU..........8.4.z.o....5.Jq

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\lpbsfnKE_8agtRF97FH08WFLR1w.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):344389
          Entropy (8bit):7.139644164469412
          Encrypted:false
          SSDEEP:
          MD5:4FB2E1CEF8090E5B653F218C15C52A9C
          SHA1:243EE1C6B1C117127836DE0583920B90F0137F83
          SHA-256:5381D155BE7E9953A569EE953312BCF269843A7CF3F91E7ED845B7251B836F97
          SHA-512:150C51BFD7E55BF464DF3216FDD4ABB740EE5C4C3EFDF5C4946CE7E104CF848943EDADF655F0B421850AAE1493E02F9680D8B00A5DE2A0B56122A9600E2C6CB7
          Malicious:false
          Reputation:unknown
          Preview:var W|......."X.o.0Ck......X|FreZEG...td.4...y...s..bP+d.&..5"9G._\.Y/\.h.kar...+..0..8....(......7zW...>.9..*...:.Q)..2QT....E.....@......n#^_..o..y|.T..N:...d9.e...I.`$.TIS..@.*3......n..l..J3.(Q.<.(....M..U.&TN.o*r.J~...V<'.vj.q-.r!.[.IC4fr.g`.$.4........F.T.;..K.U.Tt.`.!i.&P.;KM..c.^0.DE.p.(..W.4p4N....j,R...xV..9K7...5d..Z|...=....S4....E<...8._.jb..=.p>.<....B.......S.84`5/.V........V...0X.^..,...M9..z......{;........Ss.I??.'.| .}.....|H..*.]....t.A..H4...A\v...u.3...j......B...Q..T._.q......B..N(........?7 5..O.....F....K/.*..?&..v...s....A.m.B72.G.....!...M....].,C]uD4V....S..Vu.Z..........td.O+...k..P.rGO.Z.d.]2.....B.5......\.^....rS.....igzB..(......F'...b.itK{..:.P.u4]=`u....7..Y2.Q).....QfJU..>9)N.......T.V.L...E..0.k0m...S.......__.Gpr..u....|5.n.=.T.......%.9.]'..D..A3..a....RS.w.}.....M.....]%Yf...h..>J....h.6..T..AJ... .X`.-.~.s...?.(X...6..Cd....;.w\s.]f.....>..V.a..$..W.MOTgUc=...`...4......q...cd.a.....p..#

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\lu0mWeI3G2l7mRreeuIGIzuL1cw.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):7794
          Entropy (8bit):7.97710424150489
          Encrypted:false
          SSDEEP:
          MD5:88FC83EFBE693C061AE86A8A6D93A20A
          SHA1:EC5849C86DC0071A66B45B3844EB72646D875D7C
          SHA-256:BD2D7EC0046A4BD061CA5473FCBEDC21816016318709FABBDA5F9CBDEC863EA7
          SHA-512:4FBBB6D69C9A60AEAA8AB5CAFB69B0455796E0CB233E0E9E5110313EDA5C7822C764B5D1F8C750B8BE1E7DD7AD4649284D27ECF8C1E0E25B7718C4ABF8D43BFB
          Malicious:false
          Reputation:unknown
          Preview:var W.ts=..u.....c..H...*..$l....wG/e.y.....{....!V.:A......Kx..{a.6 .....(D.v..<#..]..#$D.\..*..}.L.-Y.U.?...<.....j.0.:.....k..3i....t.E.H.V....m...PTn.(..g.....n[.....|n...@.?M..0!..:.....|.............?.z....u...q.......U.8..2?..{.h.0..i......r...u[........c.B..x.T..<$k..f.5 ~.pi.E........L.1.c>......Kw........h.3.ol~m..(..om.......;Rhk..b.d..TQ.F35.7*:".4LB..x. .............S.KY.5.^...M.I.H...=J.mU..b\..Ukh...S.@...YqFTqa#vX..6w....7....cl.....r..&......Y=j..{.z........s.p."2LK-.....^P.8.Y...<.Dw.Tb.U)...+q..q.n..(0(.4..OuH.U6......|#..h....(...D[....D...w.gxwd..5.=.=.>..'.zs.......A._.7..h.'...qu.VH.lp......E.z....Ej.l...o9..N6...!f...3.4..,w.....G.+.4....V..}..+.x 2Z....XRh......E...._|eEz.0.....@OV..EF..2...B....h.Q.#...%..5.Dgq.]...j.-N.eP..m..6.}..&<....J||].V..|/v[T.....U.Q.....`x.a.H`:..T.......m;....4z....g.)7`pu...f^T...!R....A.r.A:...W..<....[9O...W.M..8.0...]..G...~.....u.J.3.............S.G.......7JQ.....

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\ny8zro4pDGbiNebl2UkdFP3COms.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2384
          Entropy (8bit):7.916806178396757
          Encrypted:false
          SSDEEP:
          MD5:B9BACC07440C4819C4F1AF6D9874638B
          SHA1:0859F4D0907FE82AD29F15CB52581D45F2C887B4
          SHA-256:DFFDC03B890271B024F2CF3159D9D3328933F6A6D864FDF7861C8C734D4011B6
          SHA-512:468E712B4D4E4120A1BFF2A43AA69A6F659D5FE58F0C100D8D867DB3A08DD5FA7288AA5C46911E3C77E0287FF195B52916503419C0EB07D5695046EF1340E2CD
          Malicious:false
          Reputation:unknown
          Preview:var WB....e6.:.n.B...Jv.`......y.d.3.'."q..j...q.aAb.o.w..,..'....~....ee.h[.........x..ei=w.q..Z....*l].0.YT.7....a0+...%x%o-......g!S...O..IU'.......*...CO.o...9.T....v.$...b....L&Y...L6.8.....1Z.Zt....~n.J&.X.a..8.{p.1..?.8....+d....9m4r...O.z....T`...]5.S.k&<.BtW.|....H..L^..8.(...0q..@...[z.....GU.4qy..!.H...... |...d.Y.......v..H.....!...y .......?2.w>.w.BZd...?...8PC..XJ{.b.1.}e.C....&.<N1y.CT.G....A....o".u...K....W..2/j.1.&u.......V7.lSB.^^&;.s<p..q..N..7....(S..o.j.e....[.C.hN....Ox.....9...pG..U.&.F..[..5.$....3...}.au.0...l.'50.gA;~...CM)...U.a...(..s...#*.r..*.#...H.....g...A....eu..D)...!.%h...~Q5k..K...2..k..s.9Dr?...Q\a.VkI.SBro.u?...F..W..jB_.v7\..}.Q...m1..q...z.eq..h.....e..na........./._.V).s.:o.\(g.......a.P.n..r....N9\..v...h].u.n...{...- ...K.......H.....{3...>_&.10%.Vd.v..K...+.[J..4......G.B...E...#U.2..v..p#s3..y.......l..F8(0.0}|..h.a..#.P....?..&..P.........E$G..=...Y.J....P.V7.4;n2.'..-a.e.$?Dk}\.s...vl.o.1+..f..D

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\ocVwefBywNlFIk_znEkIhQTcXYo.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1921
          Entropy (8bit):7.873987242810045
          Encrypted:false
          SSDEEP:
          MD5:D04351769737C46D2796E4E6D324743A
          SHA1:4BD58B330120ECA11FBCCDF1FB9E2C7518B48C6B
          SHA-256:FABA6891FA05D6635E898B16E0EF9288F8832129BF4C9A7D6D97E22241C08FFE
          SHA-512:D255764F9D58CC5A009688FD2DABDC254952A4A3583BE6DE559A3FBB951214722F6E392FAAB4962DD36B0CD7DD80263F982F833D99A6F567E5D1403DDDE35FEF
          Malicious:false
          Reputation:unknown
          Preview:var W)..vu `.#d..W.d.)@...x.Q.......]iAY}. 8....uDDY4..{..$....V...Z9(.Jw..V......YhV".H|J.....,.a...@/..U.*...?7.C......7\E.Q...=V@y".q.Qrd..Q...F.]......L.joV...{.I.s.b].o......}j...\.D 7A.M.c.y&+...b.=.K......a..v.\.w7G......CV...[U.YB..e.7...W..dh.<.|=Lm=..".wY.D...(.b.........c ......?.....S..&.....+..U..C.=z....E.>.hohU2..u..U0..2......... ...v <....|b.j..b...Y..WE...N..b....L8.[N......se../....b.9...r.\.zp.b8[8..h..x }Q.hL2..B.u....n.8h]..$.O...pQ.7.3....A.. .2.'-..z{.:..'!..x&.LC&N...w.=.4......3...U.0L&..<V..Z.<...3...8K.oK.Hg.J.f;"c.t.V......z..Li.......>.... ....8x4..R....P...,..N....9...A.h}.hy...e...z.4..0.6.49.Uc={...H<...4./H.4.....5.+.d.....Q.~..'hc'....p....L....2.w.$.....L.."....|.c.hD).h.c...........CyD.Wm2..c.m......#.KT@OG.@p6K.RE.}...v..\....X.....8......VrSu..T..l...m..L..;.Gq._7&..cI3........8.n....].......d<..OE#P..s..9.y.9>...UkUDp..W..\.......:..t..zdv..0tdZl......nb.W]...sM.>..r...D.....G...f.c..`vr]1.g..Q.C..E.g

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\onra7PQl9o5bYT2lASI1BE4DDEs[1].css

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):67448
          Entropy (8bit):7.9972271933090795
          Encrypted:true
          SSDEEP:
          MD5:97B1C4C4A7A4EE2A2C86EE14514B8FE2
          SHA1:E12AB657362B4F1F4D92BD31216B5DFA3EC9E8A0
          SHA-256:C64593A2D557EDFF960FA1924C515C262575EFEF80EDB14A3FFC0E43E80A17EF
          SHA-512:6F14EECE91C82E001C8BB4D13FA9C52B1FE7EC9E91374E8532682406AF14A76199E612F0A55731A5D14EBF435A2841DFD23091BAA869F74D886575EBD4444BA2
          Malicious:true
          Reputation:unknown
          Preview:@fonte'<..y.=T.Kr..F.@f....k0.......W6&|...;..h.wO.?.n.N...2.r.........F.|........(..|X....\..%."weV".1uiso....OXw...o.hd......^,~.P6.^8>...w.9U.F....y}....a..J.. .........i".0../d.C.".(.-..+.S".?.<0.b....ML.1.1..... .B...zgnk.;iN.J.t.V...d.rp.e._sY.X...8.u.>#.8Se.......t..U....6OB.}.;...VOp.8.~..;...W<..3i..,<(O...>....!.Xb..J:..?B.T&..\.AH..^.a....M"...E....n1.46.H...y....d...j.d..3..5.mu.u....P1..Y...T.Xw.53..."B....q.~....z..-..kF.....O...0..R-......C....@;.....C.h..K.m.c.j...Y..U}'..M..SJ.:....0.T.S.g..U.[.t.P...B..R.......F....../..0...:./.....!..db.p..V.;.+. ~-._Ie.V.O....3F..q.2>..@.FK...P..v.......W.5*@.Q[..=.4.j_..3..e....)2.T.!.(g........\.t._....s.i......Sl....m..s..&4.l..j.E..r4z...kKd.|]#.D0i....].l......n..1..i0...:o.)...$0C..mQ+~.u..(...)....D.;.<..V..p+....w.:.+'.........;....D_.+<..).+.......h.q.....Nn.o....!H..g.3.$F.g......!.7.U.wCm.....S.tD$..N.W...../..c......&S..T.qBf....A....%...gN..b.... ...a.....m..g^Ug..x

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\q11NvYzJks_3Zy5BRKPM9baeQ7M.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2193
          Entropy (8bit):7.908138211198504
          Encrypted:false
          SSDEEP:
          MD5:29BEAD0DBEB214EE43658D7322D70759
          SHA1:DDD18294FE41439077686E90E871D9381E582847
          SHA-256:4124E3FB9B9349CD79C4B0F5A0F0CE76CF5A01853A6A1AC19E6FEE66DC484B5A
          SHA-512:FA6BDEAA761C2FF844CE91B18FEF0D85C5A23A8E6E0158397605E3375A420064EF49AD993A71211D754F7E641395FF95B7DB9F52952DF00D838B11AE934FC5D7
          Malicious:false
          Reputation:unknown
          Preview:var WRy...e...W<^.!...Zg.7.......V..'.K.m...6/..F.PA.B....O.qT'...l_#+..0.......L>......v_....+=..8QHQ^..7o9>...r..o.g}G......F....7.... ...6e..K...3.....5y&B<...B.k;E....H.p.1...3.....M......T..ws..K..S.W...qV.c.K%.>:..).@."OU.....8:.;...u~.!....'U.H...-..T.5M..i.q.k.P...W..].N.o...!...td/Jb.{.../e#i&.......,U.....cP?.0/J.rX....a....9.Ol=0-.....Z.f.(33.^....{..'..U..8yu/x.....]6....1\..9.g.ZU...)..n..|.F.....(!.6.P....-..]..=.-..Q.`o..1Y.J..E.P,m}......aN......?z7....J.>..X."....#.J.-,W....nZ.T...P.R....B.a!..f. =..K1w....~F.7...S"~....@q7..,.....E.rp.0..;..SD3..9.5^....(%....78,.._...=......;.."-.....c&..gk.m.'.... |.:........[.$..[..t.......A..x_J..dB5.PCl.S..}h..T...e..v;...&....n....#.8..........Q...Kr4....>4.. ..g....oM...V.......o1t~4aiM...H...........b.K{...E|..S..\T.j./..~~.S..q.... *~G.Xn|-...Z.\.XW.a9..m...Y.....}.t.3...]....._9.;..+.*M..F.q.yN.}L..h...e.#.M.6Hw.....V....|.O...,l.{.h.;.pp....f...{..g{I.*.....49K...'r......

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\qdqeXxV0K-pUf7kHZCeiMawV6a0.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1649
          Entropy (8bit):7.881107829161135
          Encrypted:false
          SSDEEP:
          MD5:52F70C2CC67537FEAC89CC5101CF1213
          SHA1:4464FACA331E632050C810D4CF08E72B4BE57BF0
          SHA-256:CBE02D62B5E55AA88B969B65C4ACED92D439B23900984C8E806ACB0BE8A95C84
          SHA-512:DFE1BF8D915883B71D8211F79A7C27AD7EE7003CC973CF93165F9878518D5ADD0CFCB26C72D104EE55492688C7219C25464C6DF8FAEFB9F897DC3C533C526FA7
          Malicious:false
          Reputation:unknown
          Preview:var W.k.].}.C.x.F........]/............@...^....r.<............@...,"9AL.d.X...2..W......?Nf|e.L...X.W2w+<MJ....S..ke...p.....?.p.`..waW..+X8.....S......=..4.*.Q.T......a..k-.0......9w..9yk..c+4.]...A..........LJ.g....4..-....q.vr-....5s.`W.3.\q.c..Of..#......!9.2J.?.R0...h..-....y...l.J.D.`?.|.P....Ze9..1Y.\..e[.......mco.o>...#t.....g.......~.v.....Tx...t.Mk.w....,.<o,F.xi.lM...3..G..)......Z..v...s5...j\$..f..j[.M...'.}...B....PA._......!.p.......i?....n......V.Xq.Z..773.OS....R+...H3. bO.....t.m.X...D`.x@..F%>...%....q...,..P..rKx=.,|..X.)h.9...a.].U1^yL.B./..d.uu....S$....<D.>..I1v-:._d.P.*..=_..S)k.....w.Q.M.......F(V....!..h...........U.R...)|N?.}...Y..iv...F........n...^..gJ.=.=?i.S..O....|'./.}s.|.....P.i.:....E...0%.}..Z...`Ao.:...S}.e.........=...;....%|..Ejh..n....#...h.cP*$..._.?...9..z..z}u.%...R...0...=.....c...k".C.$.....p..(..X5D..XlK...,...m.]....&<M.....ZDt..J':L.....J.\.:.d..F.Tn...M.j?.'4K...&_..`..B[.7`D..

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\rUQ8SSsIzKcgb77SIOCfnAbpfB4.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):447
          Entropy (8bit):7.366514860672427
          Encrypted:false
          SSDEEP:
          MD5:00F60AFFAFB0F121C0613345BD42C443
          SHA1:E8E98A6782B14ADDF599571904BFDAFDDB396B10
          SHA-256:5E298DF310A5C82F96984B53ABDF96A3FA7DE3363DB6981E993E00A4E79A93C4
          SHA-512:54A01AF31B7474758F5281DEBE020BB07709705EEABB9FC1A6971FC7A6CFCD8C57315492E221E4CEFDF4F2F2CE847E6207604FE0B37BB01981E1D8E0E90BA83D
          Malicious:false
          Reputation:unknown
          Preview:var SQ|........i>C.PP...LU..sv.\w$>G...IAm...u.c...S.>.?..UE' .YK.lm.$q..).p.O_...#=...../.>..u.g.vx\.......^.0..{.g...-.x.....}.I.f]..r..F.T....G.JV.;9P....c.|.h.N........^T...EOV\s.H.BO41m1:.$....C.vY..W....rZE..d'.al...+/O...:..,Sx...H.fQGO.<..}W9........ C.c..5xB.......G...B".1..*.r.I*.....n.....S...m.......Qf.R}#..6.9... ^..1l.V.x...p.-.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\u9BHPK6Ysm_7E45ERhG9lu3epIw.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):59029
          Entropy (8bit):7.9969140821011395
          Encrypted:true
          SSDEEP:
          MD5:E9136F348938BF0D5AAA8FA089BAA2D7
          SHA1:4F52EEB269E2C9AF69EBF50C0E21BB6683E618D0
          SHA-256:AA57BE98409D393839B6CE8140845F339295B91D9CAE7F13228B5B198F015E65
          SHA-512:D687A62398B04F648C586FFFC54ACFB5100097BE85B3D4E780738464F92FE2D50A8E9431296D8575F77236BDF14608B145B7BE9D919A1F8260B6C0A562676F45
          Malicious:true
          Reputation:unknown
          Preview:var _..Y.|J..O`.6._..4.p-\:.;....$.....O...+...9yr.J.B..Jx../..q.....PA0n.P...Q7..O....g..N...G=t.Z..w..d_O....]Iq.Icz(..p~.._Y.E.IHY).>.}[....M.Z_....n.Y.8.S.X.}..f......j..#..+3$d"Q.-...T.una.(...,4...Q.2..; IF........F.v...e:.]LQ...}.`..).>5.......G.l&qp.p'^..F*'m7WO..X...0(... V...m.A..,.)%....(m.~...0.\.gO..~.".R...P.x.K.y5.!...E...sxO.T.....mW.>./.mF.q.}.sI%s7..-..+r.=%k...R.pL..0..^t7).d.j..-.[..'...;..;..h`3..H^.7g}.sM...."C....2...7...v.)T.......$.."...6..6?GL&..Sh..1.7.....lq..u7..Okc..#L...k..+.i1.Yd4.C.T....m[K...t.......A0.".q.....:fM...B...nGT....o.Z?...?{VR=$....\..[..8.M.l%..d...a......i..P.f.......{..:`.r.B7./%x#....(.m..f.../....u..h!oP.......m0:.x...*l.S2..Ll>..`.^.......%.j..+yqh.....D1.f..~..O`....\/;6.<O`.9...s.c..8.FO......TA.!.....:....2........y...3.D....]T).w.....`.2>Cg..C..9x.f....-=t.9...a..j.....^.P.7....x^.YO&.;.>..md..yb.{....'..S.#hnzO>v,8..o....N...Y.....s.]W.M.M..60.}.$....cD..#......l-......4...

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\uANxnX_BheDjd2-cdR8N9DEWlds[1].css

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):20755
          Entropy (8bit):7.990680069298688
          Encrypted:true
          SSDEEP:
          MD5:38B48438D92E6AC9BA01BA30AFF31B20
          SHA1:5FE9ACD3A8DC06A0739C1F17F84C793E6632603C
          SHA-256:A8FF7B8A506B0577F64917CB00F05C2F626D1ED690A8982F8898C41F50FE4CCD
          SHA-512:0B947C010DA4C3E38796A4B0F2C0AB95B98739526E226D2717D19BC261794C5D03A9722477A1B13C6D1F6AD195CA33A7C4DDF19BB2C898C3B57D45B481650531
          Malicious:true
          Reputation:unknown
          Preview:.sw_p..B`.%...b.....L.1.A.I...q...i:...K?E.^n....(r..._.8I.G..g..$..'...V.+|..A.q...G.....L..."_.qj.. ..E.n.%v.....*..r..^.3`...W;.T....K$.&9.2..b....10...|l.e..6b<...tlQ.`q....Y.j7.V..p_....d./...#..J/.\..9c.t....W....q@....F.>..$.5m..k@d.......n.0.E#n../=.jrN,.u......8..LkJ.(.G.@*..NR.........k...n....T .U..D.S......i.Z.l..n...^...........v..f.~..p......6.T(d.HM..3.[4.x.*t.....kwR4........%.#\.-.B.<....w......h.NF@.....*..4.. ...xpA..V..}...+j.u.\.~Guq.U...wE.,b...xer..Hr.n+.0....\ ..+.k.I.:.....bY.ka..A...........V]!P8..."NB..2$!...N..P.o..9..J......bGHS..r.d...Q.]T..2..O....n*]..._(..t......aa .Ra..8.....}Y....:....q.....-tL@....v./ .'N......1....T.....D".......$A..SN8m.v.z.....s.../.........v.[G3.c/.......+.:..+.....0...kJf.v.6..R.......Y.....P....d..B....-.....c....{.....I.k..fJ.f.@...XC..=o\.4.LtI.s......;..X..........Z....s=..R...U.ZX\.....5{.(.c.~....$..E'....+MS....o..P......]....j?...K..>+....'./3.$.2A..y. ..f...p..=XP.@yA..N.....

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\x9TiBFKPhYF4yOf0IfKaPIf64qI.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):127780
          Entropy (8bit):7.9984824114684665
          Encrypted:true
          SSDEEP:
          MD5:EB78829F63517B9C1EF5D3C7562F8CD8
          SHA1:C8C15D715112BA573D84B162F199A3298BA8B5AC
          SHA-256:48EC27262201DFF24A90E19D2FD4467FD428446112B2E30BDF98F25797FF0CED
          SHA-512:0887E48E2D7E9A00A35171E7182D6A610FBB7657F5B81807BFFCF0D05E86EECF9CF27BD45606D1E83A6B68C18787E71665E4750B2E143B26273C60B7EA57F1A5
          Malicious:true
          Reputation:unknown
          Preview:(func<^..`..p-..W...Q..c78F...Z....\.O..%).........\.pjg.l..f:.....XfQ..G-l..e.'2..z.vt..0..>.?...D.....#....2.c.....#...3.o%."w....."....*u(}.d.....^.U6.......{..R.2..*.M.K.7k.N:5...$N.pm...V...5d.rz.Y..hy...W.\....D.y..+.......~.Qtr.>......3KF.q}...L..h^|..)p5......D.-....b...\..X..B..<.......o.M.x..@~y.y..........:....jC.P.ri.........8...w..I.|z.W..vC.~..j9@n)Xp...(.>u-.bV..4S.~c.n4.=...8...)....N..?%..kz...Yq.A...o..{}r.O~.n...<.).....o+....Nr|/...5ta...7.U.8.U,@b.<b....I..G1...An.no(.F....}q..c..*<f.9...D.....?.8.y..OCp)s....I.@&3.O9...U.j..........k..`"....N. /.!.y.a._...p.v.r0.t......Rub.<..W.#...r..:. )HM......8Q.c...p2...[Q..kzA.6&.U.6J..2....D.X~..(..f.'w=..E..H..../eQ..S...1....#..e.S..oi.3.t....T.....y..#RNP...W..;..:..qY.b..Y0>#..'L'%..i0.-..t..&...m.<%'.......Ms....>..v...u....*.../..o...w' ..>AF.:......,a.F..*.M.S".G$.P6......}.C.a.......Z....a.d..._.*..-........|..._]..... ..47..,.(+C...M.....p.f.....Q_p....".<...)%.2..q...

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\AppCache\LV79ZGKN\11\xO01H2dEYfjtj69ouv_nR5Al0cU.br[1].js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):173654
          Entropy (8bit):7.943371514578722
          Encrypted:false
          SSDEEP:
          MD5:E8D829729D4030D32822FD4A324CB806
          SHA1:5AC96E4D705F0821CD93E0B8BBA4FCCF8AB5BDDC
          SHA-256:758E76061B616C141D93CBC5DC14B1A81E627DF5E2A3D2AC5368074763BB5628
          SHA-512:27984DED80F0855D36CDDD19178AC1F2CC6575FC75BFD831DBD21720673152BC8ED0CB9F0A4E63351EEEA73DB278C6B3D111F449571F9FD1DAEB3D2A04A3BD4E
          Malicious:false
          Reputation:unknown
          Preview:var W..\.wlLy.bc.i...gb.U.....r.=..'6..d8.V.B..r...r... ..,-....~.F....=P.r.r. .y'T.q..C!d.YB5(.....X..`.+...xm.@. ...`oW*....B<|.S....8..@4.\=3..e6YG-$7..E...a..1g.I..?+G7/[:4v.M\......Q5z..6!...~cA.=......s..LV.pYL.]L..Vg...p.E.*1.&4...............+.4.:.:.....Bq;tW....#.....o....z..V..........%MeU.Lq}Y..Uf..:...o~e.)f..........0..._7._.nj.....1..)#.e.#......iH.5A,.d...2...$lV.}..)T...c...Fy....v....z......C....7.>.~..-..G.....8.)m$=.*.....b.K..=q...qhI........a4.A.?....&..6.a...r....%`X3..q d..E|t..G..;*^.~'.,~..i8ico.Y..k;.....w.x...>\.....Fb...Y..UQ.9...L%..8..R.1 .$...U,...rG....'OTZ...Nvi.B..@.<kV.9&~..k.l.{v..sIy....%l.O.O...\....;Q...H..$.q1v........##P..]..F.$0..T....e..9.HN....4....(O......u...H.....%Q..X.v......T..y..~...C..j.jM.l......3<..9..q..t8..s1..S.j.H.me..p.y..;......o.....,k.$:......<...$ku...D..!..k..|(.@p.8...X.O....\w....D1...0..).E#R....3..Ko.......vS..<....2..T\......@k9K_.....6s".b.....?.0a+%6y3...@.u..7..'....#.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a5e39447-b6a3-49d2-bea7-436a496a2204}\0.0.filtertrie.intermediate.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):37472
          Entropy (8bit):7.995851005693949
          Encrypted:true
          SSDEEP:
          MD5:C6DEF23821FACFBF08DCC3033E89F867
          SHA1:6AA0A183B50D5E942F5232AA731FF6CF26426119
          SHA-256:9971F903F95D579F6795E208A3D171EB5C79F5C9355C081460FCAABDB76239B3
          SHA-512:DF6F5216333CC16A2840E719AB5BB96E8482DCA4C1DCE0799B7CE67AD36F903BD8568CA69CF8FE23806158F048102AABA0AA03495BB0A5B0857D51FD2CAB664E
          Malicious:true
          Reputation:unknown
          Preview:0.0..{~&.M...x'..8....S1$7$..8bU.?.r....D..H.A. hh;....P..j}Y.0.z..w.]R..E-.....`.p.S.!.h..3l..N4..>...}......@.N...;.i...|C{.......m..O.D.HG....R......-...J6....ZT..FV...*m..d..*...0\T....!.....g.~.9......j.....<jG..h.T..U..;.@.,......P.dy[......T.a.+...86...... k ....w.X..AL....c(.`.rV.O*Z.4e)N..^...j.!...{z.J..-5..X.{$..\..v0.:.+v..p\..N7(1...#yn.h...&r..u~N..n.....1.KD.......?...).[1.}S.o.......!.>..{0.[..L.'^..Ri....X..V@q6.2...aR...k5W../.i....W.D.d!.^dtI.Y...r.[(.|.a..k...^`.k..Q.9..!I..8..w...}c..aH.....t...&......l.W.<.Q...T.....kU..;..F@...xy....F..c...dPs.G.e.a. ..J.+{A..&..>.Ct.....FH.....c..{.6P<.,s..-.Q..mk....C.B.......eC.,XR..../.|}..b..b.....H....j5.4...)..nVg.[.*.R.....v^I.px....@>t...1.../....({S..x.......T&cJ..I.g#.S9......3..&.ze..../w..y.b6..wc>\\r.k.m.7.0q.......{.[7G4<...>f....L4......f..f...q.."......DH.jW........."YU.......W...g..rR.;<.p.....k0$.....XJ.I?kP".U./.....kO.l7.G.r.j..mmlE&....8.K.i........p..j...ht0.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a5e39447-b6a3-49d2-bea7-436a496a2204}\Apps.ft

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):50364
          Entropy (8bit):7.9961503491592465
          Encrypted:true
          SSDEEP:
          MD5:2A84252E18D0E61E66642D5E7A16F518
          SHA1:13AFA0D7F2DB133E40763FAFD19DC8E5AC20DEF4
          SHA-256:081DB81976658B6ECF857BE15AEFA9E31EED3E889D9805C68F50F6B447CDCD49
          SHA-512:3847A4CCE8DF652E8D4789250339C4ECD1CD8DEC474672C3F7F9EDCE011CC751E637646B247E0A6CA9313DC3D311BC308C867FF3F7911433D6E4055A748D61AA
          Malicious:true
          Reputation:unknown
          Preview:......,O../Cm......."...X..I.J.S1...&....W.]EcZ.\c.ZF....yr..._.t....D.>...i:.}.....l..L.D...P..6...S2.....E..>.......O}Cx..j.~.$.E0........s.-..o.A...R..S........qd....k.%......;.=.D.2....L...p.......O..'..............w..^....p..>.M.....$.h.....qt`..1.j.M>.*....L...*]...F..+..qK...B.y.m...`.....B........5H..$#.Dx8.q......n....I....].A-...}.*.-.Q.CL..~@...`d..jB..I....bn.D|.....Z.&........Y.=2w.T0.E%...E#...p....l.&J.4..~.$..'^f.&...M.Hs.../%.\b......@.lU..g...7.0..E:+B...^%..ry,.+.....H.x.C}V.v..N...Z.G.+.Hr..:fuv%.4d...c......d)..AU...;...O._..M~#_#,......6Y\.yF3=.q6...%..>.Q.2.....K....R2.M#...y........_.....Q....W.`...gjQ.b....".......fv_.....Z.u.=...4...]...........,.D.)*.g:..z.]...K.X\.s...c....E.|..:..!Y..#.C..l...d.........9.......u.6.I.....Tr....%.J..=pSC^.../H.-.F .og........m].*..V4?....'...%........sq.|w2.bg..h.g.p.b<G. ....?..y...e.......N..e....WA..a..X.yNCaZh.,.A...b;.A....C.w.R.j..4"v....p..8op...........=@.2....R.y.....=

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{a5e39447-b6a3-49d2-bea7-436a496a2204}\Apps.index

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1124625
          Entropy (8bit):6.546043364740669
          Encrypted:false
          SSDEEP:
          MD5:FFB9DDF0B63ECB8B565CA202BC3B1338
          SHA1:585178A862B83F220AB8AE975AA8795FA72BB1C7
          SHA-256:5E7BCE68331CBCD5AA55A33828F02317447B08E720ED9852F1736BF8F905B5F8
          SHA-512:9F722DDB073C4EF8A2572362F9E790BC121B160A0C6A78557B7E54BDBFDBBE99037C6048C82F76687C9C373ADAB00B4A762C3D2EDA82A8065B77E4EB887CA52F
          Malicious:false
          Reputation:unknown
          Preview:Ej..D...3+..T.c.74..)e......4......+!.~.^.......7..uS1...-=...1@.{....(.....+p.:|...-R..P~.G(....=......h......=..q..%;6o..m4m..u..'B..j..CT>..x..O*.._.......4`.c.0..k.;..)\..=/.Z.*U..4V.._...x.A].:...H...?.^.Y.....t..wW&.%....#.......Nsb&L.y..{W...'..$..,...3|$.k..9S.J.dA6..#..1z.Z.....w..........u.^.....S..8."Y1.....Y.....D...`.r..(....._...^J..\.F....w..h.....n...S.P.'.S;..#.#.=..<..)...}...@t..,@...K..<...H.J.?.0h.|.=A..L..&R...+.x..c....=..!.n.....)..LV.A....-.UAPP.....Jh"T.d...1..!.7n-...S..@m..II.d..=..!W0.........3[.[vE.~.....dc..K...Y.W!............S5..c......T.LPM%EP.N....%.v#..6..{.a.T......"_^..\pN?.j....V.a+...wk.T?r..(.i.....+G.Ri...GI..`...'.O..7.g...q'.......5/.a.;...I....=-...1I.....f.'..o......aODI.V..E......=C.p....C.K..=zq5F....D7..Un.dJ.fw)....6D.h.4...dE.d.U./..=..Q..-..g..s.5..(".g.oG.r...n...M@$..D\.0M...5y.eC...,..a...T..3j....Ya....q(@.mN).&.(.6.<...q..?dMV.Co.P.2....}~tfn...?.]'A.....e..r.2.n^.2...0..c..,./C...'....t.....

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d8eea0ca-370b-4392-a71e-20684e70489d}\0.0.filtertrie.intermediate.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):37472
          Entropy (8bit):7.9955101190135816
          Encrypted:true
          SSDEEP:
          MD5:D9B6D35B7E87C3DBBD28351A3BA42CF1
          SHA1:C0CD81EBE8131B888360181562940B3BDD76BF1C
          SHA-256:AB3D77EBCAAA598A5BAC46C06C4CEB1AA30C86DAADEE6AC305DDE6252BAF7935
          SHA-512:208EB2F3D1DA431BD515EE56A0460ADDAF7268D701D62C61D3AEAFD071403A5A460DE242250C638F1D288BCE77DFC188229426FD57D3CE274DAC77021D6294C0
          Malicious:true
          Reputation:unknown
          Preview:0.0...xb=T.t....._..r....G_...5T...5R.:);...q..jw...99.V.`..^..w......~....J...+.5.B.Q.`=I.5T..a<..`.............0..d.._KN...$.C.C}... ....>\).V..P\P!.h.....f...X....!` eZ.D;.4.)u....b.....%..E.....h.....C..Q(.*.. ..&.`..L.S..jo...j.:..`......0.F...N..t.cu.w3.j..&M2...=..~p...E.Y...`o.rg....x.S...F...tn.....6C]*>...8|.A...J......K.)n../......2..[.eg...h..au.7}?.%x..T.a.....:.8Q....r...a)....e....ij.@.6..>...w."...!/v~7...*>.{......5.....)......c.]V4_D.........P}xw.Ws].hX.C........1...I.....8..2...d.wc..D...Q........e....gl(.8...=g]..d..e.._......4..5 V4..7.>.......]XZ..........c..e....Dh...O..w..3.\..Bf.m6.hN.6..g.q....r."<.nwqk.$S...||s.......&.$.fpRk.V.g....V....][....H&....?>.../c.U5.(.....dP.......$_......g.(h.m.(..@.<.1.ZCK.j..].j?..x.AL..:%.N...N.....v(..2.d7....5x.I8.&h....nw.d2-|..`........nP...?.9' .VL'....(.hN.*....3.w9..]..].@..y...N....YP..v..#9...y.8.s=#.h...)b...t%%..4..,.D...Y..|F.T...1.P..u.....\...c. ......W...R..X..Ppy..e

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d8eea0ca-370b-4392-a71e-20684e70489d}\Apps.ft

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):50364
          Entropy (8bit):7.996575710895845
          Encrypted:true
          SSDEEP:
          MD5:BCDE09A2A8A67743A15C8E63FF171D8B
          SHA1:1F38A365D7A194D2865F599FC39A79BF7EBA5EF9
          SHA-256:54E772FC97BE67B489E8802A20A6841F1E4D586FD1FD25F843114F65B571B70D
          SHA-512:5EE130E7F33F9900B968412C7266C677D2B437DF4AB7EE87834027559EF2887022773686E215A28090B793E1FDC3D48DA3A4D3B256ED6444881B0F3A9BD1ACFA
          Malicious:true
          Reputation:unknown
          Preview:........w.J..,..=....`-.LW...o...!.6.k.NS.[^...Z/.^.]...'<..#j./J..R........lLV..*..S....h..}.4$\b.HQ.Oo>........b........S..yQ==>cW.`.S.w.nx..&.....*.:..D.e...piQ....91...H.iY..U\.......f4pt...+.n.4....?DD.oy.+.B...XO........_"..a._..+.@X......F...e..I.I...w.)O...8.......m.......sDy..y.#^mA\[...vW..}..C.t.<.P...&..U....@..L...\#..?hx@\-...... ...p..},1.1................+...^..vO...T9>.w.^.........4`f.i.3K......h...y.....y%.}.K.{@....]j;."..T>.9.7........X/.59...s.".y18....|.0.ar......82.*.....8..S..Go...K.b)......Q(m.......>...@.t.e..Gl./.PP.......T...z.bx....".S..u}..k.q...............h6.oH>lj..@.^..7 ....P.|.=......R... ...KX>2.J.65.M...M#W.NTe.V...{.........%G{....L.x.-.*.9:h.W.}Jg.....W.....m@fo.9.d.9...lQ.|.....g..(.,&....r4..%A.j~.).'#.j....`.`g\Y...?.......z.?.(.........n*rQ.iI..`......5G..f......op:K.k..m#..6.......:.3{.....7.X<..BE.?..H.=.y.W.... ....+ .S.Y =.,..8Man..`.p.......n!..75.AE.Y.....+..-}..K.Qp:1.a........H..W.r.!.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d8eea0ca-370b-4392-a71e-20684e70489d}\Apps.index

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1124640
          Entropy (8bit):6.545480526770786
          Encrypted:false
          SSDEEP:
          MD5:6AEADF597B8D44EEAA71DE2256BE770A
          SHA1:447D6B78A53223DB86490C70AD544CD36F26BFE4
          SHA-256:6F8832E36AF99A81130CC6206582C251D0E21569969EE6EB9BCCA0808D3947E6
          SHA-512:C574663F75CFDEA2B38D284C7BCDA3474EBF006FCB8687A014803F96C4ABED0F18C3BA11C37FB76E73092B60B5A70A34862D127756BF1A5475C916C6DE676AAF
          Malicious:false
          Reputation:unknown
          Preview:Ej..Dy.Tu...A/..x...#.(z..yAZ......q.i%.G%t....5_..CR.\.1..k..V.r-.U...c@!.eBJ?.&.m&.A..%.N.&N..T..Nx.....BzP}...4.{N.w{Z\{G.7....B,...b....s..M].-.].oG..:6..@......F...\.........C......q-.bK..m..L..'K.z.|.3.....2!c*|YT;e.'.M..[........W...E.-@1.I.K.|....$Zf.if..s..)}|...!Iw...9..G7e......D'J.o.#G..5..)x...a..j.(bN......'.8..G...Z.^S. ......?...I..U..r...[=....'K.ymX.u.........U..=2T..l..9.|..$."lS...C..~...HW.fM.h.........ai.w.?I.G..l.v.....N.l)...F...#.2|....3. ..]"+............H.A*....y.,lu.....:@~./...~..,.F.07.jr......A.Gx$....G...O...V.X_..=?6.S..K.....O.I......!..Q..R.z.^`x..*.......X.....f..z"..7"..[..8O.Qv.....p_..1.)..u.AB^...{oR.k..'...`.;....@....L.8.[=n..2{..R...6uN....]m...>6.~/...n....H ......u^4.Q.....F*af.2..-....|M....8/.J..?....&.-2n.u.D'.k..@HY&k..|8.Y......$..jf.n".N:cZ.@.O</....S.w...!..Rf..)...0n..`.3.l1....v.h.......X..8...R......z..h.;N.1..wK.{.@U.v....";.N[.G..m6....R#...,...........&.&...*a..Y4nc%

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{b6e2d5d0-7cd6-4302-b3d8-f8809d966acd}\apps.csg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):778
          Entropy (8bit):7.723045623087444
          Encrypted:false
          SSDEEP:
          MD5:2EBF12ACB2D9360B6E8E5C478642D0BD
          SHA1:E21542B07B0A2F0F5910ADC4BE5AD40940CCB2F4
          SHA-256:956FF757E5BC103AA4FDF52BEB457E39346842A650368964851592D7834B729B
          SHA-512:D7C56C6EB7CADF54F242DAB0FE318AE40EE814E649DDBCA18BE3ED5CD934ACD0AD670AE11A9453F42E367DD568C89B6AF1B67312C929F2F0E1D0A161B5431B30
          Malicious:false
          Reputation:unknown
          Preview:.....e..dY.g..Vj...T..ft*86....S.ZbH~W<...`o...D.*Q..0b.\r.....,...~3e.bNMw.A)gt..V...........|.Qz.4........O52.0.i..w.p?M<.$f.R..;Pxh...Z`.....}NF..r......Te../.....K?.S.h......9.(d..3.......A.sw.n..7...G....l...=8....q....+.D.D....g}4.cu...?..~..0..i)...,..?...hX]..>..gB..0..:..0n~.k..(..C.`........."p..J.......P<.~.?...e.+x..]....B.T....R.....L.@.S.S..~...-.1Tl[|.......,...~.....,..}cv......R..z.......X..... h$.34....#...c.%9Y..T............K)......>...x...f..O......... .V...8.F...v.!.........=.....!.....J. .2.....'...9[q.w...b.......c<..k....H..Y.<.0..h..D...,...D.) ..n.C....?F{S......p..mz.0..b...x.f.A}Om....6c~....I.y....NF.U.u.;.1.....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{b6e2d5d0-7cd6-4302-b3d8-f8809d966acd}\apps.schema

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):484
          Entropy (8bit):7.532268766408202
          Encrypted:false
          SSDEEP:
          MD5:42F41A91C68C48F26EB65A58D4D1BFC1
          SHA1:3CD4E2859AECDACF0512D636C645FD1458A12DC2
          SHA-256:88F99CB2D298A48BE7952BC7B1BEDC1810CA10224F84A729C663CA574A70665D
          SHA-512:9AAB1170001526DA41E11628865065765ED7A82ADAEA60084EB50473BF1EC0721EF21C9379A6BA29AEEEED9C3A1AB32E237CE7A14A30289A0EE4CA91CE3AB6D9
          Malicious:false
          Reputation:unknown
          Preview:Windo.ai.z......P.....".&'...o!'...1......++..'.&v+%.].!..#.J.G.) ...&..".2.i...d....f.......]...R....>......,!..s[-..|GF.[j..=4.U.E.7.\....p...Y.3.f.1...6Wk..5....J....Gm.:!..`.E.<Qw.8$.7..a.mN.R.u.j....K..[_...,..v.O.......C..?/C..R..V....0]......pFW9f.3....gQ.m..'.I.d.....h..fJ...ySQ.4C.r>..!.R?.... .C.|.Y.@!F.`.....'.i...6...-w.....pP.....,.G.q^.<..%."I..N.m.X.V.I..j.}y.(.L.t....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{b6e2d5d0-7cd6-4302-b3d8-f8809d966acd}\appsconversions.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1426236
          Entropy (8bit):5.416084281315424
          Encrypted:false
          SSDEEP:
          MD5:A934FB2E4CEDC5878DDC08618B23613B
          SHA1:09046321804DD718BEDDC3DF9716EA10F8AD0750
          SHA-256:6B3D5110429DF112B17EC06542AA99A549652092D01C524CDA76F2824B3259D6
          SHA-512:ADC8C53C939A60A35E71D7C56E3EF7CBBCF0C7256B545188774A3B9E6EF4139D4B6C877841AB9A04284A06BC84C85660D3E44599C8E39828FF1031B04CD98078
          Malicious:false
          Reputation:unknown
          Preview:marke.L.<.4L.N..?...\8.....I.....Rp....3.*...pT..l.\.......rJM...-.(.....=o..7c...X.F...J..H.3(<...?.#..q..UUUo..F..#).%..Nb..d.CgQ...e.....",_...]..>.'=m.........i..E..s..w"VQ........s...I..gGAXpI.+..%`TW.>..4K.0..=G&. Z..e.U.....4..`...F..E...+f........|....K.U.w..L....V9S...|y.C...q.".g.0...l.H..NJ..8(gi.~S..j4>.].2....P..+.(......c.0..b.......~t...pK..dP..S...)....P.g.N4.'.....R........)...(bd.M.6......n.(........8B...In....*..@Qq..-.;..^.r......(....6.XxX.7......8.(.....o...6c .$.Xo'....H6..../..P.0}o.Z/n.^e...S.G.&....I....:.u.u+\.ppA..D`L..|..&.|._...g.;...u.....g...U..]..j|.....8..W..4...oya.J...2.x./..A~....Z.)./{..Z.....0-.W_[2u.~-.........U.......d.K65%(..(....../.@..I...Nj...:...+fS..rN.e.h..Y..m._..y-.hO0.E.......P...Hf..$...."KZr./.o..#W.(A.........v.y1;..m..-._.S.......&}.b...#{)..Z}b...1.|.....D.;....X.......4L.$...Ja.I.....Q.T~.~s...A.O.....$.........7.....<..'.^..M....>7p..?.0.s..9..cBx!.......5..@....`.~(=l.A.F..

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{b6e2d5d0-7cd6-4302-b3d8-f8809d966acd}\appsglobals.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):352062
          Entropy (8bit):7.228817477747327
          Encrypted:false
          SSDEEP:
          MD5:8990A7243770BC7436AB94CEE6561C57
          SHA1:C83644F55AF101FB23138597BF326A7D537A7C53
          SHA-256:C6F10CFBD331B801FA853A89D9D47ECE479F7B91FBC152C052CAED235EED67FD
          SHA-512:38BD699051343A3FE0DB318BEDAFF99F01401EDB0B7FDEE7C267B6467B8A457FF66968DAA72C36980136D7B3F24F88B27940922D89C2E48242C65432FDC95E39
          Malicious:true
          Reputation:unknown
          Preview:{1AC1.u...X).F..*f.D]jO.G....3ztn....QZ.K..t3.1..@D....%.B........$.<..D.D.i,H..)..........B....FS.y....g..Yh&..Z...z.\G..:>....|v..O...V.n.RIH0......X..7..Z.....nE..A..#.....!.H.x....h.]....[..!.o..5..;...$...?K.x.CIr.y_..]ro..aM..+....T..(.:...J..D...K F....5..?3....p..4.x..(Q..j6...0-..j.$..c...E.b..Z.JM.amWHX.....!..#J..U.{4...6v.....G..4...k<^..\.R~.......TZ..j\.r....X...B1T..5..;[+@.~p...Ogt....k..L;@.K.S..`..C...A..`..5]..BH[....AqJs..s..t<.r.).>........w.....N....M..L.@.W.u..i..Y3l...*....p..O..F..r....{.%..V).{...>.E.D.-. .l...$...._.s....C^..4..........bW.y.m.....YB.t.^U.s..z......f..Zt..8..Y..Ww.......gmB....]p...S..:.../..,(W.).$...\..z.4WFx..d.m.9..D..g..,.&.kF.9U..D..Wu...\9.E&.#........c.C.P.-D4..&...+..-..t...Y.J......9..:..e..&..iP.Z..(l....aO,.n...9.. ..2.G|..1..5k..........{.t&k.......v.7..p.0.J..x..:.F.3.."..-A.1&._........9!...k'....:.2......{.6....6......Y.{..[....E......e1(i..UNL._.d.Ff;n.6...k.9....A.IC).P

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{b6e2d5d0-7cd6-4302-b3d8-f8809d966acd}\appssynonyms.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):243828
          Entropy (8bit):7.511708024556974
          Encrypted:false
          SSDEEP:
          MD5:8E4B8C858197763B6BD3346CBB040A20
          SHA1:4E55239A2245B1F97424E9D1EE32C3BFC5B4442D
          SHA-256:90BFA3C17D49939CD7AAE027AA73632C43165FB0ADA830007F7CF04D12C3754D
          SHA-512:B7B8584A48287C305101FCCBE5A2ABA86F8802DCC39115E571A70F61352C71BAF56287099789D7837F7144D2AC3D543DCF07287687A3EF28D9E9A01AFEF4178B
          Malicious:false
          Reputation:unknown
          Preview:*|.*|..V...+.=^.U&5.......Vg.>&....4x8!....e.x.5...x:...s|.....{K\,P.-......-.l.w.4.B.~t....}2b..U...hg./."..e.......Q...+z.x..t.Ly.|%]...j=2...=..+a.%H..,>..1.[...S.Q.._O..D..G.pm....v`...u1...s..{.5...*.):.L.n......Y8...TWNu....>3..l.?9`..\.i..v..p&..n...4{..8C.D..o|....$...&J...P..[..~5.,.2.0.o*...q..f.......m.........?37..[.n.%..X.~..}..'+..F..J$.....O`{ns..*....<6...g.M*E.gP..j.2-?vr....=..........Ai.pM.|.@..;.G@._......M.-f(tEM>[GT.o.sSM...X..6....v:?..?Lvu*.c.N...)...........~.......v.h#..=L..ynM...0. .f...>..s.6|.....h....f..[...l.x%.#.ylnA.[|.n5%.f?nT.....E.Gx.....Da<.....|..I\D......y.e5....../<..r...}.B.h....t..t(..3.M..F .A#........;.....z2..!..BE..#u.@=#.O..UR...fcsP.&..4._...<...6Y.F.v..e.5....L....r.&..l.%..n.#8....C....6.B...9...^..PCVk._M.f..vE.....'.}f%....D...}!..\....vv...f[.......'r...."..O....Y(.w}...7p.......f.^:Fr.^....1.=%..H..K]C...;.Q......S...m9.<.W.J.D..NE..z'..3..}Jou>.it...Zt.....D..?L.9.t.M..;..`S...

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{b6e2d5d0-7cd6-4302-b3d8-f8809d966acd}\settings.csg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):788
          Entropy (8bit):7.691173991818963
          Encrypted:false
          SSDEEP:
          MD5:184B258C70574DD31934DF51A462F612
          SHA1:20608602DAA8525DD30CDB55F19B21D03E2EB998
          SHA-256:33C8F579DB6BF9CB254F708251259E0DF875FA302056EE7151996346FA82F6D8
          SHA-512:2D7340AEF9766FDEDFF716F60205C6A6AC994FEF256890561DBA6406DE7FC9741EC43BBCE2291AAEEB47C6A0534710A404AFCD54C625DFFF6AE6444670DD0C9A
          Malicious:false
          Reputation:unknown
          Preview:.....p.i6.aF\A.O<.....l....b..p.9..J...,d.e~.^..#.......p0.B#....y..i..)q....np.....!,....9..M.....c.....Vp......EZ..7.g....H..b.W<\....*p.Zq......Mo3..A@.XG~..G..~.....1..&.q..OB.iyt...\B.LOU.W...t;........C.OX!.}s.w..k.X.-..x.%....=...M..........SZ+...@.)...&......u.Y....s.v....fk.].C) ..s....<..n.H..h.7..|...?..*.fZ..r!..f....+.l.qK.e...0`@$L.d.s..@....i.,M.G%...s@7..t.uz........b.-..=..w..B.I,.E2.y.........Zml..)m$.%..Zi..I./..DV"X.0..7.........0-m.BtDe*....H...Rj....W...+....pV4.;`...L.i...6H.6.#.=4H..6.r.......7....F.........._)..8...0..&..2..)...I.BS.....,S..LcP....Z..S.a..O.A.........).r....l..#.."..K....z?1$..^.g).. f...8...F..............$.r..S;.(.3.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{b6e2d5d0-7cd6-4302-b3d8-f8809d966acd}\settings.schema

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):496
          Entropy (8bit):7.57091367667377
          Encrypted:false
          SSDEEP:
          MD5:DADA40BEE1EF55A5138DCA695F412461
          SHA1:81369BBCAF4BD20E7B2F0336F4C2B4FC2F1FA999
          SHA-256:699D545D8E68E1BEC2768EAAF9088A82FFC7B013783C24544CB6777ECBCFCD9E
          SHA-512:D735E2DABEB456400F7C3BE7F3112FFD1122D65195797CADA633D7EE834F0894B69C71B5810AFA0B127EE6FA98D3028C093F84ED6CED8C3E247CF934A1DC4BF9
          Malicious:false
          Reputation:unknown
          Preview:Windo.a,.C./.h....S).O+sq&Ms...!..X..tj_.`..N..U.}.U...l......h...y:....rn...8c.F...........'...b^.*Hw1{.....Tu.%8.....vg.D5E........+...x...nB..]...!{?.....<...{..C.."...y...a.RvG.R.6..UkL4YG~GT...|..&s..|..8..]"C...>;......&..<....h.V.......`ZW..J.4.1..e.....R9..2a.:!.(~4s.e;.+...Gq........qL.E>.......|.ch:.$)g...(f..<..[T..7..x..i....Z.....7@.(.Ix..7.......z.S...rF.......V.Y.Rm...P...\...a?9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{b6e2d5d0-7cd6-4302-b3d8-f8809d966acd}\settingsconversions.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):533084
          Entropy (8bit):6.257265434142688
          Encrypted:false
          SSDEEP:
          MD5:8481F9310D98FC69D7A006AC2BBC5D58
          SHA1:FBB7507265E2F4E144D65905926ACA8DE0590C7A
          SHA-256:C793E681F3FBF2E547C30FED1483A16AD2C8EB9A527AC6AAA73CFBB5B5B5DE19
          SHA-512:86A32BF6361476F148248499D5172B71C7E21FFC310A458BD2AF19A860B8234B6346795D530FCB57C1A35AAAEBAA0CE6402D7A745BC5D1A2919CBDABAAA136FE
          Malicious:false
          Reputation:unknown
          Preview:marke.1.u..1...@{.^.v....;.L...[..q.~.xa'.~].n.;..X......!/3@j.6w.X..$..J!vq,h.J.UI6D....h.(.#[...[.....V..< .{Ig..c.f.1.q.Tr...j-DH...JxF.R:..t.!X....8...q.`.)s...L......&.^A.vj....O!.e@.!t!a.F...SJz7.j..q.R........q.E(u..6c.iw... ...I1..^..:.=....W.Z.......T........Y....F....a....Ei.E.KR..FG.qs!.H.#.|..<...... h7....~!.Mm..3G'.0.e.I......K...N.0.,b.!..dl...../..g..nX....Y..2t...?...............?..cD.....r..g\.....z.ro.NL..T...s..`.F...d.[p...T..w.y.......tn.P...rH......B<...2./.X....R..@......E.D...Lf_!.N8:.!..TV.=...8d......w.\.s....,.B...%G..6S&..E....g]..1Z.b4.^.RJ(...q..+V (......._..,....j{]......Ru....'r...D^ry*.gU/......w.X8.w.k:.w.t...`.+..+..)5k..^.C.U....G... .r.......V;t:...+z..S.+.*w....?.....(q.l:O.b.UK..c.w12$...y../..sbD.l...6.*.K.Bm._.....t.<."..us.........~.`.L.....9....\....j@...8.-.F..C@.&*^|.J57.g.....0.+........]w..*.0...].6.;.c.....u.._|e..3..4m...y.....q5.f..+EF>N`.;4wg...v8..b.ZL.7..0..k...G*1.....G..8`6..C3..V#Aq..

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{b6e2d5d0-7cd6-4302-b3d8-f8809d966acd}\settingsglobals.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):44833
          Entropy (8bit):7.995877204691622
          Encrypted:true
          SSDEEP:
          MD5:6B7963DDDEC245EF84F12C6DC3B72FAD
          SHA1:851EEBF587DD5BAFD77BD70523F85970DFF02084
          SHA-256:03B51D36CF510B20118F39594E711FC9A131A451F7B2E02C521287728426853F
          SHA-512:475E35F1305D30F98239E6B918CE025D5270938670027886B11C7D76822B7511C9663F1C9632A007E028A0FEFEC1B9B943DAC03222DDADFB848C283FE5373D44
          Malicious:true
          Reputation:unknown
          Preview:AAA_S.g@:......>Z...(i..5.dK..f....T......BN#.P.&3..~... .H...U....{...........1o....6=E.`).4P.d...0...Dr...@..R.{......3......`x{fW=....I...Ow=4:a.......9C...Jo.r...."&.6.4.a.,..H..7.@....(....:`w......F.R.CAd[..\...WX{....B.f....2.c`...Cu.q.s...E...$.;..F..}|.X...>.... J&....v")q...]c]uWw*.C7'.I*...,J.....l(.h...\j... .8O...]...p.mt.b.B..../........M..k......#j}.Z.n.o.\S^\....=-l]7.,zi.u..X.<......m3K........}"-+.w.:......Q;x.2..qa......A..5/5+..U-...a...G~...[._......6...T.../.48.....7msy4.ys.%=..M}.....<....{.8.7...R.Z...;...I^.B.....N........M....T?...y.8...0.....S..~..f..0....xG....l..Cr.../.gjhM..}.Y.@..!...<oT.a..j.K,.L...J....D.b\vuI..Y..@+a...?R.V.%Bi.3.e&..].e..vt....C$!.}..N&.(.Z5..qt..Ef...L.....1O...d..:{+..(.6.b6..?.2.y+.'5.x.:....t.P.%....T..:-j.B2..4..8.]y3..}..H...o.....H\.......jJ3}1....n%......n...{eS..^..K......."..hx..|.9m.RQ..XQ..s.*..+.cg.u...\...............jK.....R...qy`.Lt.;...3.....(...K.TK.Q.j.m.S.....j...

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{b6e2d5d0-7cd6-4302-b3d8-f8809d966acd}\settingssynonyms.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):104051
          Entropy (8bit):7.998094795330548
          Encrypted:true
          SSDEEP:
          MD5:C7606EDAD55E6EE8E23FE6C7324AB362
          SHA1:BA6ED74FCAA203B0E8DA6B445A939BC456F2A3D6
          SHA-256:0874DB7F06A79A70544D613D796BEB3A7EAC3D0271D903FB4AC7C8F9B1CF7DF2
          SHA-512:09DFFC44696DBDE2C1627B9829FC87FBBC1D1BD1619103D2941933948F5D435676143324419A663C47B9558653AA94BAB30E1992B29B91FBBE95019C1BFE7858
          Malicious:true
          Reputation:unknown
          Preview:*|pri....DS..2....!.Z0....T..P...>'OO.\..U...?Kt....2..%.............6n...t&.&....2.,...P=h..\l...8..W..'2.H7.M.....>.$..m...i...a[.q,.V.....ES.~....=...j.VC...}...2S.R.2.'a..)....p....fF....Dz......2......T.....I..r|2...m..A.....0...g.(...0......(.....f.).I...A.fZ...|......L`.4...$3f..$tC...%^..d....q....f%..[.x.i...bN..L;(L../...9......j4...w.`."w.J..2....-.....h.M.~'../.S...qyH,S.<.....q..C...h.y.royd^..v......x....;.v...@..k.h%..-w..Or..L..H..y...(.v. ..i.b....N.<..[...M.g..?...Z..,y]..........R2..a.u...z.u..........o.........BN.20~...9...|..kW.V..D..'...U&r..ZhuG..v..8.).f...?"q.......Qe.k..t.bD.,.u....\..B.h...5.V.p}.I.......D......jR._.+.R..=E8".X.....2s....'.H..'.O.GH+0_.....S.y..J.u-";....A.J&.#....!.}......^7>.h[.qA...*....}.A...f...v.G..\KL.*3.s...$.]+..|..k..?.fR.c.FX..S``$......Uq..f^.&?=Z.79..5.....@.a..ibY.G....n..!.."[.....6e...T..N.ER.j{.:...a..H...'m...'.|.RG. ..U..`jF.d7&...=Ez=..E.W"})........o....C.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{2f653c34-93d5-49fe-923d-7a89486b82d4}\0.0.filtertrie.intermediate.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):217852
          Entropy (8bit):7.584324806943638
          Encrypted:false
          SSDEEP:
          MD5:E256BA87A57E7F8364C01FD9E263607C
          SHA1:D46ECAAE2C9F12BF9B9E3F4CFE241E9A5E509870
          SHA-256:94EFE305E17175D3F7A9AC948560C568B30BD806E1B2BDFBCCF95D012FC7462E
          SHA-512:91CEFC13F1FFDB32C7BEF531A47543048D92B1E613903133BA631F6B4AA0ECE5B63FBEA6AAB20183E270D1C2374B3DDA46FAD0E67633C978BF565CE395E56278
          Malicious:true
          Reputation:unknown
          Preview:0.0...........q4...r.....%W.U.}G&~......]vI.;r..q.".|.b..~..[r....[..r6.].i...6.G*....D..7XB.mvQ,.|..;d.].p..|H.1..m.(".y..s\.r%.4I..F'.........yEB;.7.4-"..7..?.i.2gOq.Ct .g.\!X..8.~...-..O+......q^.5Im..@%x,.....S..X.<K.......;d..).:y.$....[0a.........y...IP....b.^.&?.R...l.O......<u.L\....):{.q.<6`.02^.B......AX.qW..8a....a..r.=.w..yN|Y..]$.|hl........pa.....L...LQ......sa....X4^....Me!Kp.F.).2.O..K.|..." ..z.*...(..*..F.5.i3.r.u......p.8i:.g._.<IA^.....4. ......!.v....|.{......@W.v.- .H ...z#.87....i.M.2.....a.TN.CbO...k,'C..Z.,....B...Fd...l.'>..v....YW.u.&...T...V...hy"....k ..W.,X..?q.&._s.......v.T7@.....:Ry.....&.K.E,s.h.........*a........D5&..m..8.....7;.0d.w...9kW..G..mU....*f1..P._y0CE.=o..A.?............B?yn....3[.........G..q...#R.....D..J...a..:sC.)6.?..V.h.2......7...y._.x..*.e9..j.Ge.WI...1.\..........=....a+.".=.}...[....E.X.=(...t?.....:m8..l....M.......y.pi..o._.1...-o-..4.i..L'...W..7/.....;..x.V".p.......f..t._...

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{2f653c34-93d5-49fe-923d-7a89486b82d4}\Settings.ft

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):239538
          Entropy (8bit):7.3512255588086015
          Encrypted:false
          SSDEEP:
          MD5:8D0522611654CFF5C3EC4C1068A92017
          SHA1:54CF477017F43C3E21416D4327ACDA6A8104CEFA
          SHA-256:11AE15B110449C2E681CE7E421EFD230B767D9B8332291D002AE1D07E9748EEC
          SHA-512:910D4724B83E3AC54CE8EB0EF58E620EAA37266481FBC62516C74D146DE4B0E3480EF10C0257B12432A3C673C0EB2F0EE7B19E7D7EB69AF19FE40FF81B359E03
          Malicious:false
          Reputation:unknown
          Preview:.....t.........-Z..i.MK.S.<w.....!.....#R^."q<.k9.Vgp:...n|..Zb\....k..g...p)H\%...B....J4...Fq.cma.....o..v..F.B.m...&....a.._.+-G.....kc .j..8...?.^. \e\.`:..>'.G.O.-.y...=(,...G...*>.a.m..B./ihH.gg:..|...)7CF.P.?.EM.!..YB.m}..fT=....I.XK1..xf]^..7J+7.Hf:.5[.!6.c.I.A..2.EBx......s......F..".5.h...kV...6.\Z.........$......{+R..#6.....U........=.o.Tv.j.i.....C..\}.j....].Y.T..P.4...ma..|...._z0t9H..._.....|.G...C.n<\./E7\5M.8V8..ok..>. HG.oN6&...g...Q....U.Q...Q.i?.....|..3..._.i....".............#..*.s...gX.m..E3..hhO...2..>x.N".$.oR......+T#S.}..Pl...g....z..%I.....-...5....`....vL...........o!.?.y1.m...#.A).].4.Rh..W.."....q...+.k.O.it.s.{a$O..L.8..0.1...M.8...6...+...v.z...W....Z..3...d......|.P.........,.... .{UJ.._......!W.)...&{...RD..yv.G4s.\i.~r..j.h..._e),.^...|3m._BJ*..Q.a..lG....N\.c...0s.R.|$.l:.(IKJ.....a.&.,.`u%...G..|..[....K;s..(...O..'.O.....M.IZ.V.....8b.Xh..l....f..}..5..?..}.g..t8*.."...S.....7<E....h.dK9...Ux.......V0,*U.i....!.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{2f653c34-93d5-49fe-923d-7a89486b82d4}\Settings.index

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1482186
          Entropy (8bit):5.65811586374132
          Encrypted:false
          SSDEEP:
          MD5:9132DB4EE1D573D363C6D6BCFAF43E00
          SHA1:086DE896BB7FA85D9805B1F7900F66CEA3FB23EF
          SHA-256:FEDAC4405FBA070F04F26C62388F6A9C41345E1CE05976AF4E04C04CFEBAEF2A
          SHA-512:CCF0935177253F0C4BE9D4587ACD6CBFC589EE05F604FF57CEFFD9AEBEE62845424D18C05F434B40D51B1C40401FF6AB467C50473DD9BD3563383ABDA0E2772E
          Malicious:false
          Reputation:unknown
          Preview:Ej..D#...F.o....l...5S..$..>..OF."..H..|...g..g....e...|.O4.._.:...[^_.*.k.u....42......@.u.~..O.X^....e....~N.......wE..L..Jj2.^v..... .6E...5.4.Ri....w[.q.l.......e...(......A@.s.,.(....6h.M.....D...=.m.\........Z..1...U.';|...s;..1.UW...o.....W....~.Z.#xQ...k1">.a.}..wu.*...JC..c..BvS...)........r.:t..8.Au.k|PX..e.c.:.....[..#c.G.uo...................oY;.Efu~<..3.f}...7.g.Y[..q>.W...c%.l......@.G4....c.....<..>:.7.._m.^..|lt8... .1.L..}V...7..."..Q......(n...l^|.s...P....U... .."..o..&.]..xY.tP.L...$A......,3...f.....qivb...i.S....m....G..l..@..qI.>....../...n<...G.).\..s..}`n...........n.+)..rO...I....'....V..Os^th)].@c\#iKF.}4.....?p... .... P.k.F.H.\.+...3AT......h{...\.T........Y=.7...)...:.S.x..}v..F..m....N........E#.H.V...D..\..Sj....~I..3D...4wQ..@..m..q..f..;.6...;Zo....BK.;.}......P,41V...X.i.b/..s...%.w...(nb0.iu..&Mz.......3..a.....k....JY|F.|.h=..A.3o+...k.~..1#..0x..K>&.@.....FGq.._...z.....b.g...>...*.&...8...)....$SbW...k

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{3c1df65b-e1b4-4534-b489-7dfc2f9d79b4}\0.0.filtertrie.intermediate.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):217852
          Entropy (8bit):7.584211201468678
          Encrypted:false
          SSDEEP:
          MD5:AF38F52CC96B87C3A15DDF0E9296802A
          SHA1:4B589A4CA593C401D515C228794B63EF29436BE9
          SHA-256:EEBAB336031EFE94B4BF7E91CFDCF1FF3F477E1F48E6B279F86470B22D7091A0
          SHA-512:450193B83AB3D2C2929FBC1E0DCA6FA56A12FEC5C546DA721B306E9C1144C69996AC3330E3730F6540EEEACB73F91C6522B8006F4EB83B2D6107560FE6AA6A0A
          Malicious:true
          Reputation:unknown
          Preview:0.0..3...b..k.d...|S.1:.}.ij.gQ{2.g.16h..^......C.m..mTS{*....z.Z4...h....H(.Iwf...N..y...8...m.E.mt.]...U.J..M.1/.@..o...4.a......<=|y...J.h.o..n.2...!...s{T=M....z.M1.}.M.:u.3.!.;Z.!..z.I...........L.]t........:...C........n:~}....@C...[..''B..U0.:....a4U.=....E..Ur.w....a........Pf...m1..h.....:P.m$...q....z.A\...1..S./#....i6........Q.........C#u.....7.I.BC.....j..d.z.z...8...."...s...5Y W.S.)S.)+..j.!.R...V.G.......6{..l.t0t.q5$...^.G.1v.Z...!.5d.W@b^..XO.b6.....gJ...^..-d...$..K..k..O...g..}..ckx'...]^d....<.....J...~.N4m...d.........B#.2.9..I...{.:"..0.k}G.ln../...)..j8!..}....<.0sv.IM0...]l}.SB.XX....Q.....N.'..N^...q!LvO..."qm6..N...Z..v......~J..?.tuh7..V.)Wa....p.<._-m.I...;G.:..[lt.k.s.@.u R.*........d.>....N...~...3X.Fg..DCJ.Z..v.e..N...s..).0.P.....z........sFP..6&g......E......4.N........g..O...1[ .....b...uV..)KT.f......Tm~......}.x.. ..m+l.U...2.Y...u..BJ4,x......b......k...8q.....L..........u..,{....../..Ws.5..>H....b..\E4

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{3c1df65b-e1b4-4534-b489-7dfc2f9d79b4}\Settings.ft

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):239538
          Entropy (8bit):7.352068993394135
          Encrypted:false
          SSDEEP:
          MD5:BE43D01B92993D32C6975D1199093308
          SHA1:A9C870B8D4C363962802F40D6CED929F85574D14
          SHA-256:71CBB38670F6D2262272E2AAE186C374682EFE5EF3523339B9157CA55E256DF2
          SHA-512:9D1AE3E8353F6DF785FCE0A492EF404A498641DC9D86AA6CA8198E527003C2EA79D6FA02BEA8E4D3A40F04741A3D8E625C48DF1BC2F4D0ECDD6D6A7B042B12A8
          Malicious:false
          Reputation:unknown
          Preview:.......l....L=|..}k'.|....Nh....w..2....C1@d....4.y..3..UQ....~.3.d...{C...+#lf.......@a.....b.C....;..?yZ..#......j...5%.".B..%...7..O......=....(x.l.#.M.N.-.;Q.s.L`;}.G...H.....C.......HiJ0...D.X..;....f.)wT....O....jty..0.^.zJ./B...O9+..G...~.u..Y......?.....U._x..1$:t..CJ.......^`......].Q......;.O..~. (.cA.8.i..h..?..c..N..:.i.Ji.F....4o..L+/......I....uP..I.].......?..gZ........k...m.RN.;I..H.L.>t.S..AjWZ{.?.$.....}.....)...?t....:...Nj.V...Y..e|.$8(.....'....@]f!t..#......#\..@.G\.....D....5k....K86.D..^.o.&..C@.?,..a....}.6...JZ/8f..O7.N.P..!.D..}..V...4os.(.p....fXF..c.......So.tm..C..ku([...-.p.nJ8....W,bo"..../...m....U...........q)...2.*.....>.!.nH..B.3n./.z\m.7sN..X...Q.@.#.3....J0}Gj5<..2...eK.. $.N[?..1....{v.[....1H.8O....I..i..K)|..n.)..`.......z,.u.H....j$.;<.....d.3........i..gV...jD.!D.)..ms.!.}..M.@..W...:._dt.H....v...U.l..@e.8N.....P>.A.....fG37..*..E...r.Na!...".../.8......qb-;.Tmh.....x...;NQT.X...,C-Dv.4..w.f=Z.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{3c1df65b-e1b4-4534-b489-7dfc2f9d79b4}\Settings.index

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1482186
          Entropy (8bit):5.658787394067268
          Encrypted:false
          SSDEEP:
          MD5:E25BC9381C1D5E3D8D602B05F945657B
          SHA1:B42059ABD37434AC33A1E18CC5F32F70A795AC94
          SHA-256:8B4563B5DA65C0EE35030590C2B1B969612839768C1C856019BA9A44B95804F6
          SHA-512:7C4235C913DCA5A221F093FDCDD5C59209A3B5F9D39B7CDE97ECEB4758C2AA86BE26D8B31109D8809F84201AF68D5FC9A9EBEB872CE61951947339CE6E789DE9
          Malicious:false
          Reputation:unknown
          Preview:Ej..D....s.j.};%..0].........)U....O.nW..S.O>H.....@.wbt.>{.].(h.;9...0.7./..z..8. ......p>8..o.~........E*........#...........%.'...:..}\.^H...E..p.....y..{.q7)3C...e..J}.z..!.o.1...&`.-#.....,...O.Mu...?.V.....y|...o.'.LCt.r.h....*.........@ ..^[.'...].1....{..(o..BE....i..!.mH./.;.....7.T...o...o{..@.x...wsx`Pu...qs.....u."|..m".....+..x.[k....V<..-..3...5.O.`....d'n..B|......m.WBk.-.....F.A=.GQ6l6@..&^..w.G..(...g..Z...UG.aZ>UEJ.qj..Ra.D.GG...>.V........PB.i.!B[..pg.<......D.z"......0....T....8..Q9..X.GF.m_.u ...%{.....@.[.Ap..._*.9.x.G._.K@.y.;....(...1(....'..r...?.....~.Q..V7..2>..0.=...m..am...)......aG...K...o.....~.}$.6w..@<.GR,.....AI...E.v.1.v.O9..$.,./.l.yR.Y.%.....69N1.j.....L.-.l3}.g6....2.....}....xO./.w.%.w...a.X./(=./8y....(..!`..].:?.e..u...G.....u.P...V......d..S.dC~..mA.,../.p.j..6O......g.6.........^.|.D,....._.tp.-&..#.#*.B.y...ei..5UP.:......2%l............-.<j.y$B9.m.......S..j$....NA.....E.W}.3.^..F/*......Gu..9

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):36656
          Entropy (8bit):7.994434920448788
          Encrypted:true
          SSDEEP:
          MD5:C55A0F27FFB298D72E92A7A7A3822A6B
          SHA1:3D4116CFFA443190840B376C1DCF6AB9485FB826
          SHA-256:81CC41A17D72791F6458D17436BADAE085C848289E95483C8B787AE37BE10325
          SHA-512:0750F5A952DDD125A6E172B0673CB882089A18810D9575CB69F4CBD49CEAE7C7D14E2615992BA2D91AA8C992A4F7CAC5171B091B58C5FE37DA4AA50BFC124CF5
          Malicious:true
          Reputation:unknown
          Preview:.vl#..?c..}b..`...R..M..Pr.rA.V.....Si.^.."h.......6u....4..L.D.}.UH.x.uB] ..(S.y..]Mw.z....44"..l]....u.$.,t.....VY...?.3.-.@...5.-..[.e8V.L)N.t.wL...V......T......)'...Z....O...{>c"........M...X.].uF..h..4S}.j..&........)..._.....FHWA...Mz.....t.W..k...s..I.D'.V.9....,..qm..}... .Y...........=..5..d.v......N.`s6l(.!n.3e....Mv..m$..zO..}....Lk.......=.b.........\....C.....9.>>......d...Q!.....LQ...J.U....Q.x....}. Y...........N.g.#g..{Y.e..V._.~....T.}.".....B..^6F...r..6....lOL..D.q2.[..e..,{..B..l..20A.).....ATM.v>.[.u.D....n...N..j.;0.AH.her.H[.WZ=..i..o..Z..+.>K.y[<.7....f.Hj..9..__.1Y....d.E+.....^..^.c.+j.I.f.P{0I.....W.....Z.}...l.P..I.[,.......#:..w.T.......!O.Qj6.H,.!.nW......x.0..6.A....n..q4ds......{s.J&.F.k.X6.C.j........t....WJ..9../.,..7..#...m...z.....Z..C.PZ.U#S.R...G........+.+...pA..Y[..4..'L>.*~.....'.Nu..mcc..~{...\...S. .}{.).RqB;e......Y..].x..u.oi....D.Q.oR.).%..~O..."|.n.dk.....V.0....'..d.....Z

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.978647562799874
          Encrypted:false
          SSDEEP:
          MD5:5D84345F9E9EF97BB1BC59530E5A150D
          SHA1:921972419866DBCB79356E3DDB247165D1B52CE9
          SHA-256:0EFE00E622D2AAD3F7CA9FDCB686624E6351C44C9D85472ADB90C077F2E48BDD
          SHA-512:42712D8093AAB3D86F07766950C9E3965F438569F91E05A837EA22FDECC5A8E6ECB636F435D6EC7760E74AB409069CDE65FE122161CA87E1C0052E37D1BC3741
          Malicious:false
          Reputation:unknown
          Preview:regf..Ssm.3*..X.D...k..4F.....6#.r..'.....>..A..*...0..]..6...T.A"...'o..q.l.5..j..O.L.c.2QYvyh...;.C&,L..7ApL....4...R.0.}...9c.h...4mW..pmJ..~..;....R..7x...!...b..h.s.'..X..B..{.h..._.e.4.j.bB.2..A. [.U...!..#f${v.g.l...?...y..>,8^..m=.:{..@S.~.a._...N'...4.(........lN.Z....Zt.V......9...97KL#q.I...;..b..D.X..;.H3. a...c.y.y\?>...+... ._..=._7Z...c3..5..*.;V. .."..!......&d.%.U..2..c.(*5.u...Q=.....(.S.<2............l........L)K.w2....J.*.............^....}9n...W.v....)....z..........-...........\.b8./.....=u.B].+.....T........q.Y%..m.k..-.]BCt|...n8...8...da.,..`.8..R8]Q....#..A..y.Qu...j.6b:r....j[..=pp-F..d.R.....V....j..Z.....<...@7..4T.....u.z.,.v....t.y....3. ....L.8*....g?I...i..r...uF...k*.c..\+.M.....jj..K\.U..8@..+.[.q.2.X..:..\0.h.4.?.G..w.e_.&.1.{u=.._\..r.{6{w^..a...(9..F..q.f.....%....c.LE..]..4....j.....o.2..:..P.-.U..k.4|.&F.@.*.6..j??.m!6rS......2.D(b.....>..HvD"~......B`..M.M..P...8.........=#.vx.=u."s.....D......j

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.98146272795286
          Encrypted:false
          SSDEEP:
          MD5:140B064BB092A7C3ED28B8C84B452F5E
          SHA1:5461FFB9EE4153B0D0B4A31F74BC68276879D937
          SHA-256:640BBAAE1B8C27644FAB1458796B291758CAEADA12EF83F9F415ED8A871BC82B
          SHA-512:CF5DD4BFBD76B5CD65F2B6C04403A32834189776196FA016C1D7DDD137A6B68E30069A8F12D3851C298943475F2D3E8122BF4E982514F6A314B02041700E7288
          Malicious:false
          Reputation:unknown
          Preview:regf.|.......G.......I^*>K.....|.]....NC......'....>.*.b..L.N.Y.....Is..IdhW>.:_.@ISY.....?@..Tr.'.J.N.{.Q_'......GOF..iB....wO.....Y..wBVZ.S..#i..Q........?.NJz.W......-..q....#Z.G..)p....G..W...K...z.^.1.........l...........A...v..S.C.|..u..E....)O...1C....7..J....Z.ntS.[.R.....O..S..Z..........|..r.......(^.z.^`..?.F....]...R.f<4C...'Ry*?..f.... .;......+....i..3......c^.nM=].e....,...*.M..o.F.W 3\B5?.fDV...Sb...be..;x....?.BSK......M}[k.$..fW.<.\.6.._........x?..U.m..T......S.5u...H.q?'.....g..?EqIJ;..F.po.J..\Y7....S..&8>.z..+?.......FJ..L.WW..dw....V.../Df...i...&./.Tg=.d.$....J....Qm..m-...U.m|.p,.......if6E..]D....w.-...V.....;...3..D$[D.,..Xs..k..G......O.....^......O.*..t..5.....t.~.1....L.....%.~..M...z..2..UU]k....8F:._..1..'../b....B..,.........O..'.]!#y.Kt.#..e.)Q3`...<5...SY.:B....H..'..dc..a...b..='b2w..tox.).p ...h...z'5...|........T..t7......Ig..I.MM }UF......D..F.].#..u..0.....c..D.u.@.f.4.Rdy.y.0.Ep9..y>9.r...8...khs

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):16718
          Entropy (8bit):7.990313292791129
          Encrypted:true
          SSDEEP:
          MD5:FEFE1D36DB954541E774292DC258AE4A
          SHA1:508C4DA9A38999CD427D908C0837E32C0890BE5F
          SHA-256:C4F5A87ECD9ADCC82857E746277D9402B0DA2D423FCE014C4ED950F424CF8884
          SHA-512:AAB6682A94349B90CCBEC4F5FF77D6C4FBF580B69A875847C7BA0839636DAC6B91488DCB5E064C0030E4805ECA7A302B80399E41DE838F72118FFAE12A8EF952
          Malicious:true
          Reputation:unknown
          Preview:regf.L....V...d...../F...%.lZ.P.=+.....#..4.,.J...ltT:.%.+}.Z..\....n...Nz<[...S...P....t......+...#/-...cy~.f...Y...OM...9.R..`.j.y;.......+O...(.U.\?.......)....u..5.kt.D<....>6i. .i`z...@....3V..."..._..\).aR......-.)%.Cn'.4~..c|.zA...uF......[...Mi......7.n....t.U7|~.Ne2..ZJd.......=D.jy.k$...s~..x...M..c....p.!q/...W.XM...B`v...k...\...0..HM....G..e..VD>.j....[...Qs....)64..y...?H.n..:.~].RR..(...=..+{...VS.~j.|L.........[h.\.7...y..%I....m'.`...W...V..]Q8..9{@8K`..rVKT....Z..c..H...G.....2.5+[..}..............+.q.SE.v.c.b..`/.R.-....9Ss.../..|C...$...w...i.Q5..].=.......t...e....i...."v.C48......z...s.. vp..v...e.w.............v.%.... ".7....Of...C.....P..*qxx...k%`Q.$.....:^.".9...9.......%m.|..%.>YU;..9#!...?.`w...e..f9....#7."g.],KK...A...{...9j.Q<...i.I#p.Z.3.;.m......t..G8.[x.c.M..........6vNG\.....l.T.e.s..k_..E...W.....!....1-.Q..b.7...C.Nm..#."9...N.......V..B.".)..#DU]..3..../.\..T.6.-.~.L.,r.;...q.[..{=...L......kd1...A..

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):16718
          Entropy (8bit):7.988577828764044
          Encrypted:false
          SSDEEP:
          MD5:42FD23D71479DAFF490F0216C17856D7
          SHA1:2D4E83BEBBB92F6EEDEE338AC5310037BF8A4550
          SHA-256:04515CD5DBF9C76E96A3E4A47161B825D1F634EF965D243437F0094FD4DB8CBD
          SHA-512:2C105FAE5E95291141C6E605C1A9B6D59789B399FB9081CB72639AE090680590CD6392A8199F20644FCEE0218E49A24A3C820A277522EA2865405A0E9BBAA23A
          Malicious:false
          Reputation:unknown
          Preview:regf....kg..hECi5}............&(..2@I.ZQ.......8.T..+`.7^.IXzi.}MP..@.....-}...UC..1n....J*D..X.k8<.{....Bl7.z*..ecF........O..."g.R~I.B....I?..I..:=...q{.fl....}f.X.........2...F_H3..~.Zc.kBA$..0....2.J5L....1...[.........\.&...9b.n.7+..L.....r..^....`vs...t..V8....L...Pt.2..*.h..W.V.F...4.b.......H.N_........Y..c9.T..z@..#xq.Q7.c...M+..s.G.I....Z+.+y..J*.........=s...}.w...}j.&o.>+.6..2.F-..G...1...c.O.Z...:..r.q.J.D..K)...9.v.).%.8s.i..'.o......>.&........%..........NW.\.=t...sq.eK.YN|`Ls....H.8...w..\k...h..H.ul.&...h..V.L.....0...)...U p+.-..J....N..Y......?...V..m.E,..9Os8....I....}..%..f.si.EI.E.H......b6.ZH>..K.1]%W.....&hB~..m.|..M.C....O.......e...YW..U.0x...e..1.L......Q.t...^.4_.\.f.G@d~..J(.M5..{?.!..hV...|..^.&.m..K.....&........`.0*....8.G.#8..r...?..RA.......I..X..}.z2.*..L....g.....)5.!+...w..A.{ry>..O|.{...F.u.....4...*8.....f^.qzzX.2?.'m.V...)...4n...Q_W.!...m.U&.6....#5....+.q...<Y#.].J9.p.6.'.F...xJ..R..U0.m..O...iZ..G.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):16718
          Entropy (8bit):7.990386593165641
          Encrypted:true
          SSDEEP:
          MD5:AA104A78058C2610C216A0D4D800A19C
          SHA1:EBF8DA8EA87E90D315DA23EF896476939A818F60
          SHA-256:0E3007F87E0F5B9EA1853ACE7DC0BE56B362BE4585794ABFF7A1D179DA1A8AA5
          SHA-512:EEB2239E43B8F16104CC2E4F5C03CDCEEAC7394E935A8691718E5AE6997297726DCB1C2BD0C31B3278F3293C4104BD1BD6FE5D189E2F39AFB9C785203621337C
          Malicious:true
          Reputation:unknown
          Preview:regf.BG.9.....|.!.J.2g..D.....1}...o..2X..v....'..N...3=>..T.....Jt..Zt?.V..j..F.....Q.....@p..)h.P. .1..8..H5.1......b.h.l1..f...).......R-....i.....u=...q......#.L..U._..%y..U1...9rsu....E...}.(M.kG.....We..].\.S.%.VyNW... ..=.i.s3r.U&.....v.d<3.F.e.x.{@.f.DU...d..s..=(.(..n......U._....I.0fZ.+..z6.~*nLR..~...,~.f...L........Wh.L..c......r#..o@r....oy.aI..k^Q..p..L........P...J.Mz...#E......4?]...e....z....:.Z.X.A.UW.P"...%...2.....S.1..N.S..>.N..{...G.WT1\..E...!l..i...`.S.$.1....W.h.....P<...!....C...c.....b.....v.FJ].C.....G.....V.f....l#1..D...7......^-T2. ...B..~``5.......I}1.F.....=..*.....D..g.....s..+*..M.......q.6.y.q.. .B......+.j.cF.=.@.k..........%..G..U..>..Q.Y78.2.Nz.H..)../.h}1.aB'..t........U.ve...62.f..no9...d~.....H.q pw....nq1>Y .dA#..8z8.P.I. ..7T..."w..M.=.....g.{..6@{z...S.B=:-#.(D....3..Q_....?W0.J...&+S..25.(.did....p..``.2.......V.g......].G.....X.0..~/..(U..O#....O.....].}...a.....G...+T .c.,.me.'.HU.W;.

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):44606
          Entropy (8bit):7.996128145663925
          Encrypted:true
          SSDEEP:
          MD5:ED8B934EAAC0399866D335548798F505
          SHA1:70D4199D368DAA4622D7DA66EF1C6CE2B8ADF2F9
          SHA-256:C0D78690FF6779C08A3689B23EE49CFFF3FDE8A3ACFF2B96AAD6CFB191ECB809
          SHA-512:AE45B7F972BA04855CFB225B5451470206685DFD24B26479819287909C4D1BAFB643D9B02CE3C06F60D4C222D747B9AAA9474D76869437064AB511BB6A7D8555
          Malicious:true
          Reputation:unknown
          Preview:...!..../N.E....1.wg._V...d<..T..x.~..o.....s*...T.W9...l..z...8....n.8..hd9. ....k.7e.../.......b..,F./.w.......#.....OK.o...L..6F...G-.%.q....S.....>.Y_......ln..."."b.9L.9c....-..BW.........u~..CR.)..>....DW.+.].'..$...r}g.tR^..k.u.e...b....4..c.M.e2.............A..6`...s....,(.>...S.e...9..@.S..w-...K..5/.:..r.k.l...eA....5X.. ...9"Iq..iz.J.X.JAI........U<...W....!:X..}.$...V....=.X........._<v.]...8..h...........(.."...G46........!.9IF..r.:T....{"P_%Rxr.Hd...@5..v....X.>..NE...ym..7.L#....?..$...ooC&.{#I.Y....+..=O{.D._.M.l..n.ED...t.5".*...+m"7J.I.<.../...v...."......^m,u....DU?..4f.........=.CI.Z._....Y9.._.m....+F..t..f....GA,^..S..w....g.....2..V.......b8.f.n;wq.Y..e.e..M.8...Zu..."#h.*....i...?..^..."J....1.0.|Q..Ws..C..-.-l..z..R^..~......-4M.0.8CE......d..8.....97.d..N.._<..,.v..V .u+^`..t.G;....R.3}S..p....`.K.T>c.......z.....-.S....h.%.y..Q..o.G.92.y8-...{.<!.s...h.T..~v5.vYaY.M.G..ee..n.a.+......~...(.L.......s*#=W/..C'

          C:\Users\user\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.976549410369994
          Encrypted:false
          SSDEEP:
          MD5:622683D5C65078454896F3AD05E11A84
          SHA1:60314B6174943CCA285BA8E6AEA779051E3E7E0C
          SHA-256:E396F3925D14E1149D6D40C53913190D92E9A891F65CBDD9D5906BE51A5E7C5A
          SHA-512:EB55A18F942C014D41739E0280D952D014FC17369873B32AE8F01C7E80663130B3202A4174CA44F0D30EAC007760C2B3BE0DCDCF9799E206B6A7702F6BFDCFED
          Malicious:false
          Reputation:unknown
          Preview:regf.y.qY.D...Qv.y*.v..1......W............@.......;g....].F.i.K.o.:.2.}d.8N.Ugk...ZZ6;...U....A.J.......aQ{X._..j......w....N.....m.bu..C(b.(~.S&..f.i/ML.<......._...]......\w.d.&....Io.o..j@{..c..A....j....z}.N'.6+.. ...V..Wc..-2......ik..s..tLpj....(.[W..r....WzGor.IN.t<..|Z...4.J.q)...p'...,./.q.T;|?.......X$......S{.o.{..26............{..Pm.[. n.F..._.l#..?..X.d..l$..\.C.T=.VuG.(.....+.=&T..MO..}...M.BrC.s..<.....,.Hb....C~.D*....k[y..y.....kt....u....';....E %....../\.v....Z.c...+....././.Qb:.5nM.J..B.'aOt.W'P.R...6...F2#.1...S...?.n....z.1Q..:+.6.Z3e..Y9o.@q.......o...p1:.:.b. .tf.#v....{*..N..D.y.....4.?h=...+d;.. ....0.s..v.r.Q..-.7../.:8x.E..X..v.t.....X...Gl....c..$.....#.......F|[....R....#......uA...Q....$f.l.....*L.3....(.7.?..E..XS...kY.`...*.2Hm....\.A.."e...Q.\i.^V"..x..S.m.Tp..P..09dPm1.....V.LE.E...o/...W.O.P.@.Or|....~4.....g.!s.l.v.;.r.._.;..m.y.....F|.C..T.EL!...!..>....c.n...0......O{^..l..tXM...g.gf.^.]v..}......H.

          C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.975480732756871
          Encrypted:false
          SSDEEP:
          MD5:3F46098D8202BEC88BF69CAFE0341961
          SHA1:1ACCC0034D274EF6AA996EDC1B0E0F1CCB9DBEE1
          SHA-256:98BC10FC50F9A2E8F00D4A9F83E72D96C7B89A1FD982EC23571161FCCA570985
          SHA-512:6357AF9714092709F69365B88F6B2E5B5BC4F2736E44F8FC2FDF037EAE940E595690E25F2886A3D12D416FDD9DC958D0D69D1B38A0B4B20EB001580F8D0DD19A
          Malicious:false
          Reputation:unknown
          Preview:regf..}..z.....9.r.l}.....h7R..+8........c.k.... .~..R..?]<....F.OFA..@..T)$..16....u.......m..@^L.-....s..."^.v-G.Y.L..h..."f.m w...fT)..m>..c.*YNWT.vS..?...Q{4.&D.u2........._.X2>...)e.Ell.q...N.*.Z.Gh.@`.6f...G].dO%..`.<oP.oF.Wr+...L[s.pb\.o..n..TT.'y1\.'~.&S..s....|..A...-...z.M.?'.....e....../..F........u.r.>......A..B.c.s..I..'.m..!m?.b.d..I.E<..=!0.....{_...."._.PJ._#,r...uJ.%.*|I}.'..;.\F9V"O......x.&.1.6jo.a.l.J..')...]....R.L(.R%..;..p+..{r.......-.U.%(.T&.ss.....?Y...P.J..dN.7p0.........(.>.#......+....;...`=$.*l==,.+...$I.. 9.......dw6/.h_o..K.wS......]$......f..Gn_f.......*....N..O.s[.|....2..!...`..(...A..A...........X.Z.D. L.....pl.Vs.....b,.._'...A{..+.=.._.s:.g(..h.zC.'....T2..-.-.......A......].].5w....R..z3.(.4.|)..z.m.~g.O.w.>..a...+.ed.wP...b......hHi....:.......Li.o...\.$.....asJ.....+.|.....\......l...s........L..;.~[..n.f.Q..\...D.......,..;..3...w...j..........[....P-.......g..U+...xX'F..=..h..J..b.c...p..u..e

          C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977360220181783
          Encrypted:false
          SSDEEP:
          MD5:418D84C3C4DA1AB45EDC406A39A89849
          SHA1:D1BB75253C2DF482E96A9C66B078A5BD56D17BB7
          SHA-256:2A17D8111DD7289C72B9603016F9678889779CB6554321B9BCB4171622C08184
          SHA-512:86BEF2935A2AAE0F33EED69D6DAEFC48F45E3ACAD98979C1A0FB5C511069CDE4640767FD18FA8C181684AB4202F7BCB0E0F400735DCE34A6FA1B5E856EAB3216
          Malicious:false
          Reputation:unknown
          Preview:regf."4..a.K....q...V4.V&..D..J..T.3...@.-w....%.)8......f.M..k..059..jKh...z..&....dF....9ip%...4O......d..F..|8.......af.3....)|2..s<..x`X..A...q...X....g.O....]....$b..T^..~.....8.;AY5B[bJ..7..F.N}$.R..i8..]5...=.h.0R?..!.=V...C..7..,.......so#i..|.t...0...T.c..%...R9.vk.Wc.Cy.ItK.X.^.+ ^.].....A{.pQ..4}S....T.....NEx.&YN.7.....h>..R....>....u.V..zX....l@..y.>je..:...9....5Y@...s:.n.V:;?Z.q;.O.....0....A*..o...........L[.aX...B.i....N./t.....tA..8.-..kx!t}.I.J,..7.....9....(!S.l..".d'lD.5......7Q..e..4.F.9&..6q.g..G.rc..e...=........4..1.?..m.P.x...u.........M4..0$.....z.ZS|...B.)...d.N..}...#s..x.K.....>.'uA.3y........@]........?..*.u......-.......!....e..*..4...w...s2.[.._.... .....R.i.Y2U......U.=.E....~.....'..x..(Y6...pD...CA-/44.@. ].(+...$}.%M.m>..a.-..........4.b.g..yH.fXWQYw3r.....0...iF82..#o3........s2;....|..&.SU/]..p..w......0.q..N.".`.{.fh....n..!K.RE.......U.^2....8p..s..I...~#.L{.r..9xw]s...f.+..F(4X...p.N........^

          C:\Users\user\AppData\Local\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.979893833013663
          Encrypted:false
          SSDEEP:
          MD5:E6826B66A18A2540AF8D15351391C762
          SHA1:749AF846C36A7B8C4D919ACF88A1D704F772C8BF
          SHA-256:3350EB8D51A113B66347D5821C0DB59B1982552D7B98660A83A727C31084B4D3
          SHA-512:A0CAA715B44B76E4EA8C49DD8776670FBB31619AA61D840A20FA723AE9D336BDF3A7A4AB87E38F93C654AEB8CF39920F5BEBB76B2BEF5F74454A6F087B12E906
          Malicious:false
          Reputation:unknown
          Preview:regf.M...|9u?..L..D..y..B..8.....RwDN.4...:...*..v..N..rHv...bJ.... -....Q...Q......%......;....r..NX.)KpO...c..-...].Ry..$3...W.K.......}x...!..oG.;...(...0...M~=V......0.0..C..Uz..7..{..oi..6..xv,.A.....w-|T.&....t.U.$.j]zzm..E_.......x.....6...[.Pn[v..'.Ke.;i..5.....L_`..l.*3.....@eg..&f...q}].....Io.6..5.To..N*.....B..U.........%.6v.._.*v.t..q~7..)..:.*.|..@(\..&A..3.}..m12).v.S.p<..z{.l..N.?(Z..jSl......y.%...=X.AQ.;A1.r..i..Z].=..,k.cnJ.<...I.G......=..n.....O.'%.O..p.FV...f.V..s..s.%...j..Os.i....%...UV....@......T.6.....l....../pC&"..T.bW...W*.b..c.L.2....C.s...F.........r.u..g.ES..........Q......I.;g..k.tT.F.[N.K. hC.29..L#.6h....>.8HTk...[:...4..A..U..8.hz[_o.&t..u....K^./"...zmy..G.O...+........[.....jm...F..8...i..<...pm.I....?.|t.V@.?.~c...l)^3.dhT..-...i.}\...<_.T.ugP....4I(..< _H..<.....ma.Ip>.K.......E....u........w...{....b.k....FI..-Q....D..dh.......*F...U+b8..D.0.w...;S..c._.h..n..(B...{....R#m..Z>.i.-

          C:\Users\user\AppData\Local\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.980324633893108
          Encrypted:false
          SSDEEP:
          MD5:7A9D0CC6365EE757AA3EE32F77190509
          SHA1:67601B3453EC99B94D878705801EBABEB7151AA5
          SHA-256:7FD52857F6BEE7E6B2DD8190698062C8555E765E2D9345510A68FA3953365658
          SHA-512:D6DFDF4D04D93E5CA8ADC1B815262FFEB93B5AE28CC6A860BB7C4F8C26ADF3E8E2087373A36722AE4BC0EC3D2660E6E00939EAC2D34EA012F2B08F77DAD37213
          Malicious:false
          Reputation:unknown
          Preview:regf.....?'.p|...%...#bd.=.:Z...X........%....u........at...KO.......Hb_L.......%.F[...&7.f....l.d.A.,-..L_s.iE....G#...%C.B.H..B.'......<?.h...m..<M..o78....|.....t.. ...x>8.w..f...F...q..u....s\H;,.Z?-...\.N.Q.H..f.....0...;`.sD...5.]|..U.2...m.8T..D...>....l..gx..l7.....4}...{E2J?).R:.+.,c.<.R@.....z8aA>J.>.}..)......Np<.YoP.M............q%UB._..%d.K......2.Nr.[.x....Z..A m...!4.1e./..<....<..zOM.P.....4....l...B..5.fzK..Xs..ur!qs...3..n.@..`L...Z....dy..,~.(.F..x..k._$>....%NNOV.[.C@dQ3...,6.w......K........q*.x.7[..k."s.za...(.....e...&".....:.o.)..|<i.K*.....Qi/.M....2...w..6b0j.Q1....qc.[B....M..x0..NH._....6-..wH/~...D.&j..x._m.I{U..Z..yv.e...|m.w...z.h.!....+.h...Lu....x\....>6...o>..xD.Y....\.7..;.;.)Lt%..../Bg.._n.O$j..._.D`+..-'.+..6%Sz8s.A.....[z.9.1..~IP....K3..J/N......2.........1..k..(e.aC.US...d.......Lf.cf.2Q". ...%0..,I..[6.b)0......q.LN..P...[.*...L.G....>.s........ps......a.=~^4. ..g..J6....c.1O^.......&..9-.*..+k...C;.

          C:\Users\user\AppData\Local\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.97616372952753
          Encrypted:false
          SSDEEP:
          MD5:FC81200A7D3FDD21573565F778BD8BF0
          SHA1:5EB36E8AB36B331BC5AE2CFBBF015592563BC1E6
          SHA-256:0DFCC8EB5973679A06D89AA698DB7E5B7EB95241B9FADAA9EB8061D79A3C600B
          SHA-512:66A6DB595F238B565527B54E2365C4AB47A592FFE1A85DB13770428921D0A9856778489B3AD01F8834FD7F1EF1015850298BE1FFA43B77E548BBC4D3E159D9B2
          Malicious:false
          Reputation:unknown
          Preview:regf..Bl..w.:.0,.#...M.qE.+.D.c..k....}...l....k>..q...@..\.....`..y[!.q..\;.l:*.Y..E.y.S./.....o.!>.$... c-.z7..z.L..U..'....}.. ..WN(.)g.CV.k.v.e..Xz}s......2.U.U~.c#r-X_P.......J..[A8...i8....)....c@.w.uX..d).../...RZ.>z...Tk.Q..]H.J.fw.(...?.x.7...........k..5g.#*.o.....w..q-..`M..3...R.W.`m...:_........4.:....SF....cK..y.)@.....(..)V..bR...o.D...e!...........A..{v..|.....X...,K...G6..)....'.........&.u..|...*|B..u...,h.A0...D..4.GD.......We...AU.}......o2.....83.1..O.<?N;.4.*..j!..6xCk...v. ....n..I1..-...6)c..~.9.....?.+...l...x..{;..h_...b.....[W.O*k..1..w.....G.e.../.Zp....V.B[....mg.u.V...6>...Qt'.\.*.$...>q...b.bv...Y.9.......t.l...V...".A..cu...>...Q...u.y.!H..?V.."...h.(N.k..e..Xci.1.,...,i.S...eJ...e..(a.<.-e.N.E.IK.g.....&...Se...VM..\.#..Pm.n.n....F.....\y..%.?f.8.6.0+.ST..K.G...ux.<.H.T~..a2..Y..i..._.#.......4R.m-...%.bw....w.:..0.i..F+o}.(....B...:..G..9.....!W.qN..f.G.hV..x..:"u.G.......+Z#....:_.k../n..y.Q.....>....i..[.L....

          C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977109016958794
          Encrypted:false
          SSDEEP:
          MD5:00BA03044BD5C06C2135DC37857D90C4
          SHA1:17201A69C7D9367518DF184A70347796331279BE
          SHA-256:9FBA05E897FF7EA1C0173C4608F141AE6A581E20DCA0AE4CE642E24C3570C7F6
          SHA-512:76D30E203E822539DCBAFFFDFD61A91E6B604BED0E2C0ACFA09BC20D9C74FF2A33F78F0CD706A6E5A39D19FA5F256D8CB6807EFB39408267ED52CD88461E7174
          Malicious:false
          Reputation:unknown
          Preview:regf..F:.....Q./...(.q.z=2.0..71..8.w. ..h.R..yg}....^.xu...e.C+/.....z..(..7.......LM.1V..g.A.;.....-..Ob...M.^..!...._.1@.....~.w.w.v.C...N..sT.g....|...%R.k..S.s...X......|$F#cd.......&>'...1.....ip.....>t>..LH'.........>..9.R.K$.@.=...}[v{..f.5a../:..E.h.!.....lTV9.M_7.Q<...C.x.8...a*$K..^I).*%.V.._...Z%QXf <.z.y:i...Ca|....o........h......2.+`sTz..1....d... ?....[.w.]<.&.>.4.yz.=E..]:Z..w...^..1(..Cu..#...!...=..T[...A..b..?M.........S.w9..%i..m.....WA.f.G^L0.....*.M..d.......".'.{....l|....v.wAp...x....o...Qg2.<x.O.m.zaU..d.>.....z....K..$.a..s.'J.......e..s#.7Je..f..x...|.....b.&...[.d.}...a..$Bj..&O...,t....J.X....s..m...+.i./'/u..g.j..9Zy.g.a\P..... ..q..1.D.;wG.\.:..'cI.E..-.C.-.X.+...XMm.'&.G.J.VQV.f......x.....)......t...,....B.%..\=m.oi....u{E..h.%nQ.'....C..RKYW.00<.O.w.4.....f4...N."OT..QZ.u)pQ C...yf..(4O..K"^..G...2f{..;......si...F.}<..m.S-..0.Um).....b.rK...?F.....:U.0.[-..R........_....:'M..7\.#uPW.U..?...

          C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.978795320670098
          Encrypted:false
          SSDEEP:
          MD5:FF2696B2A2858085AF4C02C76668EEFE
          SHA1:46388145375A63098BE04E82D42DE7029862705F
          SHA-256:91A31684306A19B137A58DDD0A64C1D1D60F6CEF5CDA2C533AEC92C31D03859F
          SHA-512:1A22495D2CA6D0C38FFC2ED69674C99351AD193FD30BA8E8AFC1ADCAB087E00DB95418A28F808EDA4FD079E1C8AE967B510FB3289CA584FBE2BF0B26E33AAFB6
          Malicious:false
          Reputation:unknown
          Preview:regf..-..r.........RYe..f.[.Rti..M*.w.v>....+.#.LC..-v1..P..(..A..........y.Okz.+..D....~..!..>x.;.;Q........G.X.V...k..6.m.P.......+..X.c;%7..,..L.@.g..2QD..x.W..;o."...51*2..b.}..vJr.......2..$../mj.R0R...... S....*..LI.......c..r.qZ>.......].........L.d..C..S.......2.c.i.....I.5...q...G.7.W........Fc.._.Zgn..N.E.3P...W.0.f..........2...........'{...u...S.`..+...]..T.....}W{.....Q.W.X..*........*...ZM..M..4D#...{.......v.......)....'QrF......m.].M4. .Mu...u....`...E%*)..0..I.h...Wo...^..-. Z..8........9.E..)2.|......4..?8...&...!.;....0~Hk.F.3.G..y......2.4.|.....sia.c..I.NN..L..\LL"....}c&#..5<...wj.!......z.TE.\...O...v;..V...Q............0...H...x..Z.0..`V.W..'.;./........AM..>..JC4^k..lU..V ..K.]...E.5...z.....;.PT..........L..+.*B.,@.J....Fb....n94..o..U.....z9j..2.........^..'...=..h_ M.P..ln2...L.[..o...#.kA......N'.O......%..............C...........e...F...0.....Y...Lo....<...\....z.^..#....P.q..J.z.NJ..q/0... ..w

          C:\Users\user\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.975713464388992
          Encrypted:false
          SSDEEP:
          MD5:917376310C13E30768D1D8F6D09CF31F
          SHA1:A5967C79077FF40F3F1589DA94CE226C1C3971F2
          SHA-256:80456C0E7966A4CE335656CE3AB1AC53060267B47D1E814921CD48A695E60527
          SHA-512:431CCD70290687D4BAC4D200123E138A0C848E0AD5A98195225423B5C2C3438D23C77ACA81245DF38DEC49C2B82E1512DC0E76FF8820E3FA3973B146083276D6
          Malicious:false
          Reputation:unknown
          Preview:regf..qpI5.Oe.R....X..`...[.rN..?q...k0.../....x.F<4..{t?\$Xe.j..W.;.w.+......o..%.\.y9k...w...6.;.@K[._...H..@...F.C......[...p...:^.B.....H>...3'U........$h:Pv.`..e.M..*.`>.J......b..m..I~,....4.:.2{....y.3..O..Y.#.%F..\.8..*..s..........t....nA;....w......l.o.2.8.`.A...$@B.rZ...m...{.c2.z.Oi....J.~Q...p.23`.W...[FH.....H..+Bt...Q.v..R...S`}6....n.U.&.U.gy7........4....#y..A........|...2)O%.-.....Do...f...j.......y.L..-.......j...*Tm.........vW.$..C..s..x.k..u.=T2...3.sb..y.^...=.....a.....m.j..(...0..g./;...E...l.0.....$...Iw...Ys'.{........(....O.l.D....F.*......x.....'.........j9.7.yeT..#...V.5^.%.U.~"...i....7..2.....r.1x@.o..|^.u-iR._......Eav.X/..s;;....c.zg..5).w.~..;..L.-......K.p@.M<.k.'..t.kSv.+.s.....Q.......D...M..0p..T.../E@gM7..&lN...Q.M%D...........(.<.....".....k....L.;.....;..!..}.=..Z.@....[.....O.v.ux._<).~k.#...b7.D.rR'."..Jv.]..N......Y.f..J..E$X.625..F..7..re....A}.....;* T.u..&.....RJU.V..5w...l0.X(v.

          C:\Users\user\AppData\Local\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.9781156716145585
          Encrypted:false
          SSDEEP:
          MD5:84984A964CD2AB40DF3579FA168FE5EC
          SHA1:0EF0105B5334B842F430404D2C63F63240F7D6BA
          SHA-256:6C78FA2D92D9E1EA8571745F4EF1E7083FB7E60ED7D6C95B7044CAD24B396BDA
          SHA-512:D339E5662DCC5C2034547CD878D92A9826A214DDDF8301C79B8185BC07210913DC7E8A9EA114D91B4A082BE86BD8FB3E8CBA475A2FE3BE257A79FC517D8B6CF2
          Malicious:false
          Reputation:unknown
          Preview:regf.s.N.G....d:.1....;$..F...hyl.>.nKku.V....C......8w7.M.....\`7h.n..9>[..B.s8.H(....v....(.......r.Sz...D.....G?..cy......\.[Lgs5q.Y:...:.....$(I:.......s7.....0.X.E..i..Jx......df...<.5.Yv................KC-'>..W.|.m..f.B.GJS.WRY"...Q...+X..W.|3..q...8.AA,...;jd.1.G.......N.[......6.m".L....V@.v...B....wN..$.%k8.*...l.g...U.%.S..L...~u[.&u...+..]....\b.QY.w.Y.......!e.,BE.v..P...a?.8..%E.........&..;wg.V..J._..."..x..c..A$....|....r.4... .v.V(.$..@...N..{BzFs.9..q.L...n..d.ikF5........`m.C...Cq.\.'.."2........Z..$......g...c.Ss..Fzfk...@....A...<'.6.k5qd"..W...T.R.. .5...~3HS.W(h....A".Y>c.t#...5-.....qX.k,8..5/5.q...b.eN..v{@.*D\.y.3..i)#...a..Y..o.4...*..{5..6...T.f.P.t.p..[....}|..?....p..lc.WS5.+.-...<]}f..^...Ag.9....n?.i.L67)B.Q...@..w....\.H..v.m...i.N.*.bB~..RH..)..>PA.<.+.Z.a..g.+.?+.......bl:.V...5..5......5.Q...T...kt...Y.b..d/..P....,p...KB0$..P....c...I.kBa..eJ7..>>~ /.0..$.Q.I..%r...%.T..'.......A.,R*T_i..E.r{,.....fj..(]$..p.>L

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.978525658380541
          Encrypted:false
          SSDEEP:
          MD5:2C419E26CE6F99AD4F0CB0F3E68D7B66
          SHA1:1E1DCE292391003764291BDA19E729FC9F50512F
          SHA-256:F3B42F319BE2569669FA5731A26ADC9D37DF9886DF331F973B76FBD845EF7F4D
          SHA-512:4875B5156DE006256E77DDEF81CF5C3BD13494D398C1FAAC6E6DA8C528A960F3D0E20396DAF0AFDAA7B3787DA8C12F1C4D9D86D2E3473B83033EABFB292F10FC
          Malicious:false
          Reputation:unknown
          Preview:regf...&.g)...&t.....4IZ!w..W.G.&f.p.S.....J......li#.(..Eq../.%..e..l.....?LG.U.|.f6....7\r....&..zf..I.r...a".`..r.....:`.F...D+.+.Wi!../.vL%.......Ri.m.....%A.......M.Y.a..|....."....x..o....8pa....VU`=[/..7.z...j$.C\.....&.&D..xJ.u..MT.,.xwv..(.......u+..S....R...5........L......Zx......`.t6+.....N..vu'...I-.^..m.:..L....Mt..;..E%B.B..M.v...w..oO.|I....._Y...c.P..=b..,%$1|.l'...r....Y!...z.9...@_......N....=,A.O}...^...Q..l..I.G...b.'...y...).ra.V.....TL[E.`N.m.K..6.....,...F.....?......>.S.8.?.Y..>.|q..X..~A.R.p....y..6"..%.C.U.q 5<.b..`.@.8.3..'.`..E....{.O.{T.J..r.g..NY..]\Qf.d)P.......U..4.#:...z......:w.E.R...4..{....@....O^.[9[...87V....I..]$...<....L.%...d.....+..?..;...).bZ&.q...E.d...P.J...!..x.;q"..4q.B..<.....D%.5...B...r..@...].,..^(.@j..R........]..^+.tdL.q.v..y.x.)..B...N...'{]j.0....s.3=...<v..?`.e@.].XT.t......D|....X..u!..)w`~oS..:.'....HF..)xt.9..{....Z)".....I8.g.A..i..C.h....^ap^....=CJ5C.../.;...3...e.Q...`..

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.975082026074666
          Encrypted:false
          SSDEEP:
          MD5:43A682C0728C93E1352ED87793DDA446
          SHA1:26FB67BF9B6D2B463143B9C6AB5571DAB3DFDF14
          SHA-256:2FC20BEA5FC297E4EF9C719ABC7202743D1DCC56E81ABA5A8680D8FB7CCF0346
          SHA-512:51C37C242552D58D8560ED53DF525A24E49B852E8F62729A93B1674CA42C1FDD8BB5D6FA27B5CC0FF2277EC369D1782BAA4314663B6E40B884115A9D6DE37BA4
          Malicious:false
          Reputation:unknown
          Preview:regf....K.....E.v.....g).I...G..Tt4!...y.'......j....e-u$...P[....t....@IkL.....C,.:.....1#..~w....})........mP..a..m.O.....J.y|e....$M'............i..F}|............I.....-..)..}.+Rk....x$H...g.....,.Q.U.._<.f{2w6#.oO..L=....IH..C.......?c..b...L....(.\. jVt.,..U.ZR....!..l.0..?.......M.1{..d...Oe...\8.k..T..)....F.&.Tq.fO>.......t..T....)P.|..&`.....V..BBG...+..>.Tt.........dy<q......v_e..]Z....o.)..TH...Y..?.........u.~..}../....f.6..81...}.~..-.S<..C.....'8....2_....vF...^..a.`......m."%..g5....5,...9...e.s....W...|...AD;;.S.......0..P,....p.6...kb.<.,.}LsN.6..D..RZt.....9....;.U...a......+..We...*......P....."U..B=DJ...5....%C.`.z..a-....)6..{:]..-A..t5A|.]T..j(....1.y,....df...'`2......a.&..#.|..+.bo.....{.A/...\...I.2....h...=......^.>..%...5...f....7..43fF.hnF...j2U!..?....#.2.\.x....;.n/)M8[.0..{..G`..4;u.S^M..6...~.h..)....%.......K...;.D....tc.0...[u`A.#.0.OH.C4JK....s.]:hC(GMk..Q.K..*H..)v..........<.1..Z7.8..Wh..A.g

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.975286852046637
          Encrypted:false
          SSDEEP:
          MD5:4222BBC83C78E525A50B5D05E0E469C4
          SHA1:09137D36F4CFC88A8757BDC1E1E2504C64E26569
          SHA-256:BD2584E84164BD6E7C7A8200E7C1724B11848788B397AB96346B7ADC5A67ED60
          SHA-512:8EC79F5E19C6DF588658320980BC9B20B9B1DD635531F78B3CDDFEFD247F0B6A6C805C79725D74B6EFC230F18AA8B71A6706546A2D66AF9E90B073992B1B6C9B
          Malicious:false
          Reputation:unknown
          Preview:regf.C..-J.,/.0..$..[.th~.....O...,|RJH20...Ba..Z.}PX].......^H.J.2...h-........b.....G..s>bb.(....~(!I.`....PHy.D=.8...z..i.........9..2{G{4-..I.....L.{..\C.N..PW M.p.#...U.Gm}0...`].T.....`3.&.p.op.3....u~..)...H....d....!|...".9..... ..@..\..E.k.D.'D..r..F...%....X`"~YNW.`.+e./......o...0...u~..]..3}....F@....J...).1>...]D{..y....1)....3..^......s........C.T.[G..]..]..h..,1k.Z...32.Rk.....u.K.Z\.1.|.....v..*.H..p.:#fi...Wp`n.EU...g.)CN..O.../E.....T0$...!..,......z~iK..(._.p...E......7|'$gU......@;.3.~........(.>..m.Y.<.!...0Viw\..w..J}R.9..,.PJ..'A].::.C............*.,.._-...i91...i5..r.I.T._Uk..+kH........-.&/oLh9....^N.E..(... .j.p..-(..yb...,.q. ........1.L.5...Z...(`r.#...p.{8..n.....O.@..wP.y@...I{L.v...b..z.;.=.....<.....nqMwS...9..`g.B.)..%..........u..')F....'1@,$..lI.I...I.....pvI..wl...e.......iT.f....ML.........g...ns..C.I...ql#..8.3|...yh.^_:;..[,..n.L..q..b..P.r..o....$.t#I.....c..\...].Z..."...CQ......\g..4C..b*.d..'R.\..d

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.97477662793795
          Encrypted:false
          SSDEEP:
          MD5:A6386786B28DF080F30B5E3B040B12F8
          SHA1:3C2C2600550E4BCF4DA6CE4412DE5DE6782D2AC6
          SHA-256:BFD145F9A02D647FA64AEC5725F8223F4C97A065B6F14F2E184D79D966818F17
          SHA-512:392DC30BD024F50169CC3B6619251AC5655E3827D2D0C16D62193287B9898D58C347540A699230B5762B6C19E094DB7A1ACD235E46CA4BE92011364273BA9CA8
          Malicious:false
          Reputation:unknown
          Preview:regf...}......o.....UT.?.c...p....7k....^i..<..D?b8.E ..gh. ..4.8.....^o2.4(..b0..%tZ4vBM.{...;9zR..LsKV..5IE.'.&;O..y.I..v....fU.....>...B....~:...D..U.y..d..M...h,...D...|.?;.X..}.A..Z...$kq..F.p+8H{0..(..Cp......>..........OO.T....4_.T._/_.......=....%..I...c...-&-...7..C'~.e...5.......).`..P......OQD..._~..lY...8.)S.xm.....u.Q?. ........',..g....e*.t....)ny"i.6e......y\.0:.'u...;.s....*......t...B ..A7|u%0..g)q...25.Ct}.....\....+......]Z.....$s.9.a...[gw).b.q.H|.X.^....V.S..%.7..j>J..J.!.z.p..g.U....?.....,..76.s...T.4N3. .#..L..i.............!........Q....X....%..Z.....vS._...Q1..7.*8...%.N.fM<I...<p../M.#.\:...33...A.."J.#...|.K.w,@..N...y....GTL.........K.....o..E......&.N.jby|.gW......6"...w.....LY-...W........a7..*.g.....z..j......e`....w8..3...6.R.H.P.u.i.,.f1........c!S5C..i*.../....=T.K....'M)./.......e.X.....<d..F.}......s$..z[.h......6n.4.,Cn..e..T.K.y./n[Bc......<..J.`.S.o.G.......j.......1VR.%B....................`....

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.9804488967971805
          Encrypted:false
          SSDEEP:
          MD5:4B96CC97BCB5AB26940C2E68A15FE952
          SHA1:E43D6F5D5A7691711383AB925D19F45561197F4D
          SHA-256:59364EF35EDEA8EE369BE481C25508DF965E50C5278202DFF0B5AD1BFB694882
          SHA-512:17B8FEB8A4D5E9F772FB4241E1FE14DF1E59225C45E4537B18FCFAE97B858F8B800DDAA3C93B4E25994CE9673E2320BD5B65E9E249AD6F99FA4B142841D95F4D
          Malicious:false
          Reputation:unknown
          Preview:regf....cB.-g.C....%..4...'=..y._.]5).2.@=y....bj..."6D.2.^..x.N.....]e.f.....{...........CIm+&.U&..>..&.C...+.-H0.s.`T....N..*...IQ..h=.t..~50(..79@..+..z4:.....U.=.3.DO1R0A.......|ow...;...9.k..4.. ....v...v1Rg.....AQ>Q..Y(_M..LW.'.6..?.9)....p./..&.P...V..G...s>I|...+......sb/.A..pN...\t..........,.1.e9ST....T..'.I.=...w.g..'.....<$.....g..~..9:. ....C..|..7..>.@...r..,.aTy...,.M*.......h`...q.1.ysO.1.M......[._Q...|...G.R.`..|@j..?.......]..8.c..B...H..c.~;."..F}...s..........qyn...&6|..*.A)A_a.j.+H...7.y...57...l..WGIW.....d...j......;..0.v{.S.Y...."...B. ...Y......@.l...p..N...h...].`.V.e....n.......A.lW.}.L....5.c.......).C....C.r..8R...3..."...&|...W...0PV]f..w*( .S.....1.....0}c.;...t7....;rv.a....7.c\:.....)..4...2..xQ.._g.c....IO...CC...l.......m...^L..q1.nCv....0D.....X.nci1k..........$._..#....R..g...3.muN.s.7..E)..?q.lx.$.s.Q...p.hg........_/..8xx...#R.V4.A.1..xB.rwY.O(+..m."..ar...m=G3..z..@.G~..,d(I.(...............T^...X.S.

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977117727156997
          Encrypted:false
          SSDEEP:
          MD5:C901AFE67584CF561EE573DB0F6C8BF9
          SHA1:771BEC05D6736F9149BFD32AE681DCCAE4B31A4C
          SHA-256:31F804B7E64714F24F96731CFA817810995AB80277311F928DCA2743EF220752
          SHA-512:7D24731625A17277148DDE61E25430542A9F99567780F65BC1A07A65DCA3473CDF6FC57E7A834F44F7641A66C442650B6AC77D6DD0E48778BDF4B55954641E99
          Malicious:false
          Reputation:unknown
          Preview:regf.i!....\......U.y........Y,.o.$....a2..T..._...F.@......T....Q......F....*b..v.TyHV....Vy.f.B..C0V..[.*....ob..%..!.1Z...knF...ldC...v9u.v.2.-P.....b..$....h!(..:Ir.....V....g.b6.0..F....n...s}.}ON&N.j{RxLF..d.,7.....5z.Z...\..7.N..].U.p ~..A..".....d..v......X.'@.V[l.2L$......t.5......0o..\2.....7.A..=.+....V..J....f....$p2f15^..........X..7.$+p.......S...} .k.....-5.hp....R....K.l]..U.. %.5...GB..n....@.&]5_....._<..2..U..8.U.U/I.{.5&..#..z.+.97......@Z..IX.i..R..G.xAyg.b......tC#..?.O.E.={[SC.>]*...]j.5R.%...Vb..{.(.t.T.(th..c.ub.k.7..R.s.D..(&7v..U@..j.B_Trj...*....fZ..._...S5.....b..r:Y..........(_..[......2I..5.....h....Y..X.....-..aor...+.X..b.7ut..]58M.h0..L.U....}.....8....p".Nt..hHq...{5'.....].~.I..Fk.~0[......\...N..z.4Y.5.Y.Dw.0.<p).1.&Y.2...2.$....u..&.{{}X.....-.3.=.F~_..u...EA..|.hSf=DK+.p_..{J..(.{..z..!NdaT......ox....._..F.X.._.$w.:.....o.{.c...t.X.g...N.........D.2.x|`.}.. .M...;..,.w..^H...:K..A...FS2.....s.S..

          C:\Users\user\AppData\Local\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.981083357598761
          Encrypted:false
          SSDEEP:
          MD5:DAEDD80230C047E98508E57228967094
          SHA1:89F9D0BA954C7935CA0E376F2B31C75E32F6649F
          SHA-256:CC9E8D6B6845B001C77491D04D36751BC572E16BAFAB8D0A63E3A5F41A496EBE
          SHA-512:CD1E26AA53B13CFAE594134D040F18C6F792D9F11DEE703C913E3C5736C283574322C40108C94E674B830B8AB4E87FD1A10225B540309A9A00EB3BEA67E4E33F
          Malicious:false
          Reputation:unknown
          Preview:regf...rKo....CL..O ....#.....`......_\'.e.N..q J.>G>K..oF..t.:_...H....t..2J....mb.}e..6-.MGCb[,..R.T....n........Z..A./...~3~/.....0..z.. 1..22i..."R......>.h..5.^...sw.\...t...,..W.s4...H.4. ...l.....t...1.~..kF.8.@.!..L..,./G..`Lw.u.d....D:.@............-9S..0..Y..p..Q...R.IJM.V....a.1g.......Fd..cP.6M..)..Ek.w?E.G&$D...._.....qqW...[F.....TQB.o..'C2..7.}.K.?d5.<....v2@Mk...R...u.x.`f7..K.u ..V.F.......K.H....IY!.Bt.G4..w...."....!'P..*..m....m>....\adJ..U.--?QyxU9...;.4..C..f...2.......Wru"6K0......Q.I....I.....y...%;..T...H.....b..k...e.......O..U.W6.|.98-...K...Xo..[.\..5F.Z+l..m...c!f/E..;..k...O......n..a`.l..O.u...9.A8ay2.SJT...f...Y...i,...r..xn........&.0.k..._Y...Z.gb.......z...x...b]....`.t.b.).mj..`.H...K.qT..k.".....*.IM\.....?.T...?.c-lr..2n.}..%..1....|..<.DE.2\.....D8{k...!/V..4..C..".>..[......a.N.........|.......c....v....z.P.Ro.y."L..h..M....rM.......p. ..83H...4..{).o..5 *J.c......]...d........)..RwAcN.

          C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.980189240192355
          Encrypted:false
          SSDEEP:
          MD5:8452D0B67856B8A6DE4F276043C990ED
          SHA1:4639AC7909792ECE306571F14C59DCA9E50E8995
          SHA-256:419011D4BA740632A19CB4CC7A4086E503D05674A1348AA58FA56F25D3F709D5
          SHA-512:09CA93CCE0E23585363C386FAD9C9BA8C29F221414E6934EBDCF71BCD66E67AA3A66A5798EC0AA9B08B024357FC13914F5025A023E82CC1720A5FC8087D3529F
          Malicious:false
          Reputation:unknown
          Preview:regf..8!.<S..B?...=`k.\.^.HPx.UP.P....@.n...kK.....b.I...*..J.........).^..<s....&l.P....H..O!.I#.G..1.r......{...%,....o....|-PwlY.AP.y...v..[..4|.+..r/....5}..@!ik.1d..;.H<S..M?...C..+..,.N.w.i..1>..Z&).'..~........B...-.F..K...J.e22 K1.a..5..@..Kbf.....R...B..'..E...............T...d..(lp.t..UU.xW...N....7.y..&...~..o.....1.._._r.0..{.K_^.........l.2......"......C...M*?H..|.@....f.@.`..O..+.i.,o...C.p........ao!h}\.+.2.i.n}.f..Cq.s..V...8U.i..5....1..d...`....:..a.+..].......O...z..o....l......%.d....l..... ..s.2..&.....#.%.t..j.O.f.',.C..(.2.V.REZ..Fg.....R..$\.dy..!.|.]2W..T..g....G.. .........Ym..e...L.....h{A..$....4.......c.%.!r0..t!Vat.4}.:..Q.....W.....UQug...jE"....w\..+{.8O..*...@._O..>SX.^.L.. .a.hM-=...#...H..*..EA.f.`.:..}..6aJat.znD....?....eZF...v.5R.o....t...V3E..|\;P.?.b...;......VT.hAe..O\`%....,.{~ J.....]....Du\.-..d..V=:.@*......2m.V.=..p..Z.......?......{.r... V.5..b....aXb.....3.U.=..r=...R..`p..T"d............#"D..n...=..z

          C:\Users\user\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977423595914747
          Encrypted:false
          SSDEEP:
          MD5:7763BB291F95ACBB0788BCC06CC9A446
          SHA1:54D54DC54E608FDED9B5BA801F1BBCC0A49A3933
          SHA-256:79148C7C7451C6D3073C29E1FF31432086D711620AA458FFD9A86D16819841CC
          SHA-512:CEC4FDFFCC33C82B0DBD32B1684B0BBDD723333F154930527ECF4074336395E2D17F12A227FC4C986716B2DFDA8A95D677F49270EF85BAF188FA1B6E5A2608EE
          Malicious:false
          Reputation:unknown
          Preview:regf..o]...z.....N2.19.^..0.......&....K.3O....VT0^......Ob#..E^4\h.D...j#L....}.}.,.Y.F....".._.3..p}.i..|...pY......@#.z.o..(....S...aH.....L.....PN.J_...2..|....&_...CxJ.HZ?..9\...Q.*f...q.).?g.....xr7....7........x;. }.0D......:.....a.#...[....',.'F....Cy9....'..d..o.4.-J........*...X.J...t.C1il.....o....u..7}..P.w.. zB.8i*..2..G..$*A.K..i.J;....o....%#"....w../Z.H.e%..jD.l.A....'.+t....5..B..D"hW...s.'...78.2.....W.K..8.....O>.....Y.*....kw..%....y}....!.R]."K:]..84..y7F...3...d......s.n..BJ....c~....l....f.y..-..HB.#..../.y.0.,A...S..5/.3..y/5.i...u.!{qH\b~*......b.Kh...NH0..9......#.-.m`.0.^.1.&^.y.5B.N.V..%.......(C..%...0x[....b..Cg2]...[.@.'.@...auz%.w........~...^yx.....=....S...;1.*^...i...B{.n.D~.a.......$.ve..kZ.u...b.....n.....\4.;f16....R1.QS.r....?.d.d[C..$8l.5.M..n....;..|.)9...A"..Jz.OI&.*........=:.%....Ai.m..X.!+b]....L.\_k...e..w.;..C..M...7.....^>L.....D""r....{0..`....ixN....No..1~G..L...p...cl..p..*.b.Ix.....u.o_].

          C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.976932424003667
          Encrypted:false
          SSDEEP:
          MD5:BBAB145D4FFD729BB6B4805E193F27F3
          SHA1:70C5775725D587CBA9A583BF5169668CDDD540BC
          SHA-256:2E6877BD5A3BAD330D18CA5E64DDB72EF9BB0D245BF76C614B7CB652D2624BFA
          SHA-512:5A29D7B69D073587B52AC35968E8EE7E62DB49DBCD693003F32A3EAB1279A41F33494D11CBCB045B80EBB7081FD17E95D547A84D3CDE122823F08F7A8978271D
          Malicious:false
          Reputation:unknown
          Preview:regf.....+.M]'..........'...@D.3le..y.R...._{....n.l.i'...Xb...s..K..P.&.U.hqk...M..h.....:q..G..y..Px.#....../....XT.i..B.s......%..:..O.wE..j-..7x......3hbJ.C.#.g..XT..OZN..>.......i..d.H.SQ..d%..e......i..J...EQ.y.... ...S>...$..g.En7R1.3....0..}p..6.lV.X.MP...t....-.......`.T>O.*.T.7.!.N..[.C.....^...8q...X8.#...t..t3M..\...............0...1...X.4...X.D......#..,V/..6...SM$.^.u.9..%~.....[.....z.[~....d.[>....8T..t...%wc}.MG.P..\........R.|.C'o.E.q..?.J..at:d.GH....Ev}n.....9Lu.(5...0G#.......4...wqU....m_.Y...+..f.J6.l.N%....<.H.K..3....tY./2...o..8.V..c.N_...=...'.L!.1....L...s.O}}.-..A....|KR.3G.^..!C...n.b+....l5...h5....mif.qr....E......r..Ji.....9c..Y....H..1.P.Qy;!.x$.!.g....@3.bD..@4....~...*6...`...}PM..[.{.d......"..#...!J`..C.m..b..,...+.jz<.b{M...X.WwoS..XD\.....-.;....K.'...@...$#TCc..7...._.Cvdb.m!..}.TL-/&.^L6.S....V....O.=....h....D. o.. .,eG.....<...#P...N..HJ..........!...I.S.B:W..u.\.4.O.B.Ltw..U.~iwH......1.+~.

          C:\Users\user\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.9739710014837035
          Encrypted:false
          SSDEEP:
          MD5:5AAD4EF76049C16978A55F96072581D6
          SHA1:EA298BB2C7FFF771791A91996F3724CE66C5CB46
          SHA-256:CD1526BB013E376D49EDA9A780AC5E75A74B3CD60AD89DBC36B5239F098128CC
          SHA-512:15F1B7FA9A0631E73B0FAF4A89D5776635700FD227B163AFF32D6DCEA85D42D5676AF34E6DED181EE9924CBAD184E1FF8D8A88537766722B8D047FF986A09F18
          Malicious:false
          Reputation:unknown
          Preview:regf.....b6?...+.Q...+c&...:..03.....e<...L......c....8...eH."Mb.@E:(d.`x.u.....3.l:.t..f~t...^......B)O.y.A..V..H..L)..._...j..&..J..u'.0.1.....F...Z...'.U+...pk......A1.s...y#5..7.u..h..<BSN9;._l..I.D...{FGR*..s.t.....EE?.e.]...m.5...o.....\^^gG.1.^.....J.u.'....WPj..H........E3.d.^^.VV.uEU....o/|......_....G..~.t'/........r6..)g..b..ND..._..(]Im%...p...).7j.(.#u}...?(#.>.....(.%Z..O..r.....5 .V....S...J.\....H....6..."{..W..]..4q!5.>--..^..7.....0R.<.?.Fl.*.-/..u.2(..\R..G..e+..6..R0....d0gmcHE...`W.+.a.._.E........1..VAU.....Q.1...]T...#.....K..]........),.x....+4...._Pg.`_d......l.J.>.c.D.....?...u2...'....f..&l.#...UU?..Wd<...W.)6:.[.W,L..Mh.LG.i..{...A...N.K.......90R9..TJ..}@..R..\..T.~.bjJ.J5|....r6..Cg........yWO&..f..3.....:..:.......K.....q...EL.....H..q..b._..6.Q.9...jJZ.i....@..j....BQ.Z.l.d.".$..R@.J..|l.p...+&.._Y.\.......M.,o.%8,*6......0....5.`......g.:X..q.?.......k....4...K..)......[8.&..u...b&).4.w..o2.5>

          C:\Users\user\AppData\Local\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.98083260078011
          Encrypted:false
          SSDEEP:
          MD5:D865F4838115F4B985DF3CB3D60167DF
          SHA1:CF0E1FE8B0F0589DE3BC355D14652294CEEFE543
          SHA-256:F4358ADE2F7F16FE471DEA5DE500003512BC7A17878DA6E1635CE98020771D45
          SHA-512:FAA9D08D538880EC603D4C68D0B8455D1B347D336AD196E646844AFEB1B1411850F89CB7495DE816E4D1B869264839E92BE4D109206780965EBA997BB07D39CD
          Malicious:false
          Reputation:unknown
          Preview:regf..^f;..h....aI.9.....8CP......,.c.......Z@e.V.{O.'...l..W..A..A..FQ..|.C0.U.}..>;G.g..C..w8.....dp`]..x .s.h.\.@7.......n...z..gS..%y..K..'s..(......)<w...]...2...`..5.......P ..0fW&.:.....?i@.?"..+/..3>..e".M.e......h'^..i.3'y>z5.....6O%.Q.B.0..F..!....Jf/...J..../....B.@=.qHF...t...=...<k.`.=.@}......mYp&..dE.ek..|.LE.t....;....a.@j.,......P.t."._..~..K.N..%t[.#^.a=.#[p.6..(..$...H6v(..........Q{.Y`m./.=...W....!HPd..~....(X...+>.lt...s...Av....|....U.Hi.`...k.Z.. ..X.......Z...c..'........"..r.......L..L2.]cd..gq.).F.._...m.q.l..p ..xu|...Q...t.....@.a..9....m,W..g|e.=aV.?...E\}.._.J......J.=>6..0.....R.<..V............s$?.....Z>...aWn...M;... ...@.84.1;..LO../RJS..h...{..j.#O....... .......n..P.....d./j..]6E....5....."...SO.=.7y..}..V..v.w....}..w.b.5RB.N...B...r.J.....i..+.[g-.%....J~.....!.N..D...#.P.GX.'.}.J..Z.'QmR9.M.Np'.P..Q<... x^Y.>...t....t%.Q.b.L]5..N....c}h.;p..d....j`.^"..[..".......>8...W....+.p/.YMVfA../SK1gO...Y.A^oO.y..

          C:\Users\user\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.97797551167646
          Encrypted:false
          SSDEEP:
          MD5:8EEC95CEE9AD3CE1C516795A086EFBEC
          SHA1:3F68B44547C953CD5146FE196B65DD544412BB35
          SHA-256:7D2932B2E3A3D23214BA57720AAD37C884D4AB1219DB3EBBA8788BE607B3E061
          SHA-512:D4785F332F3CA85C00960FD6E2EEE0C74F85233DC3364D6B46316701543D8908AF57CE36BCC008DEF21F6EEFA7722E272F2646905DA8193F088EE60114BE4C2C
          Malicious:false
          Reputation:unknown
          Preview:regf......I...x..x...r4.....q.......#.5....n^"..SI.....]MI.....C............b5st...";.3-i...R. +z...J!....f..}.:!.=..:..'.G.t`&...!....(....>...ZG.U..?m9...U/..............:.KA,-..z.0..+.t...=..g.qp5^b.s.=.5.hy..E.\b......u.i...'.....!Y.uv.!..~..X=1...82....9<Af......$[.}..s..3.IE?...(mo..-..zP....p....ME..$1..|...E..);3..T...m...K.......K%._.18.A%.?...f.).;....a...Ex.>.HD..U./.%..C7C.".no.p.s.F..W.<v.........k...*.....2\g......Ms^..lG...X.......}6_.h..vd.[..[.........."...v|\.N..K....5=..!x.)w...f..V...."*.Z.s...:d......iET.I.'....d.T...MhA.._..u......B.oN/.U..%s."cc..a.AJW...H......L.6.....m.."&...3......d.ST..~D.tH.\.s.v.4.".l.z.`8...g.....[y..)m.. .<.....A<..\..m.r.V*...w@....b..u..+.:f.:....[...s=ugOs.XO...>k.....Q.a.i]........}/./...[.C..9c....a.Gx....5;.!..f.&.....0..l..%.o.....Vx.3.........44..M..fn....NR..2.(V\.)".b.V..3Y>.L...eN.x3.....O?/6i..g1eA........>1......p.~B....'.V.......l....L...).Q.:F..j.t@*....[...ES..

          C:\Users\user\AppData\Local\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.982765971884622
          Encrypted:false
          SSDEEP:
          MD5:0036319B91772117750CC2968720B9D9
          SHA1:79FAC8076BAE079F9CE56EA743C5C373F65002A8
          SHA-256:A193D5884C78F5BA7EF206772F6A4657525DB9A061F183980ED7A9039E5CB81B
          SHA-512:CE42ED6659FA9B4C83973424DBC4D76FE31D2D4BDB6974683E2F41C8967F3DB1843A54FCF175060AEF245ED08CB70A5110CA796C0210F6AFF0227B95568F2E9B
          Malicious:false
          Reputation:unknown
          Preview:regf.%......_O/.2.n.0.......X..w.B.~l.9...........It._|.}Il...*A+...j.,....>...xR..,.+..@.....l.tK.....q"4.v..hB....#'G...^..\N."...,..FK..H.S..,..+...p.._/n#...9..*...O@.S..k.q..-o....._..?.0.~...23../.R&Z......f7.~...H.:...B...Sy_.....>]`2t.iH..J...cC.......pr....B.W......q....d.f<.I.......c&.`Bv.)QN.+d.y..r........;v..d..8..#7...;.m3.R.MS.c.*(J....YL...r..S............9.Jo.U.N...#p..Y...1...MI:..b.b..,.-..Zr!..tP.t....w.. g......iE<.M...5....K*..e\a.Z.w....+.6....uqh....l.~]......p.l.......v.o.V.=#3?..|...Q.....!mep.$.x......u..IK....A..r~.......\.....&qr..[mN......z.A....y..sQ-........y....P.4...}...h.^Az.0....[.~...q.e.|..y...{.....d.JR...+....1.<E9.t..u-.{..U........R...[.^...iGa.7....1..w.H ..[8E..f4.0.....}+.....L..K.V.......\b../....w..-.Y.D.....D.C.].7CXJ`u..4.(jw....\.....MZ......0...<......`...d.;#^'..aK..;..M...A.8&.......U.V(...1k...%.lg...5&=....l.Kv...h..1g.V....!..y..4.d5.O.$......V..~....[~!....l0v.-W...

          C:\Users\user\AppData\Local\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.979447402410045
          Encrypted:false
          SSDEEP:
          MD5:D971D75A99B5D22EE21CCB54E5F8677A
          SHA1:F352ED264939146518E49310FBF5171F839431B3
          SHA-256:6E0CE3E93FBC62B71BF5DA7CFAC87987E25E19390E69119A985E3744433840E0
          SHA-512:BDF15FC53A22C0C6C1876DE30DBFCC04B3BA5A72DC8E5C5C954B2E3BC52426974B1AAED8DD1ED155D7683D9B7BEB315DDF8BCEA2F4D8486E412B38D0CEE76A44
          Malicious:false
          Reputation:unknown
          Preview:regf.Y.BH1*..5`d..f......`.EU.A?.....l.j!$.K.k....B..R........=&{..}~........h..0]O`.r..i/,....{X..^.......Q..>A....k..\.......)M.Z...WX.oe.#.....+...).k..)^....b..{A...X.<2 .V.....\..u...?.......7.....>] a.....c..8..3X...7_...k6o.tr.....z..[.-.3LdtQ..7....X...V...S:.1{....|nb}.d......y...a\.sK$..fh.......rJ..3 ..Ll.|.=...UZ........w....*...,......~..{..C.Z..7D-'Y....i......K..V.}u....o.|.b.._......%.6..H8...@..CI.A.+y...@u: .....M...@.E>GV..).G:x..y\ .R...R.Sq..3.;....V.G.... ._$.[..$.\..5..E..}..-\.B...1.;.....d.p..VgeZJS..r.{ik.E.G..(=....H.Z..5....e.~QX...8QB..,.w..._G.....\..Z..i.?.l...D...?....k...%...x..9L.mz..d8.."..F...... .r..G..yaz2..$.......s..^M..x...n....@.O..I,z.... .k..-.+........h..q.~f.t.p..J......N0..jTQ6*......../.0.}.!....w..:..?D.).*.6.......|o...5.'< ......k.g.q...I.m".......;...@.9..n.X]o`..U.....e..x.=..l.m.'...|..z...1t...o..'..6.U.....F]..\...a.....O=L.2....*.{.....s.&..o....V3..,u.rhj.W.o..;#....W.)..@..v.,..\...s

          C:\Users\user\AppData\Local\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.977255179279022
          Encrypted:false
          SSDEEP:
          MD5:91F39B2B197E28A810FD758039033ABB
          SHA1:17908AD3529D3388B8AFC02DEEFE5BB9E6C5F132
          SHA-256:8D528CF66904E9A34FFD7D3463CBD8AFBC4EB7D458A37F1C6F3918DEE4BA4955
          SHA-512:D3370DA49855058D6291050B7809D4085663E0871B3F91BF5B2FC790BED5360805C9F0B958D6F9F068E23CEB81A103316388BF2656D4D7BE4EEC792A551C9077
          Malicious:false
          Reputation:unknown
          Preview:regf.w....(...x..I'..QxY.s..,..[.3...W.?..'O@.Wj.,#.M..6.V-..2.gd...t.}Q+.L....T.eF..../wx.....(...........Y...+.....1_.}._.(..-.]W..U.?2.....#.....C..zR.xu.i.U.'1...b..l........,..T..S....W..#..M..m..M.L=.u[.i.......!.hB.C.U;.|l...?...lw\E.0.!...#!.F.7......^.......Y..A.\...y.~.d...D.).uE:C.......Pz............}...0..Me.}.|.].H.yh./.(ux..).'....._:.D.....Q.a....9?t.D..:.6.*.d.....wk.a..t....l'....vc...Z.[.....[U.j.%..K.#..a*.4.l_.q......@W.....K...(st.T..T..!..Y..p...F#.|..|....../...,...0.......X..&.O..G..g.........05J.&....[h....G=F.....m.......J.........h....{....i._&.r.?...r...U.Z0r...SLi.Dd.xgs. ....H..R...V...TS.........Wt.........(.8..H..y<{...O2....r.pz....x.D......)x...&..q..B;...w.B|......CQP...Vj_..v...$F...l.,...P...e.5^.(5....A.W`..y.k.Kx.8..Z.t..7........q..m&..".,q.|.v....<K..Y.. .....,....Bt8.Wo.....f.5....gD.E.....&...F.P.|Qz.....uG..:R...O. .....j..2...}}@N.a.B...c......h..5..w..j`....g|...-....%...]Y....s.D?....\...|..

          C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\AC\INetCache\O37OBOZ2\ab[1].json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):15160
          Entropy (8bit):7.988670357990972
          Encrypted:false
          SSDEEP:
          MD5:F967AAC12AE58BE077B1CAB746EB1A5B
          SHA1:655C02BD2F28EA3FFE4E9D95255E3BCDCD6D5DB2
          SHA-256:E8B4E47BD92449AF840E58F4AF13720FAE4B1C6682CE3D4E9D9AFE22070BFCDD
          SHA-512:F8A380CAE25D0B6163D392F49F7705C56348EB9FA37D7869980783A08F6385A639D2EBA01DAF2EA31C3E02149113D68AD4ABDEDA74A90C02BF70F93061ED8EAE
          Malicious:false
          Reputation:unknown
          Preview:{"Fea......'...:..O.A|.@..0.V.mF..(=.[.D.R.7......a7I....s-.] !..qR."..y,...?..v..1M.1....w..&..x...A...z.v..#8_t?...(O.e..Js.....9o....M.$Ps.L...1>2......5u..."=.x.m.E+...Z..G..*].].t.JJ].....e.....u.r#:C..........O. g.B...Q.4.dc....._...Pxs.D".....a..fb.?....].../.....#.h..q..<..Q.b.U$k..=.Z:{....7.....J.L./...0.#..b8.9....n..Ty.*.9TJ..........U.a...&%...>,"....9..?@<....9...#.H.#..C..V[.x.S.N..'....J..q.^v.=)...R.%./.pX.j....@8..Fh.NS.......6..e..Y".*?.M.Yt.C.O.b..UF.`'O.G......?.....L"...S.....O....".dH..f........Gk...M.g.2......:DPut.:......../.>.].....U. .8..[..%....4sK....f._....K\.$q.z.?..S......6./8*.......*.`.=....w...J..6.....F......?.{J..|!..%1.$.-D.(.....e..D..O.>....).........b...........t.:.W.,0n.........J.a...d..........m....B...Gy....h..@."......'...4~OsZRp\xR.......M.N6..5$( ..q4....k."..G8......e.|.!..E..i.Y...5...i...1X.......;'.]R....0!.j.a..j....6Ln4~.}o..~.d....?...MH....c..k.c.3..N./TQ....|...U..D....9..(..6.D.q

          C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65870
          Entropy (8bit):7.997262014523568
          Encrypted:true
          SSDEEP:
          MD5:F8B481A10FD4F013177731E8D5B75B33
          SHA1:0ADE40D224F5F5466D66BD1B44B912266C43D456
          SHA-256:C4BC2C3CE9C04643E82104083489993C1E6AFDDA0294A7E2EF06245025008E7F
          SHA-512:E3943744B6DBBABB353E6E96E907555464D2F43286E2E282BD31F12F154C555D1BA543E4C14AA2D827D6AA52253C897030B26F0F9A76ECE87F5A2661DAE25A2D
          Malicious:true
          Reputation:unknown
          Preview:.....g...o.#.....u..J{-...........x........C...A.......#u...))...n..T.O...L........n....So.....Y.N..d.F...(.NwA..J..H.....5I..c]...i..!DG\...B....L........fx...Vkm.. ...#....... ...fj.....j.X?.}.^.f....Zmw\...2......|^..W.`.FuA.f..G...'.R+`.B...0T(...y../"....s....5..,u..u.. .M. e....... ...MqHa....QA.y.UM..w..^...C-R..#....Ur.@.`u......$..H.3.5.k...e.,.@...... D...6...;Z/....._.K.v#l.2b...l..?.m.=q.d~...^.FM.(....1...QE...K.K&,.#L(]......U.<vt....;n.G.....1...F...E.........A..#O.Y. .............'gCF..XT...@Nw....i...:f.VG...,J...d.."51X.....R..Q...I.[<>Ll...^.E\D..D;.hv@&w...SF..1..j..w..).l....3M?...T.&~.uQ.pY.y ..!:y.WB.B..3#g.Z+>....bU]...{.{.d. :...............F..n..b.s<^l.&u nH.9.w`..S....6...^Y..e^.Vp..7.b..E@....q...}O...k.m.m..2D......... .....L. ..VTK..l..=......y...}...O.!.(...].lwm.I!2.../oN....T.K^....v.#.....7s.py,of.5....Q.;.[m.F...I....~,....,....4..e...A...C...8........`/.O....v...l.=....(.....eY...O..L..!mw..4._.Z.v.

          C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65870
          Entropy (8bit):7.997236193731861
          Encrypted:true
          SSDEEP:
          MD5:831D346427FC9A0DFD37261BDE166230
          SHA1:CD467BBB71F3AFA7C18FE5D5D8ECF206D2B10FBE
          SHA-256:615B1B0950D5415A25FF7127957E98A51A8B4B7763A76F2F38BEAC9707C61DBD
          SHA-512:952BC11A74BCDB7ED9D2C1EBD9118BBA1B63E0DAE81D3CCA418AC62996525823DBFA920E8CB2B84AA763D8BCFBA36A99C169EA5F7F85FEE6645540916588B214
          Malicious:true
          Reputation:unknown
          Preview:......QY.C;......BT....... ..A9D.!.....oa.-/.<./.....U2[.W..........I...J..a..L...3...$G:...m.z...]....O..r..3.>q.`..*E..vA..Rho.._F.b.J ..V..7..U?"}..i...}..t.X.X^...n..o.V<.>Xbm...a..7..K...-."......x..m.,_.AL....d.D....>..Y..9,...2.Q...;....u././*....Y.p.;...y<dx...fL?....{....p..W...4d......."." -...E..?.6...no..A.)......}.5E.!'C.<.............U..hB.I..J..cS.ht....J...p.0.......N.'0q.:.'.:C.y'.n.4}r......g."@..T.e.E.1%Q.....q.Hv\i..(> .9...f.....G.k@.DMkT.'...........\H...P3.hJ|.{...@M.;E.....ZS...~....8.cl5.o.Y.6......d...9..waH7.Z?.......y.&MQ....~..X..D7.kS&...q..I.0.3j_...P..P>........a+....E@L..z0BZ....f._...X-......@^.8.u...}q..Q...B..JE.%.....Q..Ut}..g...1c...n...X.<.....y9...<2.q...x.m...~...5z.D].f).n.'..nx..8.U.kN.S..^....6pV......nA...z.....W......a.......[.Hy..._c.z.|......aWqhYl..:I....F.G......).d.....Bz.+.9.2...C..4....@.i.8k.^.p.`.q}.w...5.,*. ..PD..6q......c...]..r....%...\3CT........F.=+...j.&......&

          C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxStore.hxd

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4194638
          Entropy (8bit):0.9049916037920862
          Encrypted:false
          SSDEEP:
          MD5:3D1FDCEB8F778AB354A1B9B30AF10261
          SHA1:5FDD550008F1C747928C92FDE0D3C5E05FB04008
          SHA-256:AA07F5ACE9EF5DB49FDEDEDDA8B175F5322F959A381386DA544946B0CB414272
          SHA-512:D09C10B207AFAE85AC74B5F91CCA9E3FD2A470A6C20EA5FDE41AD1E6ACA5F63EC82B6902D82BF0A159CB83ED35D5D1B94635FF18B5DC2E437634424ABA3BCC7E
          Malicious:false
          Reputation:unknown
          Preview:Nostr.......=.v.`x{..:[mz...........w8...,.W.nb.....,_....s.0....s.Q.F....sW.L..t..7...7S.....Y~.;...d.+..\.9.%..P...... e.T..|........H.&.*D?...,Zi.3..|..&Ep.. n.........K..[./.......[.....f.W.j6..g.4.-.,K..@.........Jl~S.,..v.f5@W.F?./.p.E..sq.L6t..*.....Q....9.:.b&.........Z.....0.K....m..y.....p0...........Z...=..T+..2*...4n.D....Mz.?F.g.....h.l....p...qz!....!..M.Y.(.g<i.._...`..&*..hg..E.C..9....VB.1....k......<5..'|..#\..b._.q.F1v..E..k.=.?W<...).5..\i.M,...]...I.<.I#pE..vQ7zq.y..s.N~)t.?6.4..\=K...U...B...~......._>..+..F..F...."..$.....;.8.H.6..K.2.p...;:.I..hK.../5..~.NT.n....*.?|..p....q....F..X..o.uYO|^.R.C.~.X?..g..qN..y........O_.3....S*..K....x.z.S....O<[..b.........N.3.`..Yx....\.r..H..(.b.oi........H...}$........>@...B..z.sC...4!B..)C...x.2..~.,@.../...Y..F...v..poq$...x..J."N.s..q...1(W.@.K..G.5..?T..]..qY.i.A.bW.S..l..g..........(L...=....5,.4".....~1.z(...$..J*4.P..(C.......M..2..H.d....=...9.r............&

          C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxStoreMigrating.hxd

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4194638
          Entropy (8bit):0.884055584500059
          Encrypted:false
          SSDEEP:
          MD5:8996497D4D80B8E9B2B5BFAEAEEA483B
          SHA1:D7CFCF5CB4275D01FA1F241FDE1C527E9D983ABA
          SHA-256:7D923F43F35B43B6B291F40EA1C0B22A006AC0BEF20A8B6C6D7F43DFC76B4261
          SHA-512:E739CD01648433889FBC8B45EDB2BAD5C6A7C6024C1D187409A6F7217749178782422A071D19A1171DCD1C6F6F86EC3BA2E53D661F2D62E2FD10B10704042996
          Malicious:false
          Reputation:unknown
          Preview:Nostr...|.....R...?.v.c.........'.z...&...zb.u..q..D.}.|...?.......A.8.t.H.....y]..y.N..k.K.Y........t.:.Q)....0ba............X@...T...6...Q.;9.yOehs.r..^..(<f...B..VG..f._.s.0..F*.+...T.K).c....w...z.PV...H...t..*.H_.@.R.M.....d.&.U.:..%..E.b.B......J...!...".eN.B.II..../..dP.....R$Q...5."S.e9..sr..\ h...:.M.8S..DK%..e......@*.@..^.......>....H.u..Z.U....S<..=T...#mK:.......90....`TQ...c...!..Z.%.?a..H..!.2.hyWrXP.9~9.L.M...D..{...qc....i.....=.U>.\...y..$.4.}r...6?.-.....d.1)...u.(G....D*...../. ..f..#K...0~...SW.l..A.8.i.....*}..C+........iG:...&sv..>].A.5.#6..v...r.. BD.......R.R...p......D..u.@.Um.4..2s..y..?..*..U.....%@...K...q.f../...,.Wd..W....(.. @....yS;>.#.l..&..F..?.xDrt*7..d...t............C...b.,.<.1.3....FF..^] .3KQ..~..VeSC..>.4l.%`......4~..+...L9".x.kS?q....|...&>u.....:.f..<.M7X......).y.Q...g.*.E.M.*......5r.v..7.F...l.5..*..|O.....f+...J..>^....*G......6h.....h...?.m.PNPk#h...-.4.|*..)..8@)kSc?....2R.H.....^......S.m

          C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):33102
          Entropy (8bit):7.994446534449058
          Encrypted:true
          SSDEEP:
          MD5:9F4E995C3AE1DA43D9A12FAD25F29370
          SHA1:42805258BDAD14D7E6F28843C722A9DEB245FA95
          SHA-256:058999A5E479A20D0E589D5806DDDB70CA6793AD0EB31C24AD9097F0D32337DD
          SHA-512:D651AD0175E0AB0BAE543276A152808527E3818726DE7C37D0FE529411A6BE23824661E4F457C2C6703BFB19322D94C11A6639E96C92FB04AF71FF5DBB5C586D
          Malicious:true
          Reputation:unknown
          Preview:regf.@..)8.$.{..n.......}1fA.....3kb+...&......5C..y....].ddN....0....bl.G..LiG.a..iL[....V..8&|.^.,..c.A.[......l.jq...{.. ...(....~..%,.....t.>./=..z..Y....(...n....X)...UgZ...d.5.;P.(.:..'.......LR.2.|.n.~...&....B.z...Z.a...{H..<X..f+.C....So...j(b..g>..L.(.R>............,bJ..-o.>:...FH{&..Fj .@.X#...%.2E..#...N..zfN..G1.@H.d."..S....5..j.xh...U.k..4.5dGY s....T..'.....n....l{_.".9K`a.2..........T..Z..y......<..:m..E\:y...E.e+.......N......$.YC..\.Gm&1.....mj..{.f.R.xv..8m....SA...V.j.....+.).K`F..}4BR.h@.4.^y.&..c...jv.Z<.!5.9.Qm.{.J.:..}C.t...O.[......!.V...6+-=..5R..-;...7.S5...93.m.T#..){T..V){..|......D...:..x6. .N) ....H.R.........b...x.=.........O.YK.K.|.0...zB...nf.h.0...=.x..#.....NEn...cuP....,....H..i..iM.^T. s9Z0...A.sw...\ajf..{.o.X6..(w......$J.T.i....w....^I........!.w........R.T..7.8.d>...U...Z.4V....@.`...D...z..........L...........E..XR.&....X....P..U$.[M...~Pc..jI..^.........E..-r..@~....u...'.?.s.fc.T*..s$.|.... ..P;...

          C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):33102
          Entropy (8bit):7.993819623765067
          Encrypted:true
          SSDEEP:
          MD5:A9D1AAF78A1188CCAC61847F989BAE61
          SHA1:00CFF29691A354AE870E44EFBEDC5EA41609E9FF
          SHA-256:D3A208A2CB20CDC010C87FFBB3E06CD05BC653B81370CEC32042D9ED7796D652
          SHA-512:0BFE1E3D84158FDFDEFFFC91C276B78DDAD3ED426896724B0CA8E85DA10D8AE2000CAB42C90AF080EBF5FD187C5F2D1DC818E939A06155004FEFE04D9DD181A4
          Malicious:true
          Reputation:unknown
          Preview:regf..Jj.....+,.....*R...e..|..B.<..2OF...Y..:...5...k.jB..V......,A....Am.|...l.._H.f..)...=.;.N..:......{R...-..M....^.m.*..D......r.D..=......3.E.DY`tQ..LQ.....c.........g.....B..2Sy1n.A.,.._1...].$.e...>?..w.9...kY.v4."KN6%.lf....D1_.q.wV@.E.c..R.LT..p7...b...fl.._...lNm..;9yX....`n.....<}q3;&.\B...t.a8..d.f..d.d#".b)Z.v$......G.5....t....|.}.&_.f$.[.L.7..w........%.1T.p..&o.....=._ ...D...$1"s..2.hH.AAL~*q.......E1Q.U..*..?....F.?.K~...?..Z.J.....1.BG.q0N..R.G....7..{B...Q.\W{&..,.G..J.x.T.......d.....Z..w..=.F.....*.*h.....<{....o.P...FA...Gn....\B.......s.....x....V'.'...0.z.M...............sk.U.=.I..\.f......d..~'|bFmi.....C.#.c../.....o.L.,....L.....Pj......H......B..y*o.1.mS...^.D..U.k.*..b....N.?m...+.X\9Ik.yi>|..t.9+.........f....V..'....!..<"............z.w....E..)..........V..o............9........<:...)-8.v..\C.<..+/..2.+Z.Q..m|9\i..HW.....];...L.?.~..--....E.-+S.V.2.......*.t.[..j...\O.0...r....6.....t....x.KV..9..

          C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG2

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.978927118534448
          Encrypted:false
          SSDEEP:
          MD5:C2D83590C841AA11D26544F6365275D1
          SHA1:61001B6049F7ECAEE2D74ED22D4459637FC7CF49
          SHA-256:E06A4FA62949AEC44A55841DE38DD8E329BA4F675F0478D50D8A13B42BCDAB15
          SHA-512:86F7A0B2E22FCD6A5A88C49F81743518DE2BBFA5AFBFB2EBE79593245CBDE1A785969BE1D167B044F6F660FA4854D062634643A2BE627FCDBBC3DB5BD87F0362
          Malicious:false
          Reputation:unknown
          Preview:regf..Ap....1."...S.#.`.y.[\a3..D..+..-.".~.^[....c.......K..1..#2.?x......Gp...Mtc.T..I;...%.%.i.S.j-.....{Dvo...R...G.s.PfV.3.>V...Wj5*........y..T...y.B..w.....@..B.@.(=K.H..du..&......r...r<..C...Z.t..Z..Ta....H.h....oD3...@.7wA?..>.~f..p<.GS.R...CT.u....3..(......e^......O..]D...m.V}.a..5Nmb..!...8._......1....rG..J?.._`Ck|=.......(.Y.u.?F..0.u.i....6.$......%]k.fZ.....x5.(.3r..q8&.e../.O...HL|..].(..4....d..&no.7..{^{.M...r]i......3k.....8.5|.sz=...#...>......q..i\S\.61.&t...D....1......%.7...`.......LUX..P.HgL....C..6.zF.....dk.d.i.17a.(..<.9.Iy;..5RE.>.1.b6..........f.B.X.R7...5...\&G.....<N$..,...y..(_....i..N+.I..k.4./.<...>...w.6.-..jD!w.9....Q...L.5....5..b.....V.....Z.2..f`.'.M..+.q.A.y.eWtX.W..j...S.`.9z.mw"...E.....]...W.~+Vw.@^..X..X.7.U4.&...l.\0%=,0.)..Y.H.G.k...s..;.aj.+@.97..,.C..e..z.....W"....6.._..^.....V..!..<......%.).o_v......T...3...Q..tC..+O..o.o./Ze......d..<w.?oi<H..g.T....)y..(.........3=(y.aJ_...B.i

          C:\Users\user\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\d5a8f02229be41efb047bd8f883ba799.db.ses

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):387
          Entropy (8bit):7.298537730374189
          Encrypted:false
          SSDEEP:
          MD5:8986AA9226FDB855358ECBF712C4714B
          SHA1:1E5DDD770225401908B735011DE25800AE69D756
          SHA-256:C2D21B9C2B1537C09870206F3ACDA74E513CB8DD01F5D140DD4C77F6FB2921AD
          SHA-512:950A8080E730934EFD88F82ABB9038EB5FD27241D544879297F8A02CE9D2036731AECAF702303CAD217B2F7A595BC13428022D3CF5EAF09FDF25BD3D844D15EF
          Malicious:false
          Reputation:unknown
          Preview:17255.^O.cadj..`y...u..=.,.H..,...q..<..O..Q.....*T......?.B......i\.[.4....zb.....M...7...X.!...R.G7.8..p\.(Z.W.....3...T[.M..9S..Q.3O8.zDlS..k....1..P...B.^...o.D../~Ul....".x..4w`=.S...e..Dh.c7.....2.=<f.....|.@[.*, \o..Lwf^....?..M..)..[. .D...K|d$H?.*.dUbKX'...k....?2.^7^.X....PW....X[.....NZ.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):8526
          Entropy (8bit):7.979256386051821
          Encrypted:false
          SSDEEP:
          MD5:BEBD204D592E3694D0D30C1EDEAA8026
          SHA1:6DC344631B22E9AD68729DE0B6A349493CBE4FFF
          SHA-256:28B9358DFE10984CC160E7BF5F8B16BAD871700D4A28F83C9194DA76B1A282BC
          SHA-512:6B7FB88E53A87DF68CC3B09F6E8D3CCC3C775203355AA75C99F6A06EAE62EFA21770AD2EE67A430479C0C1530E72D8AD7DDC6BE20B85121E2972709AD2E51DF7
          Malicious:false
          Reputation:unknown
          Preview:regf..)MG.17O...V6<A...?D.|d.@...1>............K..x....D5..3....z..aMX..M.+.....T.0 }...iN.g4s..ah.k.~<E.='z`......5j.]..Hmp...Y.b..A..Y.c.|...t........~.sa........h...g*.*.m..Z..X.S..eeC'.X...P...IO...6............7.....b......5.XM..G.__5...j..!L.*...'.Y.[.fW....G.a.).kU9..p..5.@rnh.!....I..!.k.....c~..=%.........9..,....Vr..kS..{..nh.>..........5...1J.`.;$...1&...._4..>..".,.M/.s..............A.'......2Sh...+h.[..D*>.`...COc..D.....js.q...P0.!ON..\..[WVQ3{.x.<".H..../. x.L.$.m.......u. ......<..b...u..p........`.\.9>.#..;..\...Wg!..Md.J.2S...T......`+#N.D..a..i}.iQ..A...B.3...t...d.+....X.4r%"...s......EE... }P.uN.P.l...>...7?]....C....D.H.2Qq.W..h_....6c.<..><...H..B.J5r...X.C.p..b.c.<i.e......R...V.9wP4....9.K.....G..A....0&X.T.g.(F..kE...57o@2.X..Pf.,^.`.x.~].......E...~>`B0()~.H....,...]..........`.7..5..0...C.tN~.i...U@.y4..U+%..$.#4.P.s.2....7.pK..\..Z...#.&x.*....wW.i..o. ..D......n...x0........`3.g.,LH.."A]n.....r3.u.gM x..oMIG.}..|`.

          C:\Users\user\AppData\Local\Temp\.ses

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):387
          Entropy (8bit):7.357009268088305
          Encrypted:false
          SSDEEP:
          MD5:21053897B67ED70E818A8B3ABCA36422
          SHA1:B00F8071A23A92AA40FBBDD59C904869A9021E04
          SHA-256:C334AC97B0C868464BEFD3D39899684ACBC6314CC8CFE1BF791383CE792F771D
          SHA-512:EA80F0BC0A6D5C851B6E46A473DBDE80E4A41A2B56E839E19984ED32D0DC3B4DB1F78D7D415ADD0EBED18B8E933F38CBE0200517B70F1EE1847D93625447BF3F
          Malicious:false
          Reputation:unknown
          Preview:16965.].wq..U.Iu.....[l.,...AG.$.1..B.c.aqp3V}....../....j..`.K.0).lK...`].[.....C...W...F3...e....p..-.t.S... .l..^.......3.\Sz.......B.....T.......+..Vnx...Vm.....>..d`j....V...%Q. .1...y54.+u%..M...3o_. /..f.U.,.,.ra..........`..U5,.=......4.bR........w.........vr...]..X..oW.'.3.;r+....*.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):24910
          Entropy (8bit):7.9919961755358075
          Encrypted:true
          SSDEEP:
          MD5:B67973DF851AE8556174AEB598638B56
          SHA1:B1FAB0D00B3950B5900B8EA78F3402983E251BAA
          SHA-256:18CFBBB752DB7ABBEE66ACAF5C8A9FBC81832F3B1EC2303076E45D28C283161A
          SHA-512:7456371BBD0039C5D4E10E939591A185A4A2804AA1EE2B4240B7637DDFF14F23559C04FFFE3051F3D7A4078D2CE74F2A2FCCC38A2C14446C1981009748BD400E
          Malicious:true
          Reputation:unknown
          Preview:SQLit..l...2G.k........y+.&...9.0.s.&.z...7|50.D..W.'.KZ.n............X....jQ....x].5......[q.l.l..Ep..0L.H..fp....l..@!8K5..lc.R..V.......~.6.2xF..}:..&...0...T.Y........^q..%..@..(..@.E.m.....G#.<...$:f.f.k.&..#.H.5e...exXQMLh.....a...J.Vv...!...29O.Wb...]..D4...)F......I.......J8@.`....atI.[...1A_.2..6.,. .X.5{-..A}..MS....m...u.4.Y.t.N.6.....+.........`.9.".9..'...|...R.z...mm...c.]9...f._.&........Z....Rh.U..3.fa(....g..5.P.[i.r*..M>.5O0.......;.......o..._....9SF....n.W~...a.*.$...x...x..../=..B..>`...OQ.{....n..k...Go..+.n..`.U.}.y....).-...#OMf.._;A...PO.....*|.U..r...e`....P.CUz_{.2N.....J.;.|....OSMKQ...h.3.......z\....N..l.!..m..V}......qD.i..M..._.....Ql.a..X...#T.1)...4&..6..=.......H...k.X.8..u.2.e.[.Y ...A.....{.."...;0..6z.......8BQ.H.(..2..a.Q.w.?/.r.j(=.....^..(.gd..).( .]e.r5..(c-4.......:t{...C............(.......+2p....U.00..RW..*..)..q..Hgp.....X..d.sX..1...)".}.....o..Y.1...p~.+...h...GS....d......(..=..G.v.Ioe%Q.2p......

          C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db.session64

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):66542
          Entropy (8bit):7.997278379937473
          Encrypted:true
          SSDEEP:
          MD5:3858AAAEE6DA79CE0B08467A28C60FC4
          SHA1:A84DED8D8913A4822B76F1EC367149F6CAAED5E0
          SHA-256:A88ED03FB68977F1BEE4AC116B497B859CD29DDFC2A7FE461CEA5F9CD54D503C
          SHA-512:AC0672850C623627CDAC9E31C03E17C77EDC6DF10D6C793A24C898495B1A84F0543D4B24456B1CC044B548B21603B487B00E11D16AC1B9818896C81FE44D6BF5
          Malicious:true
          Reputation:unknown
          Preview:1G.f..!.f............<.%.g.Bt.t../.e...1..Yf.@l.9.5....$.~..E8]..2?.......K.......3Q|S.....z.....)...........yq..[..-......hW;...^8.(C|.z.s.....Q..R.k........@.i.....]...... .8......h..-Dd3...j..k..a/'*..o.....Z.K,E..i..#..N....n..R...........YT....T...F...h....o..\...@...i.X!......].J.h.68R...Z-w@..|.lOl*.iX.....N....w.T>...<.yk...F..\..Y.6..P....u.......P.....H=...D...K.RD.........*P...M....}..okh%$.%..t........R..?#.A.G..\>.}.i.2..uc..*....\..p.M..x..O.......+h..<7v..R..0...#n....)...Ur......F/j{IT.Z.g+G.1....P..<.<M...."rvZ..OlZR.:...C..I(o.MB..E[O.....g..Q.G0....'...(...8..".smd..8.i..z........v"#..1....F.j...E..a^...h..(W6.k}..w..W....wV..O%..jP'.k8ms...J..R.M.).Y.n.L'w. c;.qt.......+p5.....Q..tOE4....up?. 3T.4O....M....k...lew%..F.;.s5.5...[.....u...%.:..j..D.m...NC.....c...._.&.XX.k..;.~......&.-..|.Y....i;|.........L6s...j...c.Dw>..[...&9...K...]..5...#..7.@.C.F.....-u......IR.....H..e.\*...m......~"...tc..N.B.S.$|.....,9

          C:\Users\user\AppData\Local\Temp\2a904597-d204-4621-9ec0-c3df7918db31.tmp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Google Chrome extension, version 590951683
          Category:dropped
          Size (bytes):248865
          Entropy (8bit):7.985222658097755
          Encrypted:false
          SSDEEP:
          MD5:8A2241BA3DBB8FC399643E5EFA480AD3
          SHA1:C39825887FE4ED8C9C42186799725CBDB3BAB38F
          SHA-256:EE5A0E1D9711EDA9D6E1F20F094FE9E04300AD8CB0127547A04DA6E473B35E0D
          SHA-512:48CDA5AAB6831E8751423977ABE367542027E09108CFFA414C47F8AB229A4A47D55E172DE740E592D92622011A1820ADF40C88043A6A3C87E3E6B6EB270C6534
          Malicious:false
          Reputation:unknown
          Preview:Cr24.59#{O.|.....^"..r).{:N;...&.......p...;.y...i.=..i.,%.....F...>..qm4G..DlG(P.'._.I0...l.6>g...Q.*....e..gL.....Y.j...cIg..7$u.....O-....m.Y..n.e....+...:.#..*d.Y;,Hs..e3.@j.<...BY...Q.?.YnF..;..W.. ..f_uH...Ii.6................}"../...C..'f...Diu../..=Z....t.9.l.|........B..C...".....}!...bx;...u*......I..1&V.T.v...6.GK......t.IZ..6....!.K.h6o{.r.x.ox\.=.G.m.c..a.'s.Se9.O.-....}.........O...2...n6..5.B!.F<....7.~../.. .1.;.N4..;..}i.O!.%..@.....!.m..M?...`6P|.y....t?.r.!Q.&#..e=.Z..Z.......y....W...0.<(R...M\..9.[.E.}...w..?........+ ..^V...A....".-....2.R...>.0...C=S...Fu9...`.......fB..?...uV .d..g.V.}+..\F......y...p..B8.3v....~...c...g.. .o..\)r....\...9.`u..p.b.'.....N<....)........vs9>..._......@.....kMe.0.KC8R^..K.;.w.E..h..c#. L.....ll_ln${o..d...'..,oJ.......0$l.C.....[yx..R..8O;w@..).Y..>...;...en.[{.R..>n.d..o.....xj.zP.p.~...=..F..Y.Hg.E..!+.u-.+.+.c..Y.0...^h..;c..a.]a.....9....$.....V...J..,.).-..:6..#....=.d.4..4W.\w.d.

          C:\Users\user\AppData\Local\Temp\6a6ff159-acb6-40e9-8fcd-b065f92748b1.tmp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Google Chrome extension, version 1024763907
          Category:dropped
          Size (bytes):248865
          Entropy (8bit):7.985465016354086
          Encrypted:false
          SSDEEP:
          MD5:4065057EC232BC18E519ADC11CACC822
          SHA1:5174385BFEFAF10DAB800D5F6D9646ADBDF7D8AF
          SHA-256:DEE541BE9CA05E779A8A15BB86B4ACAF82786A53B2B63432E43BE22D4B23C30A
          SHA-512:8C447E742874EBBEF48B34BFFDD70C83FA9911A5CBCA1839C579707004EF84C9AC074EAC53B7356B6DC1629320D3AD63DD462ADB843E6FC953D521AF1F97F7A4
          Malicious:false
          Reputation:unknown
          Preview:Cr24...=G.?J..j!q......YXp.E.n9k.@.-....#......7..`W.n..p,....T .M~P.C..j.D..p..........VN....Ej.._s.T..p...Y.k.l.E......WU]k+......................[.m.7..G.q-...dT.y.....I....A#..n.........&..}./}s.. ..^4....F....n,.....C....Mpnj....Ks<.L.....*f.p..#....z..../....e.......<....?.1.b.K..__}.F.!.......WQ...i/..4V.z)%*`.....!.a{R.W.4...j....E.vZ..\.{.*..~',...7.c.?..8}.....0.dvH....`.zZy.K..../.{.L...1.x?...G3^.... .k...Kt...).....:.lc....[...c..*Z.n.s..z(1...P..,..b}.[.....)!.h...W&..^..FA..D.D.f..is/..C...dn5..<...KB....sp.8...O.....C..C..<O....Qd8....w-..~O. 6......C.C.N.|..J.2.)....!.<|..R......c..m?...U...t.a.`..3.!6..C..&S...J...i.{...[."....\G.....n_.`>)#....S..1Y.A'cq"m.f.......5..j. ...p)...h?z` .....V....R.s.V...&.....N..vK..n.....X.Ow.......:T...v..mk-...QCm.!xF..;O&.....c.o.`.UA.f.~...B..ei..\..1..7.%.<V...T.7....<.9a.B.O....k.n~.`..KiDn......".H...... ..".....mq..!.Ur.Kb;jn.w.Yx......0..._..s...y.|.R....-g..Z.+....f3.....

          C:\Users\user\AppData\Local\Temp\AdobeARM.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3495
          Entropy (8bit):7.94660932114758
          Encrypted:false
          SSDEEP:
          MD5:C954B6916FC0B7AB0AE3DE92D4D4249B
          SHA1:32BF28236116BA7B8411E17348AD1FF88EEBFBA6
          SHA-256:E6DAB4CB38BB93098A69E7F9D3B18E7FB316E9AD4191DF10C849B0E8AAE1AC52
          SHA-512:8707B3E640D82E2EF85454EDFFC0C8892031C8DDF81CD5DCE0D3DB404027C1BD416B24C5F6EF5BB899857121BBF317598C762DADE9913BFC7DD854A4B97B360B
          Malicious:false
          Reputation:unknown
          Preview:[2023.pLG...iO...C..:$...f..$I..T....W....#.)M...) wN.%...Uo..9W....6g... ...!;........"..L._.f2.'.Ql<.4.T.sd.....J..3.v.Z....a.=.a?gk..I...>H.{tY.(.....&..X..E...r.......9...~D]..r.(.B..jed.rr ......Y..<...Oc....N..8p...5.a....j...)..*9t.s..C.e.:W.|.A......bL."G~..K......S..A.P+e.,..9"..GN...V.O..JEEU..4F.|...i....Y@..L..{..<m..../.%...~....vk8.6..Y....).a:....+.j....v.\.;.`.o..dl....kfo"{.0..W..=+q...I.^..\....vh#y.`rS.:...(.Ic..C.R.+.O+....a.N.~.Zt.3%....T..a..X.......@}CqDTm.j..`...b..Fy..Q{..d..IQOQ/....Q.cKc!&~cL}...I.i<..U)...5LB.y.h.;....hg../.gQv`zFX..D..s...........^...;..E..j(...9.m.........I".L..v.}..;z...e.cXNB%..Z.u.l.%_.t...R..A.9...=.......Kz86@(......g].G.Ty.j.............D.J(..!.'.)..V..u.....k.-.......CG....=...X...e#....]x....E...N.6M......;...;.1...-x..o.......7.(DKa.>...$.....Nr.n..G...V. .n.#....H.9Of`..^7..I.N...)k.D....!F..hbV2CI".f.!.....<}..t,..&=..EXt.....c..mf..`.I<.+.Lj..e.4K.8D..e7e.{......B,

          C:\Users\user\AppData\Local\Temp\AdobeARM_NotLocked.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1013
          Entropy (8bit):7.789505944612806
          Encrypted:false
          SSDEEP:
          MD5:85F6039FAAEF86FF2B05AC9B85887EF9
          SHA1:1328B0BDCF6777C6A66CAF9916053BE7A776EE92
          SHA-256:0D9E47D34A4F767127A454F1C8E37DBBFA003E3CFADCB6F2072626D0F8A830C1
          SHA-512:045EFF29DED548A30A404D46EC1810708208CD5EE44C4B56290DC557DBAB86D4C64B3614EEE36978FE61FEC11F43DD9A1163DE5B9E4816B4A6A3AB202CE486DE
          Malicious:false
          Reputation:unknown
          Preview:[2023..7....$..~..(....0..*....B,.....fbN...f.HI.Y.%.-./....v......v..-..ES......~z.Q...!.`.Q....t........7n.E..^..W.C..E(.?[....&wu173...........7E..8......;+K5..(C.7..+.XP..D..m.....X...Z..-u.Ti.1.......5.|...C..Y.9.._HS...._&..#.A.!..?.*.d..nn8.a....@)}..LE|........#H...9..'*.....qis."$.9...y.ETn.....n.8Zt.....NT.\..a.a?.c..n..HD.X./^.+....k..U...w.X"3.=&....C..C......~.._..e1e..Ls....I.w>,B...`.4.w....(...#..1\.b.w.!....6.|.......=7[.s....0...... ...H.#..5.[;....w'.$.q.>fe.:.Rk.0..p.W.........;.%~..R.&...5.2..*...}>.N.O*.....F.W.i..ZUR../Y.j.]..G}<.F|f(|...hP.E..l.g.Y.\..].ARK.9.......7..U}..kc.n..<..N.>..t.....l.....x0s...T....s..h.sF...y../V........&.O.[Qy..o......O-/.e.N......4...V..*C...S........ Oz..P.......s.>..............[,........O..J.;~r...[.?B.x).s......@l......J..I...o.Y..E....H.C:...+.......c....KOX.......%.6#..&x..].M.N.....7.".l...Pg..+.....e.....#.#7K.~.<d.o.j9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-

          C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231006-1147.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):39146
          Entropy (8bit):7.995217693596671
          Encrypted:true
          SSDEEP:
          MD5:9D006D366E7A558F8A25DDA6232F38FC
          SHA1:9FC0FBC955290F41977613350F836D0FC9C83CD9
          SHA-256:C2EA96BFBC54504DD3D64A9F6747F4DC776B09943810CB689C70135928AB1F74
          SHA-512:308CD342A81C52B83A2DB67137C4E18302D14AAEC8EE7830C2471C5F31503203CA7EBDAFA117EDBCFF84DC24C0EC57D03F2D3E7D536C9B298F2A896BF5678E2D
          Malicious:true
          Reputation:unknown
          Preview:..T.i.....b..va..\..z...DI.k.{..N.h..Y<....o...2z..`K.....`.rN5..J.[~....R..==yS...0...>......X.;.."..B._.)....Q.X..=\.hD.........~....^.I.c.z.-..!.@.&.2B$.c'.X{w...=W.e.Al.v;.{.K.s.,..qT..~..)........8.I...........2...Y4zC.M....j.Y-|..h.....\".r......I...3#HG....Q.K.9.dj...i..|..Y..E.}..?._.~..>....8....?5?Hq..[.....q.N.yi}..1$.o^..A...?p......8.\3!5t..,CA.../..+T'.....&....H..c......K]LSa>h(..P.blsm..K...eN6.`......X.....6.m.......$..s...Bq.tI....`VF.|./:..../l.....&.v.1H...(k....%9A..g..d9.y.%D..._..Q.z.F.a...y.ZU...._pV|#...%W.=..#. .k.v.D.S.0..Di..h.|Z.|p.2......D.{I0g...Kbl.....2..Ma...../`..?..,..F...'e.l .P.t....Z..T.....}.......vr.t...u..t...=....O<.4Q.S....:.)l..fr....#>Aw.S3...o.gs......?.FE.*&...?...u...nSS.J.>..|....r...u..Y. m..K.....7.?.....f..Ce.#.pnB.B..;...Z...J........7....4.W.O....g....Y../0..h........7n.9..r0..e..".B..#Y.9..x...c.f....I.......K..m...u.....M.........Z.!*...m.s .._G.vI.....3X!...........A..Ud....

          C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231006-1147a.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):170188
          Entropy (8bit):7.867019474286714
          Encrypted:false
          SSDEEP:
          MD5:262E5EC35EEFDDE6C79CE1DD00E43602
          SHA1:92F089046F39920D22D6809303F697F184B645EA
          SHA-256:A56B3B3CDBEFA5692529F0F26A9E63C84B3625EAEE13C4BE0E4EC9564CC4917F
          SHA-512:18B8CD0934D5331090736631462A61AA20C7C42287B7539AF78B5E767B283A52231DA2759EB08453FDCA94CE3BBC9C12CBCAF479FA7D6EC825DE1CB2491E0CE4
          Malicious:false
          Reputation:unknown
          Preview:..T.i.....E.A.v*....\.T....D......D.g.D...^:w0..3e.w^........u......hK........ d.....>...&..J.H..}..=...,h.@<.....$&.L.Q.?I.D...).z.....TMY4..r.g.E\......!.#.(.V]X6D.....Yq...f.%.?lJ.@..G...q..A.%~~..m8AE..BY.G.mx.9-.......#..m.|..6..D...L...R..A"mU..6>X.S;......?..>.S9........?s..a.l,.o.....$...m.r@.....q.M.:.7j.e/....$..p.m9@..xL./.}........g..........W.34.m.VgI.f..^A....~g'%.=......3z..Y.GP3J..Ez....b.....]....Sh..O#?[.z..w.....S_.<pB.c./...D....[..A9.#+...%>9..d).0P..l.z?ED...w...}..d.s.%.]I\W.;.....I...71{......Q...m~Wo.....S.T....W.x.m..l....$.s...tCl.6f(.c[.*...*..$..2...+^}.`%.7.....c.n/"g..<..B...9.....ye.H..=.=...p..h....)..).!....)..C....m.....vv.;..e...7C..Q...H....e.aU.*dv=_r..%...Uw.T..K.=......L,...YQ_{.........S_`...........oN..x..Gz.bp0=..-...~l....V=M...[..Q.9.#.|R.wd.....k.... ......A.3.%q..#.+S.."....R.".+#2M.!.}'.".[i...m..lL.....M..#-......r6.C|........x.h...=....}...K..... :_|.v........XI.....itHvQ.:.....{.....\..z..3.}....

          C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231006-1148.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):593392
          Entropy (8bit):5.492236235089358
          Encrypted:false
          SSDEEP:
          MD5:7FF40C9D7E68B934E8D5962D23C92BD6
          SHA1:A692FCAEDF2BEC097D2B083602507D9532743870
          SHA-256:C6F631C369C73A7F82A556ED1D9F93FE212FE060F12DD130F8D0B31AC8A1C795
          SHA-512:D8C3A08C7BA436ACB3AA216BC6D5BDF1A4F17C87E8942B427CF23EEA2BB33642704805DCFF45EE93A7C913A494A2C09CE4EE8375C0E9B2A5E97918E084072592
          Malicious:false
          Reputation:unknown
          Preview:..T.i%...:.....h..8...0..(.F...s...'-.........E..c.[.Ag.jJ.,{.PL...,....dJ5.#...%1..,.a8D.....w3....~R......+A(.v.Z._.k......t..\+&F..p>.z.yp..3..hNo~...F.6.....M2.Cs........D.r<!<c..?.,..G...V7...3.....Ym!..l.>3.A?..x8.d.7..1%N.r....E..+o]G0.F.4e....C......x...1....ko.k..#6S.h..p.w...T.j.A....*.S.6..(O."....}.R.mu...!....t....y..d..:.n..q4...d........S.....xq4.... .....3...=..v...5.2:Q...Mod.4.2...LJ.+?....C......ZK.3..........D.J..7+...c.......M...T.~.>O.Xn...O..]F.....]d.............H.....W..b.4..lo....4.....].J]o.".>..x...q..du...W\.[OZ%BM..KbX.q..-....N.....qN..",%.m~7.>.Pj.......R..P.:..+..|Kt...G.d..."...._.*....d..?g].M|. ..c.......r"..zXl.....D.v.\..AlQ..}+.Y.Ux...z.|.Ly.......x.+...(.6A.@..{.)....Fh...Y.=.X.....O.Z|..O....5.jp$....A.......^G9...8f.eA.....L..p..T.......).A<.......Q../...r.....ZG.>@DY.C.....O..3....!8......<.k...<.d^..P'..uo.Wi...H.=..j..4b.%..........VhK.Az.+.......\.p..... O...5.........j....`c.G. KZ...SS.7D.p.

          C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231006-1148a.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):216880
          Entropy (8bit):7.30031495756507
          Encrypted:false
          SSDEEP:
          MD5:0812888557984474158E6DBBB9C27329
          SHA1:8E1DBB5AABDC864920313C56F95E14BAAFCBE4D0
          SHA-256:76B247DB0FED1378E905C0D78404CA9013DB06AAC295C36800D38B605E04A527
          SHA-512:8054431C751CC856E4F33255372331A0A31EC32CC827A50DF05D6751E72F254B0AE2C2053955DE2B7BE42F1DBFE1B3FE6371CD6E11167167AB61C513001283BF
          Malicious:false
          Reputation:unknown
          Preview:..T.i....Q.b..}.a.....C.0..K!.`]..+H1e.H....?g>;./`\aa......p....b.;QW.0F..6.k%.q..G...`t........J]v.3....V..$>L..c.....H...........3.$I.x6..Wp..V3...*2;.*:.fj^P.{..u..$w}.+.....p='.}Tv.......H.T&.R....H..Ad.3..{.&!(.Dm..|a^..Q..V:.q.h4.U,.R.z..Nt...4.UZ.F..#..Y.v.ev:.4sv0x.e./U.3.........^,*_.:d..e../I8y.y..Foy...p...jl......D.:.1..p....L.?....c..M;.5........:..AK.......A[.....%....l*.P.au.5t...hxFn.)..\..,.A0..i..a..Y...@.]Y...%...Q.94(.(hm..C8|1.=...E.E...?a.K.8.B..+...T...o./.1.o.`.o..R....AhD.......M7.....bi......d.3.\`..6....e.{*..&...?......\..z|5TI....E.W....G.......3.S.(O..'....n..'.Z.....Yy...G.,yAv....n..=..~......s ..:..:.cW.....U.....N..]%..p.....V&.oJ-a."..d./.F...2..]x5.D...I.kk.1......(.Y.D.".gA\.O.C.}.....}xPcl.Z..s...xgz..`........M..._^{&f..Smw..+<.o..i.A.0 .i.8..y|7m....V....x +.....s..... ...T?..%.i..Y.jF$6...T.k!..nT..R..6....d.t..mW.v..6.<..;JT.,...o......*...<.7.......t.......4$.=QRe.\...f1.)0g.\..$N.......x|.]..#

          C:\Users\user\AppData\Local\Temp\DESKTOP-AGET0TR-20231006-1151.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):108680
          Entropy (8bit):7.998496115138495
          Encrypted:true
          SSDEEP:
          MD5:5FE991E37BC62E54D3A40A0861A51816
          SHA1:8D6B5E7B0D418766773D15B714795C01603447C8
          SHA-256:326DE1DB5B4FA1A5527E5C2E7A4345C2F31246F0501E1F5A235DA7F7C127EDE0
          SHA-512:B18E9D9512DD5E958F7C6F6F0EED5140387B608173C83027EAB44595734BEC96D3969B9673188D903A86C23A5449D7137465E5F7C2C832A924DB5699C2ECB08C
          Malicious:true
          Reputation:unknown
          Preview:..T.i.....F..>#g-..@y(.?..)..db.w.r..._~...j.}...C.?U....JZ.Q....'RkQ3^.(V.E=..ct.....N..~....A....R..BEt.5?...\....BD..r.zMo|..A@.q.......Ov...2..a1..S..&k..h....l3@._Yz...sJ1..0.....A~tG.To.tb......V.....EJG`.T..G.....?..<..).3B......x...C...(W.of.T.F...m..p3.....g.F.$.Z...Iv.../)..P8...Re..w2.<..W....L...5.<..,.k,...D}....J}...3..#n..X&...[.q..q?i.K@^``4.8v9...D....o.V..XA...=....... >...0d.=@Y......~..V8.H.pD1....)_..:...-....a.r.1c!...0...bVI..F..I..l.T..O&...h......:.LU.ph.,..-.$Y..._..&..%C.LD.z........2.k.qhz.....'..p.......l..26..dBm.:..K.T..I..Ax.W.4&'D....u..k/...\....mnK.Q@.}M.......8.2.I....=...E"......]....`.... E.....+..F.M.+.t1..P......]....#/&.3W..1.....P.q.mg.k.3.P....s....Z/.\nh.VQHa..L..x....9x~.t\(.<Y...h#.5=.c.Z...(w....l.O.pA3+.......uI...,.j?..6u].li..?.0........H...>..L#.J.1..o.z.E.%y..m(.N,c..R.|..0..I8.o.....]...Q...b.....R.x...!.4...... .{....u.:...s.I.b.N=f.V...K.N..Hc.7.!\.oF..'6;Q.r.e..g..z.<..2-...~X..R,It...T...

          C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696586115564995300_071F4AD3-0F0A-43B1-A566-0CD1A278F3ED.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):21139
          Entropy (8bit):7.991653695831796
          Encrypted:true
          SSDEEP:
          MD5:4C23FDD211E787A07E926D7461ED9597
          SHA1:D1EB5F2C6D2EAF868E9CF67CA61E47DFFC40D6EC
          SHA-256:1AC066A5A75AD665277C8F573A8D3D44F4C6D4A0C339992899B17DD9F1CF33C3
          SHA-512:502B25638714F62BF72F771BCFE5A1CA22A3A3587BCCD48EED44704E1C1D1D3F1C51255333CA96EF80542FB221B493A98458785B5C5C291EAB1B3DF4E9192BB3
          Malicious:true
          Reputation:unknown
          Preview:Times..1rD.P..x......7.D.-. .we. -gY.....j.,..T. $.. ..'..v.y..s_p.q...`.xF...J?.Q+..0!_..uGJ.w.~....a.M......w{..g."L.|L..wbO2...B.Fh$.h3.........D.....RRXU.Xi.p..Q .Y.e.#...g.r.b.0..0........p./..m...$...p.n.&r1..X6Om.....P03.W..$..c@Cg.|<.T|\..@R!.|.G...|...3...{$Fp.m.1`.0J.CK....?#@..6`<.$R.a...CIF.&..&b.#..E..q...m.2.....N.D(.-.Ss...9..~.l..-."....y..xZ.....X\[-....{]..7.<....$k..P...8G...wu<...vBm...$~...C.Z....B.......3.'.].Rfc.5.f..\#.8..sF.=P.:..E}..'.4.!x.........R............i.'j[.-.[I..76]....n......V2....6)r...C..T.T.I..Or._.C.zZK.-...Q`N........F}.7..{....Bv....%.-...F..j..{Q...N|..[...&.../h........&.b...{.mD.'..&..(.bQ.....Q&.....@.1....4..-..NR1....{.$N.Ch..V@+.....F....z.2...m......u/....H..w....b.K.,.m...6O6..a.B...{..J`.,..jj..2|.Mu.!.0v........\....o....o+.[J..Y..{.*.O....Y.....i8..l..:e]..9..J%.b.._.1...fjw..L3_...P...D....u..`=[.....i.X.....G.... ..... m.....G...G1.19.....O...aS...............9.S......]."

          C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696586142000518100_5AC24207-9E3D-4F2B-B47E-70682EFD3B1D.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):205653
          Entropy (8bit):7.746131368595253
          Encrypted:false
          SSDEEP:
          MD5:6A6203106C12BB62DDF3F3F269466766
          SHA1:329BE64552DF558129D82BB94817A0A50FC30894
          SHA-256:54EBF6EEAFC9CFF1BD5966983858E25F98E5C05637D6E6164FC10BA65C5847A8
          SHA-512:363F12F5B9003CE6DF3ABCE68E02294A207D0D3877D6B7E8FDA2DCB99168B29B40C490DAE96E3CA83037EB7ACAB9A6C509B1E978122404F5F69846FDA85B79BA
          Malicious:false
          Reputation:unknown
          Preview:Times.y.t.. .D..........K..{w".......w...P.J0\S.EN.C....q..r.Y..!=....Gp.0.'.%..D.V.3bN.%.Ch.[..a..g......=.?.....F..[.........X#..=...p......L.6.1....u....wb-l{.i/{.=.m8....|K:w.GmoI..C3.O2-.V..G[.......E.K.T?.J....4..Zy.B....HD._..x...W... ....76..@.yl..Vr..B......^...^..Z....M.Lx..u.....k@`0.z....2.b.1.W.b\....Mx.6.Q....S#./41.Q....Cj.5T...........\.S..e..t.mL..x.H).........W....F...G......Z|q.N..\.t..iW7...-.O.v[....Y.t.K....X.Vq"_..rp~.9......%..s....}z..[.....i...N+p.\(t..;.G..E.Y..f.%.....6..d.d..g..|...E\..s7Nv*:f#..zR.#H.v8......A..o..7..cY..-=.7....>|}..$.9.....E...0.B...\).Q.....b`..\*._.Mn..<^.....!....6...G7M.....I...........Y5hl.6<....kSg...vS.c7.|..6....l........Xf.g2..Z....ON......D.6[86....\ag{..\p9u.X..r....aJ.5...Y.D..u..k.....ke.x.W....z......&..l...K..6......8p....,.(....D;t...k..%?Q.....!:...[........p..4.M0U-s..-'.s^. ..L.HO*U...Ku..".0..3....&...9..X.:........g..|.I.-.-H....F.*;".+..M].W....<..OSx':j.iY.?zY.......|..!....@.

          C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696586151845122000_D1056913-D917-4833-8930-F2F72089236B.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):209398
          Entropy (8bit):7.733103693446203
          Encrypted:false
          SSDEEP:
          MD5:AA4E0A707BA4A1D78D21133BCDFC2C20
          SHA1:79B0F2CC57871647E6AA150F4A6FC8C651C31094
          SHA-256:E8E8946E1182405401CC2D873942A408EDB2FA7A838C44FE5E04250CDC0E3923
          SHA-512:F28059EEA06F610EEC9E08EB6A250A43C46D1423CFEC7B74A8DEF572F5F25262FC40951791140C239E49AD7B933C10364225B26A201721E926ED408A021EAB1E
          Malicious:false
          Reputation:unknown
          Preview:Times...E1x.C.7..._..\.`.7..-.J.u.......Nl..I.n.,98.......=..z...e.)n.....S..i0...2).;..I.V...h.:.Q..!.b...A...D4#]'.P1..q;x..d.JM?n..g...2.].r#..c{..R.{e9Y....4=..).f.......R.Q..}..*T...M....n..*P.U.A'jR.d.-Q.N6..1.5.....n..7${.......\..%....u......<@."$S..;..)jh..J....QM.............p..{>..L..K...._.........z.75...X.2......H6d:.G0.-jL..{.:....U....T...q...._B'.....K}....B#.Z{......a......K.\.$Y..3....AE..TW\.Z.?.._a..v(!/.......U.f.Z.:.fcU...%.q;..|An..mUY2f(X.bi<:..`.....S..I....Fh..=|?.la.....`..r.I....08.)....q.[.Z.....Do[....(JH8..*.....U.JE..(k.x....6Z.#Y....4.k.h...y.8Q-....?pX....1..=........q.Y*a...Q..a........g*..;...qA.>U..%I.4......06...AHd.$....~.21M......../..W..h!1...EZNh..&o...#I..u.I..y.. .Y-..&.<.{.S*....z.r...(vO`.E....o<......!..l.....]A.....~.}..+OgT.......&5....@...p\<.{a..........JS.......AJ..>...\..b..X.0PO.....I..5bNW..w..P.k>....7..",j^.9.......x1...k.Z.%{....{...H`.x.1.....+.=..n.(..B.<...E..ib.i.....<.~..+

          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1725550491176359700_1C80F94C-89DE-48A2-8E70-7714657BB87D.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):20971854
          Entropy (8bit):0.12085494072922615
          Encrypted:false
          SSDEEP:
          MD5:8E0CB2D340FD7576A8614732218A7F82
          SHA1:F9B776316D8E14A6406F4DFA9A8103FF9321DE80
          SHA-256:742624BE70CE070013DDF42280B750495FF9F569FD7671501BB4D39600F80AE8
          SHA-512:8377F6E867C47D36A12870D0D67B80D94C0BDE383D85EC5563BDA496FCD332FFBAED914FD29A0F009893A6BD8FFE7C50E4A32430EF38EACA8DB1639783D80704
          Malicious:false
          Reputation:unknown
          Preview:Times..1..A.:.ApF.....X.-._Sd.....Q....J7..L1..IJN.m....nV.%m..!..m.T.s.."y.(Z@H..4...(]A.L?+N...@t.W:.....V|....=...q.~....L.hoQ...+U...R:D....QG...Xv.....D...&R.z....>.k`.IT=]....^...2e...`...I@.8<...j.G...Ka........C.l..eQ$..]..... .]...r..X..1.....j...q..>W.;H.A=..m.{&$.CC.\......P...........-..Sc...u(....\.mu.R...o..j..p.......Qv.......>......(..U....uW.l..H.}#?...uIKd...aS.P.N..a.v'(.L...;.....*2..tw.B...m.4of["&.}...B...W..K.j......Q...RND.x..J.\.....A....VG../*;<8.t...W!DSU.t.u#.P.....]H.>0....?...(......A.....[..._.t..h..@.....P....f.....4=..`^...Y..w.....f.I.~...?+a.....nW(..e)z...D.x..Fh..VV.q.. ..W.)_...F{.E.!7H...;....7v...$/..HJw.-.J.......|.._.lz...PD\.*...'.-A.'....X.u.Xv.....l."..... $....Eg.....q..C"...T{c.!.......b..f.Jv:...:[({.a....'.J...qo.,6k\..q.=Cu.h........-.,.q......U....:yr[..\.l...M.*"=.....*<t,.............OFg.Yl.|..[k...A...q.[uN...Jy..ep....../.k.......!.V.H....~2$...<.7..R.o........W.9V

          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1725550491176891900_1C80F94C-89DE-48A2-8E70-7714657BB87D.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):20971854
          Entropy (8bit):0.12080655601120718
          Encrypted:false
          SSDEEP:
          MD5:A7639843E0EC9C788EF509957C3648E2
          SHA1:4A82320E6ADC1F46D30D6C925D027F6E0E622E4E
          SHA-256:CAEB260B8C04BE4C8D08D82020FCB91A983EA43348CAA960D48D531D4EDF3EBE
          SHA-512:1577B739DABD6F7B15F6BAE67F4224CB53BA02654561D4AE88455A369793B9EBBEB2A48F86F3C6DC070A334167780361E8ECA5577B925DF4EB7E5AB859AFCBB8
          Malicious:false
          Reputation:unknown
          Preview:.....|..I.W."..........}h%.Dh.....'..).... ..p..Me.*[&&.n'2.4......i.9,...{.7.P....N.......G.b.0..X......>.A..A,..."......[....8.^9...kLk`.....,......t.;C...u.V...h.%7....'.....%~...k91..C......../.3{...].....xd.F..Z....8~.V...1VMJy..^...;#n....(.E."`.`.Z..E.@.&,..&.p.....3...&B.%[J........8..q6.L...9.Q.+.+...8...8....)"....../U"...+~.T...I4vZ..ty......7I......JRY.L....}.K.u'...Ewd....T...j.:.J.@..tK.._*L.48Dw..a..P....{0C.ZC.....+..{,"A.......4.JH!n..0.@..{..C[...1.%..,GW......8.9|.....>..`_4.`.....b...k.W.:..Js.......v..B.Z{A....uM...a.....h......RKO.....]z.Cd.E.._.>..nVnr.W!E.....Q.]9..,%.O.Q....U.tO..s.9...lIk....}..6.iO4./.g...;b..}..F...:...+v.. ..k?F.;.e.0EAL`.8...TI^/...v+f*.$Y.=............RH.,".....1HF .._.F..>U...U...g{=v....X....4........'$.s.3.P.O..Ky.?....i.".5..{{3... ....+.1.MQ.......4P.......;....$6$F.cs..W9.oKI\..5........e.sP.y.$8G.@.p!k....R.j..\....h$.).^. &.W^s.........<.....\B..9..}0.\....2J...=.....a..-O..<z....h

          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240905T1134500675-2032.etl

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):201038
          Entropy (8bit):7.621048639182776
          Encrypted:false
          SSDEEP:
          MD5:966926B25676D1F49DB49EE69747DB8D
          SHA1:A2B98414DDF19D0E737C0EF995E88155A297E9AE
          SHA-256:507C67E2865774BEDA15F12DEB816E1E8DC3B71BAB217B1175DA1414868C050B
          SHA-512:E5D566093A362C98B4E9926487A953CE3A1C86A648762B8DD8F5CB07A9C8EB2330AA02EF7A2753D340722E8921A6FBFC3AD8817435AEC42B07CC590450CB644D
          Malicious:false
          Reputation:unknown
          Preview:.....c.+...*...r.}.;Y.u..[.......Q..6C{.)a_6....p$/.-..:..GX..........k.....i%...s.Z..R../}...&...{s.id.HeL...|..|.....e.....o:.m...g`.A......E..0..=..i".`.......k....)-.........`.\.^..%.?.+.}9.ye..u.|2.?......O......B8...i..Z.W..)8.0.@..gE..x2.eV.......zH.%....i.........k...<..n.8..)..J...........Y....w..O..g..u......O........".k.v.jq/.$g...... . .DF....C......y.'..;.B.R&bo...........K...0...Z.;..M.DE...(W..6q..'.....8.?...dF^*.#-...6.>X.*...).....E...}!.|.qU<.X.j..E.."+...6.."sn:.t..g.....t..'%.Y.......+. 1X...{-TW.Q.n`.]1g..7..H..._B...`..]tpw=[.T.....2....M...L.;*.....J.k.k.........[.U..OP.5g....f..g/.2 <.$odA.!1...2.].W...a.k...9Lf......L.c.r...P%..$M.D.[$...f..1Z..q..g8..\)|Td..+...(.9..."M.2d.......^.:.....|. ...sJ.K.,........g`.'..A\"...~tv.>...;$#z+o...Y.\z..u..P6S.........x..n..$.._.G...m......8.?,f......Vn.9...u......o.....G....E......S..W.y..a..J_n....&0.....u.....9,!.......G.wU.9..,Z...4..o._..{..D'IRfa...*.Q..ld.....E.v..q

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-06 11-46-01-753.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16933
          Entropy (8bit):7.9886352621324725
          Encrypted:false
          SSDEEP:
          MD5:8EA9388108FF9C19609B910FDACDB681
          SHA1:B8CBA70630FA8AE22BCABB15B94C6D0594968BFC
          SHA-256:FE904803A05FB53BC29BCCA26D73A384A40D218DDD53D4217859D8618CE64DBE
          SHA-512:8BFE388FF9BD2A1E9270D20410B45AE243EEC96436906D222C13996A3A983C1984231082BACCBC5F68217BF9A5EBF4A4516E54068E05ECA705903097104BD187
          Malicious:false
          Reputation:unknown
          Preview:Sessi.2...r&..p.s.......j..j....}:o..9O.8...!W|.S..%.w^.....v.....U0..=.p]%lj......4U(W....'.Q.8|....1..-}Q.e.vP..g=tYV.[N&|NeGX..".c....Y......O...Q.1.u..,.@..S.5.(k...bjf....6..3Y......z&t.U.E.......m...!...*yy.Z......2F..*\........wM.;....{.x.<.boK".......}*...u8. .3..h..W..?..gE.....,5...*...n.......Y+..DU...D_[....NA!3P9.|.......7.;..].=..n..?....x....Wg..;.E.#r.&.s.....}.b.c..$P.z..k...a.|..#&<..|..%L.{..h..(Sy.#..O......n......{^.KS..G.p..G..x..r...<~.....(....d.U2#..t.X\.t('.D.q.J..r...].U.@..';....la.....R.5I.L.B......p"}...0#<.......`\.P.y.k>.rSH..}...!3Y.|.'R..7.@....W......W*....(....B......7...uj.8m`!..w.G..+q_id:..p....Rf<,a...#.e.L.2........^.}57pao..!1...~.;...v..B"p.D.^....+..6...r.m......4.W-C....N.wey..hO..4GnTYkXK.@..%.....&^.~.<.&.*.N5~....2..L|...Sh.H.\..W.vM~..g..F..-..>3.L.u|.3.($b.[...L%.....e...M...R...h%........../sQ...z..4.....@O..D.5...W.F2..]..EK..........]z!.*.ib.............&/........S....`I....s.#:.../.RX.

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-06 12-09-20-923.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16859
          Entropy (8bit):7.989086130812015
          Encrypted:false
          SSDEEP:
          MD5:30D9F9A2B791652BA106CE87F4F38E53
          SHA1:EBA57E8AA3218EA3F5F664E860879A71BCE3D253
          SHA-256:6C25C925DC82153D44659083038C5E8416BDFC39203C64CD13E830C6DC88F544
          SHA-512:6C6EC37A170C5A715702AA3D62657D1FAD9DF86984D00EE64F476DB1CDF228EAD201819E44EF9C3C5792AF96C7028D96DF7EDDF7E51E538AD05CFEC1B629EDB1
          Malicious:false
          Reputation:unknown
          Preview:Sessi..~$.sL<>.j$.....%@:.<..sy`..*...5..}r.4{.I~...........L*.U....~.j.ip..~=.....X.BO...3...B..BU_...9~.F.2A.$.)0|.....DD......|...."r.1..@.X..*+.Q...YH.z.....p...U.`"-.L.h...n..4.8....+l...x.*..!..+_U..#...x..&.mQ1.f...e6&..ay.T..".........K...e/.B.P{;.u..o=D..a....%..C?.,....s/\U.i.%.....za{......8..o....Q.... ...L.a.n.h...(.Ml.L..u$.V..%B.w.y......).!-@..7v7i`..vy...`.Jw..y..O.......p..:._8..9cA.E.|(.".N.......xy.2.*......!X.5k=.~x^.&.F...Hw8.R.e.{g.k..]...yc..R....A..{ U.........s.^..6E.A.T...j........Hh.@.,..)r]..KD.)J...z.)lly?./;....`.R....a6.4...G.sL9Ac....l*SaIW..G..).[...HI.. .r1..:....w9..X:...8....I....p....lEw......w......i.. ...,!6...t.Q.h.w..79.rP..F.\q,F...M3'T....B.e..u...%...{......L+..6.*I...D{..^mrd...fCpTV./..R...=....!.......7....auRI..<..k...;.w..%Lq.`p6.....j@..#.<..Q.......t.^.....).v...!..+R...p.#..UV.......S..o..BF.Q.Jo.n.......[.{slw..P.+r..O.....`3..Olh.F=.Z.E......-..{k..,..A.....2F...O...B../g...

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-06 12-09-32-741.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16859
          Entropy (8bit):7.990450897423823
          Encrypted:true
          SSDEEP:
          MD5:85AD386ACA4943FB6B4F478B4C877BA6
          SHA1:8BDAA3D6269E9D38128EE71AAB1901DC0A3B04E1
          SHA-256:A36E79770C4C1266A28F34E65AD6C2872D47F08B5FB5F8F712F38742568CF3B2
          SHA-512:D0B26EA550CD17A145B58068D33BA3582A3644840B0E5DF34793C62360DDB2B6B15E7F0DFE2BFEA1DBE039F8B08129310FA8E1E0D3D01257C66497C50088DA9D
          Malicious:true
          Reputation:unknown
          Preview:Sessi.....+_(.j.3}..8.u.>|N.g.%@..|..t<...(4!P..~.N.....?\..{.....U...9..R.gW.%....J..0.z..E...X.F...;..,Q...t?..D...Xx....(..z.....9..i.....s.'{l)...%..J..:...o.>.a.Y..a.b...N....AwV^jr.o...Y..(_{...h........k.x... .8..p..o....M.!L.F..f.....nk.Gu.."..n.r..W..i.m..y.......;c..$....g~.eG..U.&H...D.....(.s...z.:..%^...\n*... ...J...U !-...R.J...~4..g.Z.B...../..c.l......z........B..4@Ap.V_4xM4Mz...}.b.L...}a.r..T..H..fM...^..q...`.m&....Z.x..b4.3..(Zj;X.&.U..b$xx.R:...z.oq@..b...U=%WC......._in-y.,*..`...7......IF.=d...+......LVmeR\CQ.ke.Y.c.x............%.......^"......)....t.j...K.c.........$.. S.<.@..7..Ue.U0;..:...=\W...vV.e.%_......0EX.:V.Z.i..%...h.LU.^h..:|..@..e.+....+..=.zn.y.].KK.f..I..!.....E..{r...!........?....=wY....e.V.8.x.......'.f...Uk.Y.h.3a..........rB...Q.0Y.mS........#....?#.eF..#..x.%s MF.E.v._.]d.t._"....7.....]..k..*ltl.../.....=.....\./..7....7..El.5?<SU..[...|..G.BOQ.R....].0.H.wRz4.T.\.d...F{:.|.x...$g..y].?..w.4...R.

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16933
          Entropy (8bit):7.987600275381744
          Encrypted:false
          SSDEEP:
          MD5:74BFD9C9DC0A1B8C0992DBB8A31902E2
          SHA1:EFC09B5D276D483DCCD1C1F0CEEE6F0C1248BBC8
          SHA-256:8C6FB550A8B4E5C6B79C2AE36D149AE0D08AC5108F5C8DD0137116EDD329936E
          SHA-512:D067D8397D8D8A38F14C24092778F71D3E2B51E95758AEE04361CB0D734A683732286B2DA6A6C294EB879932D30560C7FBC5B453177423D9434E61CAC8E31F8F
          Malicious:false
          Reputation:unknown
          Preview:Sessi1+...` ...Y9(..>...pN":.p...C..g0.....<.U....P.!=...\.L>I...H.t...G..kd.#.R>.>e7%.I. 9..b..........0v*jx....K..*....;..uw...7......0...L..wt.S.p..0}._...Nf..X........\a...$..k[W..$3.....8.U.{..Qz.....l..-4J ...u......!...#...T........!...........3.v...".'..._c..,}.H..g..e..f.(as&.GNs..jN.....\./.....Ip.@..= .bV...;.&..A.p8v_r.2<.,..z.-.......Iyn..D.....w.3...........&..?.d.V.@.._...!.|.K.A ..O~P.;...U..e..t .^V.x......MKy.w..\..(.D..0......;.....E.~.-7z~.U.?..QF...].]V.M.HgV.D<...8=f.o....3B.A.B...e.ig.........h.WL.II..?R..h}2.;..gh&D..U.9...A....E9..d...0.*c.Z.-..u.P|.6.Ob..r.iPo.Z..N...C.u..J.Q.x[q..b.z....F...q.#o..y.....4.N..9...!`....phd.jCX..E..R.]"...E<}!....(..........RM.. :...l.f.....#..8..z5i...........". ........lo.E.w\.(...Q.;.s...t....INL...rY3.g........K.J....N.....wx...5q.~..B...*.W..N.#O}S.....`.O..f\...S....zz.U.y..@K.....G..916ZF..S.J.(..>~m..h}.....A|.....f...k.FA7....C9Z...p.Z..../.I.......x....z

          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):30179
          Entropy (8bit):7.994383510695241
          Encrypted:true
          SSDEEP:
          MD5:621F47E62B68A67AF9CF1D06E44D0E0B
          SHA1:FB16E5EEF0E7CF45AC9E24584BCA196FD9FC8F5D
          SHA-256:4942F275C2E569B4D4B89913A0055B09E5A01AAD002A7106928890F65FD59323
          SHA-512:EC8A94574F3BB76AFB2093BB32F58C8C17B16A88BC11C6C722DBC6DB04C049D6AEC34A8DC6E807ED1AFFB53695B2134F8AD4C499920B7F4223AAEEFBFC27CE0B
          Malicious:true
          Reputation:unknown
          Preview:06-10b.[.-.."...F..$.W.._+C..[..n...jp..p."+.>..mJ.E..^AM.....EG.."P6........R.Z....5..iB......@......a....9./R.tG..hh_bBC....|.`..<yQ.-.....HJlc..V$R.....(...{.w}%xV.._...m.....i..-....q.,.......l.`..O...){@..&d...<.6i......D.{9.x.p_..:.m0$/'6.....;..&r.|.=.>.U..fc...8.d)......J....wt2.....".....:......9 9^.....N&S..z..1...9.A`.gA...^.}Ug.< ...=...~...8.5.Db.h..X....=.T..9........>,./N.....Q.l..3...GJ......!..R...I...y.4*.....z>s7.*...<JS...;w..\_...'~<..od.gB^g..M~a....$..`O..pJ.-:.t..'..*...C..@u%.{.P......S..U.-.E.1...t&._..E..U........f.......!.".?..?....K.3...s..g..d..Q-.*b.....{....P....5.\&.}.Fc..6.R..i..>r,F..........z.(..4.c......U}.0J........xD.)..@..#%.(I.7.?n......Y.B;mB/Cj3x23j.!....{......mG'[.o.....+.&.%....=....My+..Ls2e.>..ANo.D....,..G...j........ .._5<..k..U.m...(.6.nq;.,..)......x'b...H.q..k..45.K.....J.uW.]P....%.......P-...1TT..%L*...1...C..{.j.K&<.kX.".[..Pm.Ga..a.......?.77H..8...+....2..9...:H.....tf7.(K9.z...\...!.!

          C:\Users\user\AppData\Local\Temp\chrome.exe

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS-DOS executable
          Category:dropped
          Size (bytes):141134
          Entropy (8bit):7.998648448897335
          Encrypted:true
          SSDEEP:
          MD5:95C40FE2C622950096D0ED928F0DB083
          SHA1:654B6509C30505AC91EAA3CA8CF2A7E1E1AE8CF9
          SHA-256:53A300FB0304C7DE708ED7B2A209803F267999E51502DD48F12868B6F8BFA739
          SHA-512:7C54A6FD38EACFCB9F462F25C7C39F1AD8666FC2F07F13400688E9EB7AD2B59E308BF4CF66C6667FC9A4DFFF9FE9C50847022B4100A526E86E7DAE5A3370398F
          Malicious:true
          Reputation:unknown
          Preview:MZ...e%ZOTZ....=Y................mSG..2@c..&......[TU.6....,-5s8.>.m.q....5.:."........y.`.I2 ...y.....&...b..(P...t..b..e'@..l...+mx.7.y... .L;G....i..HJ.;.Q..0}p].C......GRwI@..j..u...!eh.b|.....).C..9u=/..Sz.....n....j....z.B...Q.....?.....,S$.3..F....#...M./..N.O....9......%..MR&..Jd*.......:...$..0Z.g.....l..../......1{u..*F .$T...J..[.E|.....i..*`...=.[Y..._MZ...!.m.:...U.:.I.......~.a..q..F&....U#....s...2..Q..q......:DT..7M.....8.3...}6......d..Rk.....$]Q.t..p-.(...D..Y....-v[-..4.r..8....kX....O.rMW?j...HX.TV..w.V.pNq...._...-...4..vh\....vM..`....>.L.........../.s.U<.(&..ie.........%.X....u...y....(...9PJ..b..0..W.....]...0..R.]...aZ.....!...........q4.eD1..n|..G<...g.u.%.d.{/$.......bJ=!4g./..mt....B...#.4........<..O...7h....l.k..,........Ig...`$.L....&.S.....#.D....(.5..Z.zp..I..W.....sB=LU:......G.{w.T..G..6....IZK!.?..x>Ybi.E.-O.h...e..g..W.e..]..].u_...&..j...=..-.{.i..E.g.(..K...FZ...3L.....X>....n....{.............n....

          C:\Users\user\AppData\Local\Temp\chrome_installer.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3279
          Entropy (8bit):7.94078897486653
          Encrypted:false
          SSDEEP:
          MD5:96FF97C879961F70FC24294D41D0BFE2
          SHA1:9B2BE10457D0D63A48E1E011C214729D593A54EA
          SHA-256:0C783F739652D1A06D861E9D4F7305932BE93B26D69BF5B44D5EEE49158D9F70
          SHA-512:7753F344176B26F0E654675BB5116376303176C83F3048EDB67C7B8F195B948670EBA7DFE2D9CFB2A51A93788C30796062849B0EF09B32DAA976C215E9A08D7F
          Malicious:false
          Reputation:unknown
          Preview:[1006...V.7`....*.&\.v1naoA..l..|..VR....UQ..4?..F..C.=........(...o.<....D.F".c...wQ......4;.i..W.>..:......e@..'..6..c..^U......a..E.b'......9......l.t.o...~..y.8U..E.W8\r.....D}.L{..9..u$....Uk....r...7@..C...*$A.1..j?.JgPI .)..0.L...c.Z.{>....|P..2.......!t......>.w...c.a...+9..I..l....:..=. a..h..l.0.Qm^..sL..1...Dut!XR.BS.bU.31..{..k.,.C8..<0l./..G.Sv..re...}...j.S7.zK....E...>.c....^.2..v...vNN.s...3......*.......z.V.5.aO..+.Zr...+(......P......u...O..=.w.....U..>.&._...r...4..%....@.F.........yO...Q.:n..Uf....P.:?Z.Lt.z..?&.Y.....CY..$b..w...f.I....3x......EPP.VZ..$...y3...<2....?....h....Jy.Cv.@.O.58j....|.~.....[.)........?tS6..FW:...l.!9....$".v<.k..n/s...|Mu....d.....F~..C.{'.'Q.9.O.$..s.7...(....:..@...`y..D...5 f..yhQe....0.....Z.)...O.K`.Sq.....+x...M.j....K.%V.9.e"..l;/.:.c..R.+.....w.Yg.....8."At.r.'x....<...T.IY.}.T..*>........&...F...L...zl...-.L.J+X.db.H#..O[.>..i...r..2.4:......C..9..n.0....I..{.0|.J...>C..\....*d

          C:\Users\user\AppData\Local\Temp\cv_debug.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1639
          Entropy (8bit):7.885427884299341
          Encrypted:false
          SSDEEP:
          MD5:85D58C66991A19C5C738AC75D6EED190
          SHA1:A7268DFEAB64B45049701A31FEC5BEC02E515FC6
          SHA-256:D1A9444E864044F34607232A73300CEAFA8247A72B9E57F335195E4CAA845F68
          SHA-512:0447E43148876F6FEC0914EA363BE527F8B97293F002E5ED24DE2007537268923F34703C4ABF043CF2ADB75F8C968AD1C27AC24C1FE1E0DB35B2597C6BA2CC3F
          Malicious:false
          Reputation:unknown
          Preview:{"log...q."rS...U..l.)`..}...h5....v.........1.....z...A..q.=.uw...>.3.?.j....#.....#..y..Xw..,.i.I[s.. L.I-.*......,...[g.r|/.M{O.[`.8.W..R#....c."&e..c2...2.....WM.x......1.06....9....._wg}7....&.kR....%vF...-....[....5B6|s_m......|KE......*..}...9)_.j.g&].*4.ZaAh.O.!w..a..&G..i.).Q...#[a(......d..;.......qq.Fz......@c.3a..~.[P.a~ez..aF"...r.^.7R..?...J;......=h+..."..2&...bW...H..EYa.F.\l=..6j....z=.k..{..8gO.....a.V.v.O.v.9...@.p...3n......!.$.........+S....R.t:"....j.4......u.S.....5...Xa...J .f....O[.y..'.2...T...m...~..}..7."...w.j......G.m:*.l.......IH.7.....3..rN..l...V.%.b...%....}.1..?..4_Y..*.tdz.X.w.$.8..D.z._..=..c}.9..Z@........e.|.E.;...*!.!....a..J.|.2K?...........n.\..y..^.#..Od.t...Rc.._..,u......u(...%.'....e.Pii...q.8s..;.G....~..S|.....A....&...m5.9..H.1..o..O~.DQ.k...;....U.hy.nUl...AC!].#}..E.....L.<|..K/Tz...... )l.Js9../I.-....~8..0....y.......c...._..K......\.k...?#._I.w........(-..'i......}1mV/..).Y.......

          C:\Users\user\AppData\Local\Temp\f4c0ae20-77d7-4756-be71-10b79d362b85.tmp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Google Chrome extension, version 3536100355
          Category:dropped
          Size (bytes):1332939
          Entropy (8bit):7.991140030216816
          Encrypted:true
          SSDEEP:
          MD5:9747EF460AAB58709C1522C9E09BAD90
          SHA1:3F68273D4C2639A5391D3C721DE4C957C3F75FF0
          SHA-256:8EAFFFA6520ACC92576F67E4CBBB712B35DA10691069DA45B5EB5930B150CF00
          SHA-512:CC790052C260C122294B21D79576F837A711BCBF7867A106BD6F80CCD236613DA5FF171356622407B1A700D7E2F39D82CB69782AAC1CF479868599043BAD2B54
          Malicious:false
          Reputation:unknown
          Preview:Cr24........h.y..W(.y..m..4..vm-..x..Z..<.N.}.Z....(.......[~aRr...a.kp.:..t...Q.'.^T.k.:......{..'3.ls...uE..Vv..GP(+l..$.f....c./m../l.F..+3...kh^........<V.|..W:.Y......._...i.4F.........Fc2....=....;..Ay.....Y..'.<....t.....{.~......XB..."....&.,q..rd..s.F....k...Y.*`u..+.I.4.=.:}.O$(...e"...$0.\.xS..[o..P...&.Y|C...I...&=.5&.........DC. ..0s.EK3Y4J..1..[....U...._N'..lK.]*..+.G.8.jp....)v.rg.......~..u.3.....K_...J..x.GT.4......A.{.....;.l5...I.u.%s.......-.=........kX..R...zM<_..w.a...?...*.(a...2>.4N.0e7.N..,..r%.Oq.zz..i.M..i.._..e ..fO.H.z..Q..=.X#.....U..A}oZ.>.....J.)..A.6j...?....8'(...Y/..g.......{n.]....4.HHP*...6..@...........H.^..h>K.YK.C.._.E..m.u%W.F..h_...*gs......Yt)z.....Q..E..1....w.|.X.{f....#......_....OSt..O]N....>..;..i>...0.F9pY.cV"D:...p.H..U.f.....-!.*......Q...JP...3N.b.c...\c.OD8z....G.(..1tw...'....n;..\.E....vw.i.,e..p.q...v....z8O8x....|dI....J.B.vn^....T..)z.V6X..t..RfG.]7L.B.$z.....dEt@.a.g...I

          C:\Users\user\AppData\Local\Temp\jones.bmp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):602502
          Entropy (8bit):3.1750026883419213
          Encrypted:false
          SSDEEP:
          MD5:A2746104F6E3879048B905F8A818DAEB
          SHA1:E816A6B5A7AC13E5900B765315360800C63DB871
          SHA-256:17F72C964C03CE48B067611D3C3674242D34B995126D8DDED4A29FE82E2F9B53
          SHA-512:CC81D242D1D8D702B4E7069A112EFBAA51A660ECE3BAB027F28CF3A96879984682B3E827B56B40F379525805AFA39E580ACB249F69F310FD5BF9184B61997043
          Malicious:false
          Reputation:unknown
          Preview:BM80.t..[?....I.\.E.y.M...j..6>.8.$_..:..G...P~.j.N..n.....u.....6..K\5*.f....]..-K7..j.............v.k=..yT#...xA}`...XS...|[.u..K.N50..!n...t.....(..R...J.I...b..g2.Y>.._P.a&$U...{ ..a.....S...i.]>:.7../!......4........>.6)W.T.L.>K.q.T.....J.5.... .X..._.)..1.9.t..P2e....XI.iS....U....J.*..G...a...T;..}....Q...Q=,.*)x..A}.u...J=..O.X.@x..S.Mz...K.....f.b......z....._...`c.Y...My...;q...a.a\./..Z..]..\.....~|.../.FPU...%.`z{!...2=...[+5......^4.,@S....}{#..U..r...b..4%r...f..[...ib.h9..H...b....W....l....NG.....d5..\.`.G.d..^bFv...4...$.s.O.cY.DN...V..'^ga.%vt...@..R9R.8]n...4.....9..I.........@..H.FO.e.._.[....../..Q....*....9G.4.f..5`g).!.G..!.JBn=(.I.S_sDcM!...%..pHC.(2Z.m....S...M..@.m....q.........-VIw......\../,..Y.zG.-S.0X(....@4....u....$.cQ.Z...N..y=z.zy.......K#..n.6;..C.v}...7..J..|1K.VdZ..._.0..h...M*._.\...g..hzT......$...r.+.jy7,..RW.L..J.....O..I.?.8.-..(...Yuk0.y.......|c9.;E....s.7.5.-Ev..F=..>..P...`....L:..%vB.

          C:\Users\user\AppData\Local\Temp\jusched.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):34065
          Entropy (8bit):7.994275620405836
          Encrypted:true
          SSDEEP:
          MD5:3757A56D08FD974B930772EBDBD44909
          SHA1:49A2A6B5061AE80B71FC55A2582DBB361EFD7F9B
          SHA-256:62E74463740995E4086311F343C0D414862EA0F85434C2B80DBFD8037C809D60
          SHA-512:46E62FF7683E9EA949BAFF351575A061B202063F13455B72E04C97083B5C118FCF36CFDE19CF925D092FF0E8B6578AFEA50CFC83540D8B13CDC7B0FEAB42D751
          Malicious:true
          Reputation:unknown
          Preview:[2023&.v..@O\............^= .%..D..=T.U-.)0e(.9..!.5.:..v..A........%..$....._GZJU.FWp5..X.d=.G..N..[.gey..X.%...r.'1...iF;.d..>.8.....pp....I.....M.m.l.}.{*^.r..\......|.dp<.n..3*...<.I.f.....S2......Ts..]d|&.W.... Kr..g..:.b.*..Y...l.E\{.M&.....m..G....~lWGO.ZdH.cl......o....=.S.N....r..X.u[Q....Jv....v.(#...X.t.5.g..*.l.a..qr`p0.p..ijP..1.fM.H.RY....@..!.Kt|.*..Q.j..I.....K.:..+...c.V...W\!i?Y........1.[b.cBfcR.f.KP'.2,.........t]...?.t*....:.h....ANk1.wFW.W.b#S>.....}.s.-.n....=...'8mf..".O.~m...N..Gm7....."...L..o..te.../....B.-.W.C.e.....=3<H.<........A...#..F 2.M..K.9T.|e..-Pc..S./.,u..!.3o....HL..rV..q.....N..!....J0........E.P.l(]l.\{............7~..A.y..~..!.`I.543.k.K...%?....T..........i.|n'..A....y.Sj~JO......L.3Z.....i=...<.'.(.V...d..%.A7.v~.:E.....z} .!..)FrR.MK.@...|...l2..P|.D...zEI.|.i..\.......z.m...#p v...j.hp.c...!.l.{.a...R4..s>..5G..I..\pp.e..0.......\de. ..~}....T....4,.%;...CZ..5...v&.xzMo..K`C...#.aT..S...a..

          C:\Users\user\AppData\Local\Temp\msedge_installer.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):12233
          Entropy (8bit):7.987237672348615
          Encrypted:false
          SSDEEP:
          MD5:976808ECF39E9BCFE4125517C820F951
          SHA1:28875FAF689EC86C407ACD55377B130E3DF5A62A
          SHA-256:4491BBF725AE4E491E79BDA4F2A310D131D62302C944D803CD9EDCC9ADF6241B
          SHA-512:78AB05817E02477197D3F87E6ECAE9D3B3B46F97FEEFCD668E81500B563DBED438118776A299D005781AE0851B2FB90F0B38971D7E5B25CED4E73DF099B9021C
          Malicious:false
          Reputation:unknown
          Preview:[6396P...._r.._..\...FJ.....p.,PEb.5.8.u9.$...JU`.....iJ.^*..<....Li.[.v6.y.l.B.:...9..K...Y.....A.Y~...+.r@.Ey.Q.YTsq...U..&p.*4#..^F.f..?.9S..O...eG..L.....f..,.9...U....T.9m...K..y....V@...LR....a....QJ..O4.b.."....E.......a.....B.........A._...+.ud..............\...F....8.f1.%...w@..P7.7.:..D{a......Q.K.HL>.LdWm9..k*.U...b~.$......,...zd.e...a:..KR.U..I.1.-...5b....)...k.j.G..*?....+.A.....1.M;...k..]..3...T..?.]..[.G..r.d+........(..8........R/...l....\d.V>B..@#.....qn..8....e..%s."i,}hZ."...fFj1.P~....M...C..0..C.o.('.,.L...S.%z*t.}.I......<+{..Pa.3.I&..T.(....A.../.q..3.._3%4..K.K|>"&....._...c.=@k..=.....\.@.]..&Y....u.{x../D#HpZ6....$rS..1gT#..D.u.S..w...IrS`..&..5?.o.+b...aI......C9{.=.[. .1;..B$7."..u..L.c.9...OK. H.\.?..M....o.`.?../,.....m~......\t.H..N.......Q.....9.$<........|..n.t....w.5.B...P..;.&......u.c..-......!....J...."<.....JAg..y .d.z....5..U..i.O...(I.P.YG.....}..O.D...[...M.o...k.(.q..#[Z...2.....!.[a3X

          C:\Users\user\AppData\Local\Temp\offline.session64

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):66542
          Entropy (8bit):7.997536034936116
          Encrypted:true
          SSDEEP:
          MD5:4E06BF4B9B670881CE1973E37E71F569
          SHA1:843ADB29A733191481ED9E7001FEF1431F1E533E
          SHA-256:4CF9C6F92B8FD753A667E6BE03BC98F02E874EF3938DD47E40D43CB8AFA56117
          SHA-512:79F5FCD70F5A9E027A6B11E91658009AF5F0A584D719A46796EF735622C99A535E1C81BEEFBE619581A851D2295C8FCA13D5A3D25FD1AF50B88A91727D7ACD34
          Malicious:true
          Reputation:unknown
          Preview:1G.f.#'....a...L......-.(.g...A.k:.Z.....u..6<......z!V[..1..H..U..p..-..[.....\..L...'2g.....H.j.).n.Q.......].g.[......d..u[..N......U.G=D..O....l.[/-9.<5.M..-R....>..Z._Y....:|.ueoH..S..".z2.E..K..-T.w./...............5..(...s I...$.96.R.=.L(v.d...b.t.A....|D..Ie.. .u}....*..gJ.7Y.[w.u[..>....?................i...buA7.<`9..sQ.m...T(~.?..G... ^og)..y.x!...<.'...B^....{.pnO.m....}...XN.t..M.49@....*.&..i.4#.h...~].........cn.K.k]....f.e^<..'H...n&...#...q....X/Z.\.(.J.............k..hOk)=....V#...pi...t....{<a...7L..7.:?...Q....l.|'.........f.....Lc|1x.w...5I.y......7...E.C./.-.9V..xI$fXp..R..|........Y]K.3..7../W....j..8....{...z~66.....S.Uz..j..c..O bA.......L...`:..-......^s.9.....*.V+q.m...d....d~FO.....-.@.;~...:.'..~%2.f+.w.K|........x.y....9..j...N.sP.4i..IJ.j_...E..."....c...Z..4..~..-y....d.Wu.*.(.....;..W.........l..F....T.b.:P.).z.9...tQ..../[....w...}T_.~.`..rvv.2.Q."...V.xW..1..W..~...P..$.}.Q..,.*..^..i..j....-I...n.6H...6Z..

          C:\Users\user\AppData\Local\Temp\prep_Form_JSI_API_not_a_real_file_V8_perf.cache

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1045
          Entropy (8bit):7.782185621703841
          Encrypted:false
          SSDEEP:
          MD5:5B41E746D0886B83F454301F3D68193D
          SHA1:CAA33E28C3A97B3EF7BCE38109135B6E07094849
          SHA-256:9950B8A6A254D212B6B2637517694B925460AADB6A967CA975EDD2AAED05A031
          SHA-512:A82BAE7893DABFE6AAED749CB6D5D776C1C34D3B0057D85A5EE631C8CDF64B2234C73DFDD41D85C8B6984A0B9C82F92B9D1AD19DD29E6DF813FB6A44BB5F25B0
          Malicious:false
          Reputation:unknown
          Preview:RNWPR..V3AW.C.]2T...|..!..vC.....'.s..[..........1..a..)RA,=6.....7.d.r....b.2.|..Cs...yW.v.R....6gGh..eX.<...E@_H14.r.U8....=..|............i^...K.<D.._...j.*.....N.O..zz.}..*... ~....O..9.y.Z....xux.=.7.M<.9.i..[12F..,.....td..-4.n.T|.-....a/.....5......<9B.>z..p..U%.X.^..'..!>......H..l.E......J....&.....u.:a..2.$..r..Kf..;.f`.9..!'8;...'..i.M...u;_.!..M..\...`.....bRm....YwT.^".....T....4..."...-...*.O..%.........r..m.;.M!....9..I.\T....T..U...N..*.^.....=..QZ$Ph.A.{.....p1......g;...F.0..H.!...3.cA...u.W.....*3..b..[..E.d.@Wf.......w.^..z.B_...Xuf._.6.C.....c2...W^p...v..I<m.u...v...M..F..w-T.%..s.5q..lez<..nr.Ey.IsK.k-.e.w.n..Wx....G\.F....Q.Q..=.r.....v_....4.;R..Y<N.......l./.EzS......CwpA7.t... %.4;Q..mN..YE........fL.......X]fM....c.;....]+.1..#..&...~"0H .'v| K.....[.y....9.~.'...k...w8.h...L7N.......#f..m.B.1.."lg.z.....-.....I3F.p<b.u5..7...$$..h6..|&...A..........Kc....z..Q.v.F.9pbW1L8qQshua0c0KnGl87DEySlTicffx

          C:\Users\user\AppData\Local\Temp\prep_foundation_win32_bundle_V8_perf.cache

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):662045
          Entropy (8bit):6.821839090415338
          Encrypted:false
          SSDEEP:
          MD5:69DAA49CABE07A654AB2E128FB817FA2
          SHA1:217FD8A8D43050A470C30A5864FE1DC29592724B
          SHA-256:60FD21277DF171FAA1628CE7296AFFC404AED05DAB813A612907183045D531E4
          SHA-512:E6F3A61A1F875B353BB23ABE80BD09297269608371AFEC3A2B7AC2F43DC64EB67B1E5E6FDC2F0E8C24EB916ADB2A05B9205AD7590DEA6D8A9E11FF6C02EBC14B
          Malicious:false
          Reputation:unknown
          Preview:RNWPR._.._.Ir.........8Y.!7..t.....e`K.@.N:}.W....qQ...xuvS..g..U.8@..%...o9.us...... .U3z.NK.1(.%.....fZa..<~..'.Q....?5.rg..p..<k..l..O{.,_..1.T.T.......@....?`.8}.*S:....U.P!.3qE....A.|..7.GD..?.1...Y.0.LR.........x...2.^.8...;s+O.=I..R.zLP..p....F...4%.........c|.s..B...e5.......<7...f..B..+.K...v.C.M.%..M.#...q...we..p...k..?S....$H[>].i.. ..g...6'2..!Hv,.A... ..f0O`.L21...)NW....n....U....M6s.n.0!m...../.....C...%E.G.*I.-/.[q../...H.V.....6`f.......jq........vXd-...:.bd...2N.....=b ..@...p.rv4.1+`..=......)TI.2...P..iJ.k.@o.o..}M...?..<E.<8....5.1.Y.O..X.U14o..Y...v..b....|9Y[..V. vmI.....'.x.g...g..+A..F>T{.....6.1.Hq.z..m\....\..i.#.Ao+.9.![7.L.....%2W.U>er/....v^..D.R._X.5.|.V_v'........].!...FP...X...~bW....9....f.a~..\....>..}.c..ACu..8...2)......H_q+1.`S.>.xW.UI.^...X..@.G...2.G.....!z4....vf.H..3.{q.0...}.V..ng~..T.l.z.&6o...W..H.-.\WgU..e..|.i.......Vma.D.Y..C.I.PDg....}.W$x./g.....WT...6t.^.&.Y.wHjSsI.G...Y_..T..V..,'bl.'?z..Y.6..D...v

          C:\Users\user\AppData\Local\Temp\prep_privacy-sdx_win32_bundle_js_V8_perf.cache

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):193313
          Entropy (8bit):7.869621271014719
          Encrypted:false
          SSDEEP:
          MD5:96E1C151ECF5A84FABF9390CFB400D6A
          SHA1:A070B017EC97BB584A02F7B9FF8749CB4BAC2EE7
          SHA-256:2A368E138BAC0464943433EFDEF47EDC35400E2B25B594CF4B855DBE8ED9FCC4
          SHA-512:BEE9AF001FBE9D68215469A761F12DD1E9969EECBE09E6C43AA41452974FCAC5326D8492BA6954B7847447ED70DF9A42381E9C75530CE89084DEAFFBFE6E8C38
          Malicious:false
          Reputation:unknown
          Preview:RNWPRA..w......L....."..4...8.._?x..+...7K.>..v)Whc.....5.....[.z...(9[V\I..?.C}X.[.+..u..'_.".j.X........q.-..//.#.O.B^E......>n,.=.l...UPA:.XI"..3..e.l.b..?*0p.t.....v./..$b..../...._.NFl...g..M..%e...X.O...)..B.Z..h...(.........a......8.9...1wa...,...e..*.5...?*.B-..K.i....vs;..8.Z.a....F...E4.lU*a..6...#...?z.....$.P|.J....U.oS".~.[.9Q....H==.N..;Q&.....3.O3.....5X...E3..E.H....e}...c..}dP[FK...g:".3S..FS..n!....S@~.x9@:.H..Kh8t.`.)..L.!..)z..2"B..h...5....iR.M..`.2]...`.0:..I..m-[R..z.gU......84..c.[..'...._.H.\.6+.R$m9....A".w.......e..?]b<N...n.ji..{.........g........;....R../yt.....r)0.#......iKDQ.....}.<.......RU.....O[...^.....=.2?.2.../..`.<q.o.4.A.5.O....Q..!......8K..nE.r..x.a6..++...R.)#_..%4}...E.DA@.d... ..J....~.../..j...^.@:..B.......wZ..B.t.....}A.e..;...j.......a...l...f*...8......tZ.K..O<4......p.....~Co..o...hEX........9H..Z.d........G...T.....A...8g....1y....-i..-x.....E...%.......$.l..XE3..0..p.ychO

          C:\Users\user\AppData\Local\Temp\prep_ui_win32_bundle_V8_perf.cache

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):240237
          Entropy (8bit):7.548422750726406
          Encrypted:false
          SSDEEP:
          MD5:4B77D9BCD70CA34531A51A32AFFA48E7
          SHA1:C07B9091BFB2743D66A123C336A754E33F2E32C1
          SHA-256:E799F896201F914524E608DA4907D4E1B646D4576595FA2BA67ABC74F5B11C1F
          SHA-512:9CCDE731B5935462D3573720F4AC308D784D3843292233968EFDEB1DA75A60432029316E4ECB0FCFEFDBA4ECDEED3664FC7FB549CE57192B622BC44C60068053
          Malicious:false
          Reputation:unknown
          Preview:RNWPR.E7.(.k ....y..`.9.?X|..:.......+.w.z.=.X......"I.....U=j...1.1...1...U.H.X...dldtFz.F.k..]..o .tl......u2.o...^.(.N..wr..I.0..........I..bj~..$Az.r....^....5E......F%.Ax.A.....................Q.C..$.C*$K......'...Iq._2....;...f.K......|.....J.>%QRR}.....z!.a..y....).a...'ch..z....k.J6......2.B#CnD...{....*L5F.S.z6...Q.......N6..%B...F...D...n.L.V.i.9.:.D...?O.N.sV.x......+..xTS..F..3>Y..)..Z.n......E.,.}rz.W.....~^.a..h.............F...fF...........M.\.......W3O.u..Ul..V}/.*.bGK..z../,...d...$>m.K...:g..u.{w.F......bG.#.-1B..5.'.W...x....z..s@...1.Z .b..C.#.x,..&z.eabssdRR....4......P......0..J...'=..U.Xhe....r.=.....<dDD.Z]..[.Z(y..0.&..M.u..m.....p...).>d.......:S.x.^.....8e.Z....z'J2_V..(....Q/.%UT...P....?D..d.].la.7uV...t..Q...T.f...h...S..^......kgBa..,...5U...u....w.&.H......ho>...U.'.5. #<B.C..r.L.&vu-..<3.B....,...!.R.N....o..G...9....*u`.3.P...'v.e....S.......l'n...W...H~..c.F..X..&.6R..t.......\......E...9OI...h.....n6...

          C:\Users\user\AppData\Local\Temp\scoped_dir4744_1680836309\6a6ff159-acb6-40e9-8fcd-b065f92748b1.tmp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Google Chrome extension, version 2118910211
          Category:dropped
          Size (bytes):248865
          Entropy (8bit):7.985871257866155
          Encrypted:false
          SSDEEP:
          MD5:711C701925FAF97C2ECACE2E15F3D9F1
          SHA1:A7F68657ACF04069C8661D9959642BE411B981CE
          SHA-256:ABC6AB86BDFCF204AC345446332DBAB6EC697FB61460A00EBF9DA52DD0ADB7BA
          SHA-512:313BE79D20BCFDCE786666E071DF8E17E4EE9E567286924F93606A1025F8AFDBA6A1AD5A398AB342985BACB666FB8BC35607481981529143875F0A9E44B7C095
          Malicious:false
          Reputation:unknown
          Preview:Cr24..L~1Kem.....@SvB...Q.....{.B..>..,....;......?.m..A..[..0Z.......".5..#:........L..v1.j...$...?sgCf...%Q.....u..@q.........T1..IV...........wl|..(..n.M.../,F.L,11..S......q.....~.:.`V....J..z.8..........+S/..x...].[^...w.o...Ey...{ +9..+.3......sE.[QR<...@...J.)....@D:..;|Gz7...P...o...;y..Ry.._./~R.......q.v.I...D...&.."...<g...Q.R..._.c........./:X.>..2iz_.5.....>3........-....r......Y..tV.....Y.9..`.../e.DA3.f.?.....j..m.J.I.]...${3+..L.G]..N..M...X.9.b...=.?.P.J."..\i&...LV.P...P..T....J.Ctte..k.IB-...8...I...}.C...jl...2.<=..P....GV..8.2k..e..x..{.../.N....|i ..48..$5..\vAvy..I..).....a.\...Z.*....-..`..i..|.J....o..B.}....|....h...g.y.l.c.&ODzk}G.V...g;v....l>...l.3..C..6g..H..c....5DCC...Bu.[ ..~g...B......E9.2Y.YI..c)..._..51.h2..x$....q.K.JjW..Z..._z....1.n.`.....[..H...^.TW:..m....{.....=...K..r".%......2k...........m_......9..F/.t-.Xn.Wt#U..Z.a.z.]...j?.i.U.q"..n...].....}."zb.k..5.q.lFG.[*5..v.;..6.

          C:\Users\user\AppData\Local\Temp\scoped_dir4744_1680836309\CRX_INSTALL\manifest.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1432
          Entropy (8bit):7.858593079567738
          Encrypted:false
          SSDEEP:
          MD5:3F580893A93A94344C966B7F200AA402
          SHA1:8ABB6733C04A96DBEA2A2E96485BE7C3F0ED65C7
          SHA-256:B836EC0BFC0A822B0929C8F8E52BD2582D829E7E94EFA8FF85179E9642C96CF5
          SHA-512:C36FB0D801DCE17A8968EACD1D0F9BC0EE7F95C943BEE5B7AD6472E2F7E85BB46157F91E4D7B220C1ACB1850734F3BBF1A6C050A26B5E7E6C688DF5EC6A72ADB
          Malicious:false
          Reputation:unknown
          Preview:{."up$!...U..f&1.....D....`...E.$*{56Xe.@.9.{...8..~..j.F`o._g..`.+u...XyG.se(.)3._.....'q..{.....N`]..=........N..,..TR..drR.[!.f.@..d.Q..G.ZF.I`.(8MC.'%nF..</.....O.d.,....`.......$".>..>.........%o..%......l.....Y.Z.0.Go..{ecu/.jTv@>69..v,....V.Pv...<W.&.z....d..YQf..I.x4.9NDE.7..Q .....{~..W....6.wV..<. g.au7..=.GY*B.N..A..Y.6G/...#..n.../..f....6`...A..b.....R5#M(.....UYmx..8....1R.Z...p......C/. .........YQ.S....iv.=..G....5.H.K..Ox..g.G[b..CpL'.M...@pk...705@Jcy.Qw..pO4...x.i..q!.bF....C...%QuO!.[..Q..\.$>.=...X..o..W.....).......]y...O.n...K..<.q.Q.5....).v..`..&...q.M.4^Ig........Kb...0..R._..A......Jj.,...H..t._.....0x..x..I..v..2H.G...s..t.c.K>..... ....O.t?FQgx..n......U.F..^E...b.....|........)...._..7b.}@...7.tj..{y..o..[.8....3DPk'.`.._N...nT#v..#....k.2.$..@./I.'.cCs-...-'....z.:.}.rx.6..LZ.;...sf.}".].KcB.Dl....*../..uG..j.u.m..\..n..8nLt..G4...(..<......Y. ..B.L.B5.......T.W....c.0..~.....o..=2..._. 9...I.r.

          C:\Users\user\AppData\Local\Temp\scoped_dir5144_986825897\CRX_INSTALL\manifest.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3460
          Entropy (8bit):7.940849752453086
          Encrypted:false
          SSDEEP:
          MD5:C0831E13E3850E04B9B10A93CBF1FD47
          SHA1:358551391F3E4719C8B1E6A4B69E208C86DAB58B
          SHA-256:03C9C369690F66C12E0B253C77A358E4246A579E27AA4037938679D8D98E63CC
          SHA-512:11012C9885FE8024772623CB97E344C9E43C79E2B0C5F893A831D121E7BD7A9164995FF387521A18433F27A874D1FA05827C94FF6FB1B7C658577802A1C9F6DB
          Malicious:false
          Reputation:unknown
          Preview:{."upF^...Y...e]...j.w...C..T....a..3^......7mK...E..@......W.0AY.UM...aI.z&a.U8]/.v.E......`dkUA....].......X....^..H....!.5.-..4I...^f...3...~+...{...P/B......30...C..Y.....T.6.l..m...z.T..z..m...dd$..hw..."K.....a..y-A.)I.Y...$.........c.m...y.C.o...O.k..8....08..q.c.+........._.\.7-v+l8.=b.-Vf...[..."b......B1..'..(#W..V..8.....2.``2.. ..|a....%.0S6j..~..L.W}...?.-B ..... ksB..pd.3`Tk.c.....S.5!.....=...?P.K....d...t*.tV...(L....~..).........#.,.M..x:s...V)>.,.K......S.zN4..>.c...d..u;+.G.!.=..!..I..vS..:....g.H..sYa....![.y.5...Q.k.1.#ra...F......3.1..s...-fD.s....74.<.CM0.49....g..s...D._.......Z....;..\O.L72...HQ..4..?}.~v3s.;\.V..(.q[..wm.....A..Y..oy....nn.8....".^.....PY.....`kW1.e...B=...E;kG~&.I..ME5].".ms..;....\Y,......p....<j..[{..'....(...R..Y...:w.D.....-..<....Lo..d.p...s...=.E+"3.J."..37a.....R.@..Q.)).W..kL.n............>%T...w...b.Hz......D)T.=........P..+....7t8.vo.....}...r.[.+j...:.yP+$,....kMwY.......0...HX\

          C:\Users\user\AppData\Local\Temp\scoped_dir5144_986825897\f4c0ae20-77d7-4756-be71-10b79d362b85.tmp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Google Chrome extension, version 85068035
          Category:dropped
          Size (bytes):1332939
          Entropy (8bit):7.991134518113643
          Encrypted:true
          SSDEEP:
          MD5:B5AC09285F24CD766AD1AEEBFE492389
          SHA1:53025A52AF8B0BD269E5EF2207D1B7CE270AB895
          SHA-256:FA691F7EBBB205C1CCFFF7C56E9F867EB8DF25B428347E0463464B955C7676AE
          SHA-512:5BEA5806EFB2DF2AE196C1B5A2E5878299254E75475EBD41EF602AF485E13575C31829C2F73AD56C69B3B4351401B4D926EDF3ED6F93B2FF297349CAE60BC4E3
          Malicious:false
          Reputation:unknown
          Preview:Cr24......Wf/5].4..).S.....B....u.5.|...;...MP.k.C)g.W....cn......N.........e......j.A.3..i03!.._..Q...l.._JQD"j.....1.5Kx.d.B...A..X.....n.l.....(..0.K5...G...J...2..d.Z.Uq...4..o...o.g..\...v.W.r}o.~ec.$..e8...L.]$.f.Op.&.@.9_z5..1..Z.?.!Us.m....act.A......}R.%..#.ByN..g.......LE.......O. .....B.Nk...|.!...fq....i..z.X.K>..4../D..e....c.....+s....'...s...../H....u.%...!.Obj..fa.......;.v.p..l......~..O...A.3uRi.....<^7.....3.......[..d|.ka..STrq...u<}..WJ|..j6&....-g.$.....E>...k.3..2...Z....U..N..}.[=.z.O..9.o9Pg{OL....i*.'_?.Lo%7....~D...).q*....".Hm.....Q.A....rM.M"Z ....~R].....X..o..y..........c...l.NMvtg..s.....{..K.W%...._j#..ff>...'....;..X.$c9...F%.......".L.......Y.zf..{....}..../f..6..:.c...m...9.......aMS1.4..y.'l.m*zzT.So.P..}......o.....j.C.T.W.$>........!...oj...f...........g.H...G.Y./aI./\..X.L...I.....lm.........*.i*.H.\..V.#..!>.0L..T...........nrR...m..2.....I.8..N.pZ..c....|..}....q.le...%.k.M.F.1.}..../u..B.OZ=?.

          C:\Users\user\AppData\Local\Temp\tmp3AF1.tmp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS-DOS executable
          Category:dropped
          Size (bytes):857934
          Entropy (8bit):7.0437719644945975
          Encrypted:false
          SSDEEP:
          MD5:B3806AEB060AC5015711F736016ADBA9
          SHA1:9317EB6C7D3563CDDE5DC9CB245E98E6C3EBA03C
          SHA-256:49EFCF508E57D15D7D8D925B5F53F9456A2D8243CA8D423EB8D9489C80C24223
          SHA-512:B26F255CE90588CFF724532705CEB388278EF75D21E3966AF0A311212707540239A512237F584DFD5BA10BD7DA6CDC83E878645291D7706F7347510BC181E365
          Malicious:true
          Reputation:unknown
          Preview:MZ......._..F3?.p= ....6.{...[2.X,1..3.. ........wfM.......w.e<.....odR..9.!.c...........Qz...O@z).p...YW./r}.[.R..o8<...#...Y.K..[...#..o.;....D.....w..c~....Og.S..$....d}.;.4.."...`~.4..e..I.....}.]...<.Y...k..;...<v b....o....g......n,..5.Gs_J......~!.G...x.ELJ.Tsa...j.aO....P.U.V..Ep...|.T..^$#.......l.R..%.=.z.+....Q..(.M..f.9..&.3e...Fk..Dd_.T?...:...*...#v[..4[....F...K..R?.`..%..=..j(.-.1...X..3K._+.bN.z.c......Ps6`.B.(...!..E.U..B....^...gL.."..n...."*2.R.F..!.[.W}.).....w.l......H.t.2.Q.R...*.1..:_.T....!...MG..Yw^..m.....1..R....g...tZ....H....*$....}....`u............mq `{.'......u.+...(B. .^.........b....,PY..z..yC.e>........<27#...)..6i..;^.p..O..7d.L......nc...:...^l.w....D.*I,..+.A....s.\;@...QR...*..qAz..u5..to..].f.m.............83#..B....B.*.EG.n.U.[....^...b...V...K.[C.1^..~L.....y.O..X...7...j ......7..nJ.~....V.kk'k&..P,|@.iC..(.o.[.g.O.....C.S..b.Y..v| .(...,.#...u..:.>.e....!.;..$..d...]..e8......0w[.2-#....(?.}.'mv.....

          C:\Users\user\AppData\Local\Temp\user.bmp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):602502
          Entropy (8bit):3.1751053321172975
          Encrypted:false
          SSDEEP:
          MD5:25BC0745FAE5FC45E27C49F5E646C313
          SHA1:566224D0E31F420DC4ACD669213B16664A0540CC
          SHA-256:E19F5714A9D4739752B091D9484DA50F3B793204CF5C2DC874189E3726C0443E
          SHA-512:E6E3C1C5068B7A443F49EB288E7C74D9757F1B86E114DD58308A2075A0E0F36785D3417F7B1EA5CD4A6DF9D3BE060C59D4DC68BBE3B7EFB9646640FADCC06D47
          Malicious:false
          Reputation:unknown
          Preview:BM80....&C.&..#....},R.2o..m...E.Z....v.p/..0...++...Mj...jVl{F.&t`\.Q.......*k.f....v.]I...n=...t.C.T.B...dI..g.1#.=.o7.h...0H|./....tW~3...C.Q.<..!C..........7s...t$I8at...g.v..<NPNy.w1..HK...he....8(....v.~(.kH@.....Wp...Tz./..{|..m...,%?.u@....b..o.....:...cO+.........6..ZN..Zv..3.{H}.u .F...u.w.....QF...@...~..}<............=.2..Nu.F..3.f....L.......s....7.R6......{....z..."T>&M|C3....X..J2.0..y _.SX.M....7....u.N..j...((.....N.xvGw:k[.a./.I.V.ZSU...TW.N[.I4....."....Z<..n5.}.h..h........s.ei.4..i..-...._.1..\........0..}[L..1Z...MN.i...a......./..0...px.#PKo...SM}.WO..C..S(>Z`.^HbC.].....p.|.....V.x(.h...,...u..J{Ge.+...R6z.meR.S.%..u.....g..X.\..(.0....!1..=..}..o... .t0a.....&..;.,1f.Wu.P....^..T.....h........V+."...q.?O=..H..tx..#.^...!v...W0....8..U.. .4..O.E..=\...VF.....7....[.=..X!F)..#.............:..1.....!...5$.'..2..........?Jg.<.c_f..v.XV"9>...."..-'+W..]JA.7........Y..{/..oJ...r.f'..R.3Y...R......dmq.4.,...%0.[.N...Y

          C:\Users\user\AppData\Local\Temp\wct4019.tmp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65188
          Entropy (8bit):7.99730485242667
          Encrypted:true
          SSDEEP:
          MD5:A32F668C4E2AEC21AECBDABEA6C36751
          SHA1:9EAC2FC825AE1777C0F6B6F25B0C90DF4A8CAF63
          SHA-256:281F8B0E255116137549024B17DC0F43C3F8CBC240BCDF9A124FFAFF679CBE91
          SHA-512:412B99A3844A1DFAACCF30DD40AFF3A09D0519D3D92F2DCE66D14B61327F4B6AF1EB15F82361E13DA45584F7E3D152190753C4CA00A13BB448C4CD0C74A7012F
          Malicious:false
          Reputation:unknown
          Preview:{"ram.`.!..Kk.5.[.h*...D..`.~<.OD9.s..u?d.u..I...!.,.e.a2..i...+..,..A...Hf....Vm...1..3.9.....Q.Fk...S....D.....#..'l.v.........]>13Vme9?;...7r).u..>..t.`K..X..ee/.6..d...b~..;Y.O..p$,.GE.@]....lA..`......I........`.X...`D.cp...X...1.g.J.....7.k.M.>...[o..V..u..-7g,.>... `..A..~.o2..9]..9....`...F.<.u......mL*..2r..3.Ol.Z....E.T...qgZ....O`....l..... ..I..m[..f....>.Ry.......@....(...X..._....N.M.C\..2..:......1l...+U......"n..>/...D.a..H..^..+x......g...b............3Q...>..@o.B.....kJ._....m..'..4.}r43y1..w.&.CU..@...al.0.0I.6...J..G...E.A!.....h....~...<=.V.~...73L.ai.....[...HO$0.`..D..C*#g.....g.H....../...b......B.%..;...H{}.F.7z....A.[e7..T..........D.=.<.).......XR(...+..l.H*..2>@8..D.!..(..U..4...t.Y.O..o.}..p......:....U,!0j\..3.....S.B)2.4[.>...@...2..s....4U.R....m.}....g.[.x..}n.MGnT.k.<=......#`?.U...........u.k..2~on.....""_o.GO.l....\/.t.Q.ParC`...(.Ua.h......Z<. Qm..@...@...........b'...3.>:.=.....yv...P.g_>.7p..

          C:\Users\user\AppData\Local\Temp\wct4C6A.tmp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65188
          Entropy (8bit):7.99733299908509
          Encrypted:true
          SSDEEP:
          MD5:2317170C4CE7E4C7CF4366CDDEF040B5
          SHA1:26E809C6275DDC6895DD7DA1F38900ABE9AB2FC1
          SHA-256:89A3E5559D789B0638A0C294356251E78CF1DF32D691C9A1CC4B837F069347DF
          SHA-512:3E20234BC91752377C59C5ED0782C845ADC061380FE903A9D726054A31354C9E2E664E19306631321F67C6D5A8E813DF6465A1CC6C1B447E381F906D76CF8CFF
          Malicious:false
          Reputation:unknown
          Preview:{"ram.M.,D:..1.....h]O....~.-.@a....K.....,.'.'#....E.......G.J..V. ......f%P..;.j.O.h.*..:./..v..|.Hj.Y.$.d.K.^...I..!.@%=.j.s.......z./:p...{3a.}.4...+.2f..T.O..Y.4..A|..V....9......*./_.+.3].....$..r$L.......H....(.y.a.%.....z@!..3A.,d..s6.#i...4I.H...#=.R.C.....M..#....s.%.G.>I....G.q...h...."...*..`..8...Q.xH...5.G.r.d..5..t./tD....y..>....\.....)...0;.=n..f.x.h,.+..E...z.m&..#.."~.H1.`y....3.8..}...z...).......:&i........7.h.h.n.Y.y........T>..b..V...1/Z.H....4.....}..t.R..%.]5"A.9.=&.<.ax..F...2.......J...F.#.&......-....(...s(Es.Ba.;..."jF..k..(xSmw.t...W....a.;.~..A.O./~.dQ..Y.=......<A...=.1d.....VP.......>.=.F..uS...2H...&.]E'1..U.R.I....<4..Z.$`...'....H..{..}.Fg.&...&..u,....8..c\....'`.....&Y....."..1..JX.....Ox.4/.).....X....P.@..l-.E.........t.c.@.G....A..y....A.%....0...O....`..\.!.-...\B...../.#.g.w.&..|..Vjt.......rT..............Tdid..4.......M....TK....]./.:........QrU...1.[.P.(_-...|.........K...8.P........9H@.3.a...hL

          C:\Users\user\AppData\Local\Temp\wctC2B0.tmp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65188
          Entropy (8bit):7.997223280001698
          Encrypted:true
          SSDEEP:
          MD5:5E3786D389390EAE2C513029D5020FBD
          SHA1:B6E46EEB75E1C09ED7CAF8A9C24EE70E0DDE2C98
          SHA-256:1E2319417B6C107C4D9E22823D44996DE6A934F54AC62B36464C8D11271912F5
          SHA-512:ED808ECA7214ADF52011A0F968945C4EDF60BF3590E8BA72FB8841074732E0CC2459F173E907737AD541F24E1E4B1614A2B2257EA9786BCB52A86AF7588BD7EF
          Malicious:false
          Reputation:unknown
          Preview:{"ram.}8*....]Pu....3&.C..g.....}yS8c6.e..F..[..A._..:X.e[.~...:x.T..SrC7FxW....=.q...p....J.u.@......D.2GR...A..~...N.h$......X.-....}T,.......K...v.U....g.k... G\.Y.Zq..z.+f...8%#..f..."..X8.....=...........).t4..k..\~o..$.z..L..y.q.....e......&.4$..ZD&.{.%..m....|......v.(Wt\..J.......5Q..J.#U.........2...9e.5.B...8..wF.&.Yfi`.5....N..H..@.RB..lciu.[...JF,....V>...+!...R..g.h{$....R9...<.#@....7DuT2..pm<.7...Ap....7..H.`.6Y.#G.Q..........8n".l...?.}.S.0.Q-........G.O..ZU...@.....%......GJ .........M.R..~..<..f....g.+.....c(a..r.v.`.NH..1.%.......qU.|......\.)y...Qx.....<..(v...5........w.G.Q(..#s...w.3t../.....S..nV.."|...-..7>...4R:/.....6.....|z.%*L..."....].<.....B2..+?..@.t...U."....y_h...F..O.;...Om6.|..3[:.....X....6._T...K.68.X.s.W.nU...W....a..(....p.%..QasEs.....d...J.../z......}...w..-.?+.`9..=(.r.8u..ka......t....$;.L...]hZ!.l=..v..B..&........Apj:....qt.V..3.K.....x.........K..ea{..D...|....m........r.....

          C:\Users\user\AppData\Local\Temp\wctD44F.tmp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS-DOS executable, MZ for MS-DOS
          Category:dropped
          Size (bytes):42164934
          Entropy (8bit):7.947664680712152
          Encrypted:false
          SSDEEP:
          MD5:93A8985390DE056E9CEC062E58A736A0
          SHA1:0E558026DD453D111A6D9A065BCEE3D4BCBE2E96
          SHA-256:71191854FE47AD15067E39147783614CA7F359CE073FBD76D40C8526520D20DC
          SHA-512:46F7E35588C540CA4960DB56FF57270F37B96A99EC3B4BB46627FDC6C9C12558E0C9877AEDAC7B690172533AF58FD2EABD97690EF729DBB0E827A88B56715B04
          Malicious:true
          Reputation:unknown
          Preview:MZ....{....Y...%..[....hu....P....#1pD..4..~.W....W......@V.a..A.T..r.....F..+.ym.+.j.|......F..L..+..W....Pv..{X...%:..u.xs... _...X..\.....ds.)$W.)...e./u...5.6....R.]p..;.....`a.....y.....D...@.b.6...G.. ..#].R2...'j.(.Q.I...b.F..;.`.u..8...O.x......dUh....].t.!....... .p....2.....;....$..I.l3...*(..>...w.9...h(V...Q..._......WC.M..%....13......c^.....b.<.U.7....<..m.!..X..7....&.....;VE+d....lOxn.... z..F=..1"..C..$.+...vu4.>......K.......<v.....P.jp..ONQ.Z.j.V}.j..g.....X{.f.B.v.$.z.y.!.t........wV..I/..{.N.uz..'.nP....0.uR=..;..n..-.i ^C.uM^.G.e......2........w.-...L.&g...,..\n.T.....'.......6X.|_.gR.T....OU.Hz...k...A(..&.S.`:.RZ.T[<g...rxb.C!..@.+.".....KW..........ze.I......v....u.hns.|L...U.D..Ay.P.&|.....P..k.....4p.W{.a.7..e[.WIK8..&....%... ....L..MA..7....o).a....H.!.....E.......k..AN+H....l.:F...<.\4wm.... K{....e.^q.Ep..yjN.:..V..K........M. d.....&)....?..@.#...4%........v....:.b..B.8.o...j..j8.;..}.LaY.Q....N+q.,_5..

          C:\Users\user\AppData\Local\Temp\wctFFCB.tmp

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):74531
          Entropy (8bit):7.997316437210222
          Encrypted:true
          SSDEEP:
          MD5:CE71A4A0EBBAA243B9CF468279344892
          SHA1:A041AE69DBE13E05F7149C6235BAE6351B66C89F
          SHA-256:AFD545CE4DC1D2E0FA15C2C47508036B50B6874A3AB49DFC7F5286699F471A95
          SHA-512:5614AF917C634D330CED130457F0E0633AE5B792E7B968F4AA3D37ED26B6CF34D1C52F0A75022D8D896EBFA8AF7D5658AF68503D222038A1AA11A1BED5C5C2F1
          Malicious:false
          Reputation:unknown
          Preview:{"ram...|K..TE.......O..H5.}.'.!.)..C..):...f.'l|..n...@......G..".J.@[;.7....7.Du'.*a..px....coM....Z...RM.G.|..g:..q....~......n..._qY...5,.4....||.9{....%...x...u..5.v.Q......w..6........&....-.]sLs.%...$..G.3.....Vm.!.].H...%.0...}.m...^3.X.*9.kaB.A.....,_*`....[....F....n.\.cXr.Kkt...n.j.t?....BCick.....!<d..p.....2i.NT..H\..).T10.S....0.~..`...-......UHz...=..v2;..Ai..Y=i.%W......e...QZP.....w._.,V.. {...S.?.Y}.gW........@E....6......|......T.r........,......(R)gn..l.....s..<r..Y.|.L4j.B.DlH..9_].q.....6...(.(7..h...)...Qu....L.C}..n.d..|...W......$.{....}....{K..a@.X#c.r...$..%k....p...z...dR|.......U;....b...@:...."..&....m.0..IfL--.05...S..a.+3..|..n.@.....#.e.e.........5..3.s.%.'.f.JnZ.,.5.......5.5.N!....oL...F%Nz..un..".W.y...+..<...FS.[..E*r..wO..r]..F.Yn.+W...V.gLT~..%&>.......s..>.....<r3I.,N.J.[P..."....R:..m...Kc.\.l....U.Xr@..o.y..+.$..'=s.)./..*.-.....U........\\f.w.../........{..}..,./L.po1...".Q....1.....1....:...

          C:\Users\user\AppData\Local\Temp\wmsetup.log

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1031
          Entropy (8bit):7.820717677942014
          Encrypted:false
          SSDEEP:
          MD5:FBD2676D218A453CFD000E9341C919EE
          SHA1:D455F12F2DA957E2F6C84C080C5BD5AA81AB461F
          SHA-256:7672632E43DA6CB3207AB24F90CC0CDF90E7614F84BB73BD747CAAC8F7674C98
          SHA-512:45B79C97177959336FE568091D1E9D20A80F4432762099799F7E49EB0D64A4ABE2B88E8D024FA9EA7E6E450B166880BECEA317B83B4665B12587500EE912E75F
          Malicious:false
          Reputation:unknown
          Preview:..[*W..w......=...*z2.i?x._J..n..cV...Z.`NG..L.u.....N.~.c.=v....Q....2.[.*bs^.X1...s...ni...csY...9N....i.r.T%..>.05{.....'.1..w.E~......9._-..LP......a.%..Jkg.-..M...>..Q#u!%.....W&#m0..$.......".....`.'a+^.N=.....)%A...'.O..G...3.~\.%b?._NE...pkhF.V.7..u..wje.zL"........E.&.=g....?.......hzK.....{.7.*..f.S....D.2`xB[O..t[fT.1...f...&.'.#....O..N...*..(Cj.XN.U..a... ..`.......w.P)....k.S.%3.|..<..y..X..4...MS7.p..J..r......%..|.iS.w..NqT.e...q..T.........|.....Y..c.l.t6..>.D_.T.d.F....{..BQ..K.S.....Y....W{..[&F9.......S+..j..QSV..I.39sJ.VRG.kf.:...]..Z..k.......>D..|&..[ .Za..>...6...fT...M.rF......#...f..5.E.^..z..,..*.){.z.....4H.waAz.|F..9..:k4!.w.f...o.8..G.N?......5/.....vW.*..K.U......7...~....9m.../....i...........Z..._D!..+;.._...........z.[..eb...;......R.G.L.b."6.|...&...W.g.KR..R.e...9x...0..`.....a.o..g..t.T..M..w...S...0V...V..+..Arb{..l@{NF.p..g.h....7.=.....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698

          C:\Users\user\AppData\Local\Temp\~DF8D0ADE21C2405713.TMP

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16718
          Entropy (8bit):7.989888393561946
          Encrypted:false
          SSDEEP:
          MD5:7665E022B57B94951B43A0F8B1E0AC4A
          SHA1:E56A2AD2EC520C3E39ED3D95C1F66D7F7E49ED88
          SHA-256:20887FE6E342A44FC0DA77A344982488BD420A6A083D610B7D36BA5BBB1C128D
          SHA-512:DDB7E8C2163050E961D802CB63C950A2322FF42237D7D2DF19DD68BC4AFB33AFE0363EA049EED224DC2116074DAAB960355EF7EC13FDFA2B2D4479DE4E02A41B
          Malicious:false
          Reputation:unknown
          Preview:....f...V0y..RN.,$...z....P..f.[.y.D.K...v...RV..X..;..P.....C..&..nK.....}0.N...^....{...$...{..iki-.l[.=..c. o....Q(.B.....%. 9.RzH..P......R..C:......W..iA.+,.._...l\b.)_.GEPz...pm/..Q.[V...z.8..b.._.w..>K...7....w.9L.,bP.S..=...v...W.".....B.&!......".,~.[...{.....9.8...w...~|...&..J.y.e.....':.....5k............8..|*MA....O..t.$.;.......[*Zuf9.}.F....".m(U.k.a..7.V*.{=..a...................m.O..c...'RH....$D...&n.ZJb.[......>.7.D.6tX.....i.[.=....X[I.t@.. .a...6.I..Z.,`a.1..%s.6}V..."........g\....f.y.&Q...(.-..cX...aJm....(.x..t.4....%!*z.~....g..8t/.d.....I..^....].>........?.....@..._.k9..2j.ls..8.Gy..e~.{9i.-.^..`C....0.D...i..n..F.... .ag..}.......}.R.0%`*........9.p..."6.p.1._2+S..mh[.......=w.y.k:.D..c......bw7..1j>..m.Qd...u............-q.O`/......@%.g.....W.&.....vk.l)....T.rL'...........J....C..Zw..K...!m.\.E.>.....P...#.....&:..z>dz..T.?5c...F.b.B....l7..)_.@0].K...B.h.b-V7.1e.J......0.p..R;......="....+.>.1...[,F....c....

          C:\Users\user\AppData\Local\bowsakkdestx.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):891
          Entropy (8bit):7.7569806614241985
          Encrypted:false
          SSDEEP:
          MD5:E4E56354C1B3979B33EF35900BCBD56B
          SHA1:07C27B520013495978764F71E55EEA1CCBC4EEB1
          SHA-256:BB222DBA634B82B1D3B1B1B745373DA5574BC681261995B21CE3887983B6A926
          SHA-512:63C0478CFA008584B1FD7D20AAE02AC70FDDB09A595C61732CE73FB0703AB3D0AD5A3035F3D53EB31F1C59FCDB1D3737C46615E5A99BFF75388C2E696CFDB37A
          Malicious:false
          Reputation:unknown
          Preview:{"pub....\....J6.....Pc..,..jv3.}..Z.. <..7./..Y~..;F..q%2...#......OWaG+.%k...N...Z.kQ....sK...<..(.1.E.(.B.v..'l..}K...(..h.._67A.w#d..se.y..K.M.......A..+.........w.p.v|....![......N.0...F.D.+.2..z....N..@C.H..arQ;O.,.}..B|...rw..c..t..5+W:K..i..y......s.?.2..M...Ri~.....b..b.....x........T..+f.fA....E..;...F~..M...'.WC.{h.................d..:..p.fG~..R.{.p..xE.*tGP....(0....!S......w.w*.R.PM.w?..J.k.....O..@.l...X-D....f...2.o.~.X.B..2.+e'....j...E.X2.......#L...x..=u{.x.".I...C...Y|.9....-...3.}...x...=.06...%..k..Nd...KFR.{....:.o..D...uk...D..p....(,cU.`.5.............^.."ch..k.%.;...g....=../...r.\d.A.q.8...c\.p..u..C{...B(...W..Y..X5]......sL....@..S.y.....n.G....|{..Xls.O.$.x.>......x...+..F...Q.U..........q.w.o1.x~..M_o.0{8[w....;.p.."...#.7-..*iP.>+.(P.EGbm9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\.curlrc

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):342
          Entropy (8bit):7.254209908207863
          Encrypted:false
          SSDEEP:
          MD5:F5B3E7F86A921BF45B69408178EB9BF9
          SHA1:CB1051189A5BF55FBDFDB68A49B07AA77756735A
          SHA-256:AF1C1427307B05EB80FC33CE3B93C6FB54C33B0EA694759E492ECA693B8BCC14
          SHA-512:A24677BD887E9171D62C2098D5E9AA37BB49A5DF9DB1E46C581A6C5E8D372905CFC4C8FDCA4E1E29E401F63DDDDDD2EE0D03A1A1796E97BB432FEA4A41517A7B
          Malicious:false
          Reputation:unknown
          Preview:insec7'z-..j..S.#(.B.x..61.P..A^.S/........z.L....i.!...i.].Q..'...Do....OZ.5..-"..#.!f.;}N....M.B......U).&RlN........./~I.n..b...m..'S.Xc..>...Y.u.&p.....I.ZJy..%...........5Mt....gC...%...qWg,f^....\...C6.Y%7x...1./......Ru..r...{u.za..b......F....)$*9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):14790
          Entropy (8bit):7.988427031478476
          Encrypted:false
          SSDEEP:
          MD5:D7F8565E67407A04455D683D86B27DDF
          SHA1:82497EEA4944CFD106D0C37D59479C00FE39BB61
          SHA-256:7937221403CAC2C545D1B7132075BE887D4EA263DCB10AB24A34703B05BA42D1
          SHA-512:4D858426C7795AAC9466F782477B76EC5E16330F169543606ABFFC5EE6E7931280C2F4B83F8B752F86143684B121775C270B8CC2A783B42871CEE8BE3BFE4A08
          Malicious:false
          Reputation:unknown
          Preview:%PPKL..e.j....r.|?...+.........i9......SP..+.We%:.,T...o.a...{.h.Z;........3....0)...a.n..`.I.LOs..6..]...........9..e....46.G.......a.W......xEV.T.pC.O1....H.d.7Q4.osdp2N...T....S.>...b.<.....$...B..H.R_.>.R.....y.D..dJ...e30.....d.[^?.......%....<.E..#z.@.T..x."7DK.;...B?.I...5.qI...,.Y.'-V..,J..g....MDr@?..%..8k.6...].......Iin&..B....7%k+.]..qq|M.x..[e.. 4..B..Ip..e.F.[.q..../Y..Fb...@j....Htx#..$o....r....;R..'*..w7.hA.-8w.@......NO...;..l..,......S<R%...h/....^#..[r.....D#4..1...).."~..@D.....ZAz}.7...j..f..>.B.....G.6..k....T...;#|A...x.;..:]:#.n2K.:...+..r.3..YR.vef.^s......LN$.)h.`.f*.R.w.[..O.u$]5...>.1....1..1...02(b....TH9b.=.3}....*.....G\.IiR.H.g..H..2.T.....0.$}.~.hO.c.u|[1^..q.|.O....|@...(..2....FV.7.._S.wR.....hT.Z..rx~h|..x...=....s.........p=y.b...O..V9..UU.3....9.Ez...;SV.&..J.....Lcp.....L....2J...$,.d..d%i.k.,T..z..........?3w....{r.[..[t.....wi....Z<.[..pI ....h."`.l.v..b....w.89...[FP...z..>...U.....>...q*o..=...".0.;PX

          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):370
          Entropy (8bit):7.325649705374948
          Encrypted:false
          SSDEEP:
          MD5:44A8DA427E36CFD9A010CC1CBB2FE3AC
          SHA1:B7800727D91A7C0921D0D344DC089497B600C30F
          SHA-256:AC1307E41712A7D1957B2B6A57DC21098D9A842ADAFE15D022E1598B29B3E39D
          SHA-512:39E6EC0222A4B70229A1297B84ADD64768ACDA283496C8BE27BEB95B52BA6C286F22028495C06128D776D9FC66A28932887BC2F2B9CFF16F60BBA04AB3FBD392
          Malicious:false
          Reputation:unknown
          Preview:%PDFTa.)..Z.E..i....|.%.4.-.<G.V.).......o....>..l.~..6Y^.(.6.D....b.J.#E......F..z.1N...;..l.D.....-.:..F..E.T.|.j...I..e@..#....w/?P..,.*8=.U]...;...e......D......e.-[5......N<...._FP.....-.H...`.XF.2.....b.qc..A%B`..>.Z....iom..)....H...?z4...,X&-=!Ta....5.:3.w..]~.t.h..yC9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):388
          Entropy (8bit):7.354598039633164
          Encrypted:false
          SSDEEP:
          MD5:3591ABD0D1502791B18ABCF7E91053AA
          SHA1:97D82E8625BA9A51C08FBB2B2E95A436986E59BD
          SHA-256:8FBA2DAC11504963E669634D1190D015DD1F08A63D47DCDF4D6E483A01BBB25A
          SHA-512:90E93A02D5B240E20E2CB1ACC77555F52D0C403FDFDE78E0E4045495A4BC542DD49119B9740C8A096F47A78C72FAF34039E13E9009EF3364374B5757B5B3B5EC
          Malicious:false
          Reputation:unknown
          Preview:%PDFT..(..LG..9\....p.....RF.P......gS.0I.u BM.~F...X|...q".-.r...p[;.$.!.78...N.&r....t.Y..Kr6......gQe.(...$.. .....L^?nE.@.:ke..l...v...b...m......4...0n.v.5.j...~.&d.-,.;U...NSC2..1.2-.?.^*.Q...x.5.'=.C.>..2y..s...j....1g..DR.&5*....A8S..}9;.....I.mw.m.+..E9....'..r>.wJ...[........~..k:9. ..29pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.xml

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):971
          Entropy (8bit):7.782884341994874
          Encrypted:false
          SSDEEP:
          MD5:9F5F0E2FF2E1EC95770D781190F492AE
          SHA1:5D642D95474CCF0925FABA6EF6F08F0453677A98
          SHA-256:CC481DFC8050ED5FA610AA327EC16A77F666F33A7D263073CB8297F682127558
          SHA-512:280B21490BF496CFB766AC590765CD15888D958A21CD22F7785CEB9A0E90B1B1FC90251683D720C11F3288534ACC8B24CC04296D82A70DCAA27BC3DB2F5844AD
          Malicious:false
          Reputation:unknown
          Preview:<?xml.>..N..=.a..J*.2.. .u.c.....O...Br.T...../.R..a/C......8..3.r*%....qkO.l..iF...t.>[.2.....D>y.%..............Ju..........GRE..:...*.."...S....rQ...~...$z%..m_..d.a13..qj$........@.e.....jX.....b.M..xW..{.#......uU.....&.... f....t..L.i.9...\...`Vm...v.Z.....`5S..<.*Y^...8`.~._......+...f&.!.&.F.S..k.+......H......z"..}!>...%.j...gu..?.....TT....6.9....a..l.@...D.MLz.....n.0.4...U.'.V.i.[p..O..8......`...\.d.2@YEX.NY..q'...q..0.kD*K[O.|.!.Y.cH.._rH......,,...k...O..t$.|.9....j..|g.W5y.2!A..Fx._.8...z..P^.d(..y...U...,.L.F..x....b....n.R...P4H^\..P..H>B.B...Y.W.Z..^.XOr]...F...8..=#}&.[b.OB.J7.E.#\/..*.(..e..........hxt)KJ.Y....%........|..8.#Q.*.d..S^.....2....ETY]m.^..c|d4Y..7.t^.T..-M..M<.j.5...l.b....s.3>........A...X..C....$..{.q.i..Q.0.=...$s....jr....3..=@2....WN...w.X......gA}[.1_...c.t......Gv...}u.....E3..#...&..<Z..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1352
          Entropy (8bit):7.845753854795852
          Encrypted:false
          SSDEEP:
          MD5:A3CD652C28376532EB9BE9DDFFAD1F66
          SHA1:5E34C0F61ED0DF900E9A9595E8C3389E130D9B5D
          SHA-256:E84655CF0CE5094F8CED182990A4A17B4CCCB169486ACE4D708E20115960013E
          SHA-512:DB82EF04BBA5A53BD41652CCDE6E6A348A1FF4DBDC78C67D74A7418306F10163A9102ED2BB4DEAE6777CAF5E7F42DD50CDFBC754908B9FD733A0D71E0E22C2A5
          Malicious:false
          Reputation:unknown
          Preview:<?xml.\c,...%.L.C.H..R.B....%..m..FCrhB....Vu.#I.0.sJ......A.....-..m.dw}r..Ee..[.Clj...Rkm...8QT..OV..E.=.F.u..V..d.JAl..,.....L.O.j..#..h...;....7(.2Ct....Vb....z..J.....z.N..+Y.s..[F.0.ga...(0..TV.r..X.6.=.3...#.~........(..^.i..B..1.6].....=..\...BS.)N.a..<...7. ...9.....uD........`.).n..0 ...L...d;T.I..Zkl..L.K...v..l.ob....&G..kl3...D[..)V/..v.QRL.......}%.....1{...D{..d.?....i.e......9A..d]g..WJ,.D.y......+lF:.8Mb.6.Z..s...........M..%.B%...Y.{*..WR....JpZ..Y..S..cb.../.z.F@B....:.v._..p#..]..?....'......1..... ..g{B...u.x....A.....v....m..f.\..h...C..^.....W^y....%^..\r.!d ..7R..v..yEum..&qr.Z.+"...kS..G..O. .[.!....Wx....|..z...."..G`...L..O..Y$t.<;IP..`#.8..I.y.....w.......d.D..Z(.../...-....HSC.G-.._u7.'i...7.k...............e....-.....9.x..-.u.YI.DF.............?#.S.K....~o/.D...q.:.m..q.l!.1....\".).......<w..F`q..j..Y{.v.$e..7q..+E(....TG.q...........qk..*.2......o.0..19|d......4......7..2.Z..r?.?...H]g.m..h....6...

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2430
          Entropy (8bit):7.927118654281205
          Encrypted:false
          SSDEEP:
          MD5:831698F21D20CCC55EFBC071E7A83B00
          SHA1:E2D19098A858F1345890C476E9719B7FECCBA451
          SHA-256:FDF4B3D0852F516D25346AE167E2BEF824AC87182C803A3367584AA4C35DE8AB
          SHA-512:17C8E37D42DA39A6D58F8FF4104B6BF966BC3234655D2EB622515C807AD3AA62937622D26F7FF748ED3B18E98A353BD9FD05EE808E5924312CC03FE1A4C3B93B
          Malicious:false
          Reputation:unknown
          Preview:<?xml......|.. . .VS9...."uc..,..U.......G.....o..f.U..c{.n..c...M....J.8sx..W.hI.}.0....ly.P...KJ.}..P..u.Q..%..!..@....C<A.......<...(!.$.#2...Tu..4 ...P..]!...^..'........uZ+......&.vo:...Y.e.I.P.v.y).t.{.....uN.]b.g.E1...N?...8...D.q.K..[....X..{.._.....U..n.Y@.s..2...H..jaL..[;7...Zs0.A. j.........<./.......de).wZ...W...XY<j3*...0...Zhi..v....vn.U.E...p'(.6.P.Y?."@=..)en....g......9..*#DA4...k.J5.e6.v..Vf$...bVL....[...`2.....O....t.W.M[.t>u.........&....u@.dzt..p.a"...{...{..O5....M.6...i._ZL.Y...b..3..Z.4KU6$.9T.{J....(.nII.0:...K.,....bF.W.....Iw.8}.. ..$.:...ID./5....'w.L...=..Z.,.6...n.*.[...M...K.(+.;../..e]g7X...S34T.../C..._.B.z..13$.R.(..'/.&.~.........t.,...`..j.j+..+...@......R.[=..-.H..V.S.v.w.r....v..H*C...a-.$..3...._zd.}...)RP'..0....Hp.=...8..6.F..D.....G.@-.....o#..?9.t...M....:..u5.....8.9.k....u0.w..<.b.^...R...C...!<.Y.....Q~.4.6.c.V./&9Z.2.5..v[.h.VC...c-.......8Me?O.1........U.2x..2T;Mns.s.#........(w...l..vC .

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2388
          Entropy (8bit):7.90748149655146
          Encrypted:false
          SSDEEP:
          MD5:3C6BB2F024881DA6615DC917B1045E08
          SHA1:D350E8CDDD1EC40CFDC7703ABB8CF78C4DDC9B02
          SHA-256:AEB4FC169D7DA1073592C32425B554A2842B590770C04A5D3BD7D6883B45B893
          SHA-512:FF82F368AE38A7E17AD42A2D3A8E62BFB1BDC36251076548CB704C3589239D3A2870F0D0E6F01768574FDE7CD4D41E80693DA9C0688AE90569A2A50BC93F17DE
          Malicious:false
          Reputation:unknown
          Preview:<?xml......kb.zY1..^?....P,.Ptd].......,u..S..V........z?....p..._._.f.2.]w...._.S...1.Q6.n.....t..d..I..YuR..<..;..U.m....g&<A...3..7.....WCU8.....*_..F[eq..w....YK...[.G.*...-A..Kze.n0.<...9s..j.Z^.\:L.=a..N.Fj}.@Lg.........%....}.?....A5_.."..r...;....f.... ...U..........3....:.eO!:a..v...s..[.kb...MVM.{.PB...H&T^.B..v.D.g..).....0>.m}$.$..F;.C...1E*...x......?Lb.mJ...P..8.m....T.=....q..=8>.....B*uB..M.-1V....O..:.(`.!.#gP74..N...z..-M...H....../..A..x..........a....}.l......C^.#.a..p;...t........qS.9.K...'.\.k6g\..h..0F$!...v.]g?.q..................:...y....z..........#.2.n.b...R........../..sHL......UiT......?y.Y..;.e.&..Y`.[WG...]......?.]...3..(..%.R.j...c..E....`..z..")'df.}...b@*C.....}.....uI.v...*.....l.N..g.C.w....7D.....o..O..P..c....N..&..Y.j.b.......83........']h.0..s..&..n.3..8....LG.$....2.K.......m.".p><._.....K$.C..<=.......#F(.S..=.2......>E..q..G.5K.u.#.x>..".h}.......Yl+"%D...T.M.0A./...^a2..(ZO9..JuY...\..I

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2405
          Entropy (8bit):7.919509345495709
          Encrypted:false
          SSDEEP:
          MD5:B06D0E77C448E31DEE6BD59F56FB6BC6
          SHA1:2E5615E2F4B236460287EB6D5C2AC6541C72F6E5
          SHA-256:B40D0D8FB613F3B507518E34C7E2C9B86D2797EF282BC31D5030EA72DD55AE8F
          SHA-512:5E4539C193BF937FA883A16B63CB927091CF6E7D09A6EFBE82215615E1FACB7BE2478595868D9156A13C960ABD96FF7011EBE8F5641A8765DE81CEC62E9BD30F
          Malicious:false
          Reputation:unknown
          Preview:<?xml....[.vj.%. ......L..@.I...W..~v..2v...j`....J...L.0..t..Z..9 ....bP....61d;.?.../...(V.CXoG..p.?.dr..lf.D/{....6M.r..$F....}.52..%36g......{2..oRYV....i*oi.vv).C......$.n, b.;X..n.rv.Q...VG.eJ..-...d..@..v..F..{A^#Y........v.D.~9...Vi..r6(...)..U:.q T:.1I..u.H(.B...G..(.m...U{?....o..'&.:Y^..);XT$.w....a..qN.........s....Q...gp....cs..\....u{..._...$...]......{..&i..Ew...........)....,w?.-#ld.....i..?=.".....{gE....E8.....U:*b...(...:.P.Vh.<.&.!..!..4.g....F...V.a...k/.L...V........).......xr.W..1<...1Y=_..*.7M[..1...1.)..+...[.L.U..&.6,.__K0zA.I....{..t.W..V/%U8.[..^.xg(....?u.....Z..Q.j'.c_.b.|.di...Bo....Y$ .o../.....\..e..@...'...&'..WM.]..<....3j?.[.....L......:..qh.........!oc#..MB*..o.$G.c.....|}LfNW...&.s...7@..!6.A.Z.^.o...Do..b..E....._.J....p.......F~....D... ..#..i....Mh.a.....F...z..Ho.I.?|M....8.#..=.`E....u....Qj....QH.........Z....3=+....9...#d^~A.I.c.K7M... ....&%....z....".G.Y.$.L.U.r%.N....v...j.).w.I.0&..D..J

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1358
          Entropy (8bit):7.84848355897478
          Encrypted:false
          SSDEEP:
          MD5:491B513ECFFDE7EFE7170A34EA378ACA
          SHA1:199C47D7C44B32A0D364969256D4C556DEAE2D45
          SHA-256:F3283FFE166C0B9941905A4F2FA202618B47D65F0E43B9286F8C671902EDF8FB
          SHA-512:EA5381C9BDEE009FBA96C975B8A3A8A31647A5C3740280D8F44393076989593DB2E834D7E5A4692FC6B68FF0A53A69BBF398C1CF655383E59052B53C4F496CD2
          Malicious:false
          Reputation:unknown
          Preview:<?xmlS.W.. ....R..~.B..W+.|..|.].Erx..<....V..0..QE'.../}........Ub.....(....5>}.e\...Z..HQ6..C.....yf.......Q;K.p.JK.5.4.N!v.....VY.........4.o..r3.X..R.[.U7..(.-.#........5=5...-".9...{.\.F.....|...B....3.......N....H...~y...(W.|f....|.....0.q.:].:.(h/5..S.+O.e..:....tX.d.........u..,.e>....XL...w1...,..]..`qJA.w]=...._A..ZO...pvq{.:H.{........z5>.,F.Q...q......|R....3....4.k.CmK....y./.b..."..wg-.......l..2.t.(..w7.0..^..*..'.p.....N...^.\iY..)..)...4.E....x.hy$!..F~i..SYqz..xS]..Jnyf.OZ....Y8Fi.....C...:..(z.d%V...[V"..<..c..........I.4=&.o..0..;.`..t........z{.>..FeLb.W...&...D....9..t..a+R.:.Da9.q. x....#.....4..>..2.j.w......N.7.gl...r..../.I.n..[..l.x_.62c.&Lq.?Xf'.~..~........b.E/p..$...../.-.W...,..].F......~.\@].|..6{...b.Q."Mc..c.y_%1.....!...~F..$.*.)L..<.>(E.K/"..A.q..".W.e..)gZl<"a%......f.jB}.8.n..'...r.......a.V.!&..%z...J._R..b...O4..y.{..8.M8.ri/3.Rhf..s...o{.......z.....'..iy.u..h.*."Vm...v..<o,4v.V..i9.w...S.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):2416
          Entropy (8bit):7.915729346199256
          Encrypted:false
          SSDEEP:
          MD5:9E403559842FA117C1DBE40DCD35E5F1
          SHA1:2BD8004A7FA7F6608235C24F983E918DF128C71A
          SHA-256:9A3CAE0ADCB49791CFE247B23B7B88CDCDF68895AED8D27403074B66E30CEC69
          SHA-512:08076B1DCB87C8C7092B9D2EFC2364E8ECC125AB486C6A33F7B80EA7A174E6082F8E284A2CDCC08AD5AFC6B8991B2493BCD716B3685577574C67D149FAF13A13
          Malicious:false
          Reputation:unknown
          Preview:<?xml..UWgf..k[..e.....20,.RW.._.^b...D........8.^..y...?0.g..".).|6..ASz`...R...G.<kL>.,..b-.....=..z.....h.....lRt.x.t..L.B.k...p.d....MP... ....vu...Z.7)..B.A...1.........2HO..A\......V..TW....`g...d.f....x...sm.....dW^.X&IH.k(P.o..U^..1.q7.k.......E...M.^.....c....Z......6..#.Dv..!.._8.LN..#.Z..f{.d..i..Ggg..n...(..o.....a........ES...}$.\.-,.T.3.y...H8.s....s\..EY.H.}-.K/.N.......S..^..O.G...9.....BU<.P.J.\.P..I.U...2h.'\B.Ss(k,.)d.{J..j..;M..o.q...`.un...w....n.1Dm....W@.....>A.h....o.k+.'....[&.l.U)>.3|)}..(..H.*....H:..2.v}..?.K.....v...<....t.+(......H.h.w....5.E.".gO.64!...C6.......F...LC_....!w,+k4.. .G.Dn.i..$.f..N\,....< ..SV..Rr...'@....9P.>rn.m...P... .c.e...'.2..YS.j..(.....K.....=.v.+...n.......[<z.Q.>.....C..vqS.y...^{O\\....3.50.A...z.}Tx:.%.z.'..u:...p.)0.@.`rC..=.J.O.Pu..g.m.}u......*}.g..........d...h....P.3..7..&..3.....$.&.kD74v&.g.(fq...2...aF.H...T4 .q....2..@>$.C.....L~M.5..N..}..2.XX.\.BCP....b.R.. .|H.w..(].%_...(.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AKJIMDEQMB.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.853125768088642
          Encrypted:false
          SSDEEP:
          MD5:9C4FC4252005A28EA9CFD888831F3A21
          SHA1:EB2225EADA538B2466BA95127137C6E442E1E039
          SHA-256:1F23B334AD614F162260DCA4B7403128AB56AF0432937190DF970B41136AF327
          SHA-512:BD4AEECE36BF4A65CF419DCE54EE12B6BB4AAD46C9F1EE090B9B7986D3DE937BEA7BE6752FA5D9B7CDB58FFD0A6EF1B0DCB4B7C13576DE206DEE97958AE69F84
          Malicious:false
          Reputation:unknown
          Preview:AKJIM$...e:......T..&.......T.A...y:1..E..F .;.4..>..&.........[r..."....6..v...7..zq..*Y.o.{...Y.5.Q.]$(.F.:..kn...cR...C........dA.'k.d... .w-M.7?>.1..SEs..XP.D..5....U.......>.S..M...bi.v2. .+......"f.{m.T.`.>...)7.]....pY.S...h=....-.1...TX.Y...d.....T..C....c.s.....H..;..4._..#Zq.b..).L.@......I..>....FB...~x...........;!.......5b.A.+//..^?....L-f3S.5D..h.z1.h>~.u8D..Vx!~0.@.."5...s.R...Ij..0..,.....g...}.P.u.?..Q..%...t.`]...j.fBsn.A.{m..-\.l.z...<....._%..VM{........w.c...P~...fr.+qr..RFP....(6...%...I..u....Q......._Z`.5.1. ......Q8O$7....a.e..........J..#.V#K`...5.45.h...942..M\.O..4.c....+.x..j...+.H.z6q.o..l..l...v.zH..F.......K..Ka.o"..]..b...baK..6..?.TJ...."-).!d.)......W....w./.-..G.9..I../G4.*[s.\.-...7..6.Dbi.J.{..^?..(~.p....M.E..1'.a...g.}.|..fU....l.y@?...I&L.K....r..oN. ..p...?..V......o..*G..*$.......[V)...F:.:.>.qi...p...&5.;.`1....S.C...,mKv.CT.H........e4....j.gE.8.4...[.E/P.........m2.M.wj.....d.n...

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1870
          Entropy (8bit):7.888048477423638
          Encrypted:false
          SSDEEP:
          MD5:14F26131126FB23EA391B1B5491BA477
          SHA1:7C3E82699CA121A23476BCC4530C98310E83A936
          SHA-256:092AC2DFB6C08B95F033E25721CF66488CB4024293209C0D2B93AFD120DD17F9
          SHA-512:330D5E343D65872BBAC76B97EFC225FC22CD15F6EC0062EFDC2F29CCE38DF69452765F8B63C36AB2E2200EA5B06FAB75B81695A80C95428A10E078FEC0862489
          Malicious:false
          Reputation:unknown
          Preview:....@...5.kK..O...BQ.%|...B.X....52.{9!>x\.f2.XD..y.]S.K........`..a/....b..S.<1.Y.tg.b.6....I.B.y.....H^..'..o..ce...\.R*W..>O#p..o...)..T.vAI........{.fon.....qV..X...A..B4I....(.."i."..z.9...o.@.d^.........L.*.<.9.....0.............3C..+.;p..~.....5r8V..5......R....@.W7....W...5.4...`..y.a....a.*.Z.z..b.....R..\....."=.>P..q.K.{a.=..N.F...x..JM..XE..+.....jn....G..~..-_....Y..l.sx..R..$l..s...Eee..d.`.M..;.s.].,.g....)H].......(...t...S....u...q...h..}.=Q......}.f....J7.b#`=.$t.w.uy~..I...:..).[G........t..8....T{.g#..t..{3vT.../.G......v/<p...#....c.$.g.{..MX.`.i..d..Y.{`.Z....y6t.].$3o.`.;g:*QL].-..4qw..l.K-d.2`.v.O..m.(...^I.?J.....G.?.......w.....@D......_8S.}Y..f.;....iB<....-...(.....`......;o.:...".u=.%.>W'.BQ.^c.).4.V9]A..B...I..I........R+).o...{.M..5W..;..`Nu..k......!U....5.H...+......N.........bsB/.#...x.'.U.[N.A.Fqe....g.(.0.t......J.?...B..1..K&....u0....M.....?;...k:.B.?..y...&6L.%..a+\...t.F.I[2*...T.S....

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):5966
          Entropy (8bit):7.967735833360714
          Encrypted:false
          SSDEEP:
          MD5:766D8672CB4AB44E06DB5C015F4BA907
          SHA1:2A74C8E37D3F0838ADE883CC9A019D010407B192
          SHA-256:4BBC65F919339ED80F09CE0040D0A5E9E552A769514293BED472E60223AD6C8A
          SHA-512:8ACB4698938B4D1AA90CE13336F8599AF48635F8315AA303D6D98537222BC68D58D6E0EDD1A28BA99DA99051820D38A238FA8282CDF43FF2CFADFC72C0F51CED
          Malicious:false
          Reputation:unknown
          Preview:......>.....a..._...z..T'..-..(..xo..iM...w^...........]v.&.v....g..;..b..U>.....D.4..J.s.`...?...7..C#.ROy......V...Wu..B...J0(K.en.^?..?Q.|..]aj9....)(zh..7.OH......^...y....^.....o.QMn.H...C....gw..Y.@G..~%R........X.8T....S...(.#....C.....I.;...dv3.ZK...Q,..<."..^.....XG.N`)..o~. ..:2F...Q.t.Cfo..h...f..?O..4..t..`Of85`..x.ESb.A..x.e.=..S.^q.#.z]mI.":\.....g........6..{....?..E..<....T.I#..u.|=..........iwd.K.2[1.....i...J.\....m.....3.......'...'y_>....r...b=.[..D............C.......o;.6......1jOL.l.....?:....4^eph.B........+.<V.h....YKE...i....<..=.3. ?Q......dw...t....o.....b..z.....Ev....n.x..R....1.5.#..d."..}.7.........R.D_*.7+...O{...K.M.......L..t@.....y...EV...F.7.....!..0....d.=a..?.8c;O.{........'U.Vc%.....-f....I.e......."G...NS.WkM|.^.JN\\uL1&1.Zvc.._..}../.L.F*x...J....C...\,6>.......M.D>P.M+:k\.(..G............"p..@._..S....9/'.m... ........I.N..0.......>A...n..$cY..pW.....q.....k.........U.BP...JZ........3..tN.4.m...

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\BNAGMGSPLO.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.818555790284983
          Encrypted:false
          SSDEEP:
          MD5:2627E7A513DD3F3E3FED09D05D51EEE9
          SHA1:5BE3906AB4B390B1DDFA28CBD91875ECBEA50862
          SHA-256:29B038E8F6529C8BD559383C6D5EE62289F3E6E1143B364E5152D2A43731E139
          SHA-512:614A391200D5837F0B0BFD4EC7B01A7EAA06665788CF0B44141DCE7FD385BCA6273AA183A5A41EB0360DDED4A6DE31AFB9E68D3C25BC27D7C5ACCBF20EB2A889
          Malicious:false
          Reputation:unknown
          Preview:BNAGM.h..+..c4Y..vvj..t..W.*.......x.g.X?....A...]=lM.V.Q..P:;..k...r.3.....d.}....."\E..>.I.&....~..}p.v"..m..c.mk=.z.F.._t.......-.{.<2+.ryr?s....0.4{.E.7..^..A.Q..iQ...&I^N.....P....hb..D..'.......1.r..cg6...&G.Fz....O$.)..g......k.Q.2..}...C..&..E..>H.....U...|(..z#.!.....:#Tt.!.3l...:$......~JhD..".%........,....u..l.X....<..Hfd.0vy..q.(...D..cE...i.*%.Da%v;.....v:J(..7]b.Nr~A...3U..... A.1uV....+.h. .L.n.t.hb...8`..T...b..-...5..h....ow.j..........k...D.|..i.9C@.Y/lS...f.v_.FX(....c".m...........Nj].?..44.|...T.p.7....J.,.<..at./.@.k....bj.{...}g....<.7...G..x..5...+|.Z...<.l..MceK...[u.:`c.h....{.r..5..EC].E.{.......J9G4...h....1.{..3......s.&F.2.^!v@..HTe:A.%T/.6.K...,.%...Z..b..'_(J...6G.\....#..V....Z...-.C0..Xxa...>..(:&D|..#3....bFS....&..9)L.u.?.?..e...+r'..M..{.r.[7K.v...........p.9..Y(.5C.edv. .|.6.9..]..K9......'.,g..........<.....p:.....3..YY.A.6.<..-DZ...C-.`....&....\nbx...=(.&k..(...1.....G.B.C{W.SU.Ts.se.8...>...Em

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CZQKSDDMWR.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.871840274550943
          Encrypted:false
          SSDEEP:
          MD5:A566CF15E30A2349AB6A3C328D6A8712
          SHA1:18506ADE20D87B9F3C060DE17241153C1CABB271
          SHA-256:1EA742BC62F8AD432755CC169598479C3AE439209749F9778D33CBFF5299858A
          SHA-512:BC7CAEC076946B71B76CFC4F5276EAEDF6510A8D2966411354B3BBD8AECFC4A7CB77792C63C656FB0021A05B41B2802D9EE51AD910E34E59C5EA748CB8F7E660
          Malicious:false
          Reputation:unknown
          Preview:CZQKS..m..h..iD..Rek?D.e.=7.............)Z.#PW.\........O.|.4.?.....9wp..V...#...n.[O.....I.#.|28..P.......k.v..0..P=..+.....US8>Gc..%.V 5..$.>h[.......`....K..e{.s;..\.\..y5A..........s..\'gI#.z.I....2hR8.... .......F.^.....0.!.V...T1...k....D..LT......6Tp'....\..s.Mg....t..j(..?......~4.u?:PYn-B..w.j....ho.....g.....^...aw..7......S..,..[f..>..4|......d.... ..\Y....n;US.J.m.=.z....}.e.)...T..%.....#..l...1.Jrs..o~.._WB`.y*9..f..@`.h..c..f.Ip.].0.n..p..FT....>.&.....4L$..r.....T..D>.g.9.B.X@.2.+.l3.r.e..6...un..Z`f9.8.....c.N.^.d~p....,.M].w.....Pgz..2...>.x-v,K....>.Y..{8G.e.....l+./{:._..h..cL[.fi?.. .@J.Y.p../3...d....>#....R.....lM..)..R..s.:AK...#....1....~..2.'..y...8..-..{c.A,L.?..N...7.P.n...?xqH.."....F..a72.H.k.]...}.hx.g.B.....>G.@}:4...\."h.*4N..a...~...nqS.$.I../f.......c,l.Hb..sR.n?U3~.{.....,9..I*.=.c.....^2.MB...x1d.W..V....]S.a..+..3...........P...7O..UKP(.$....%... ...@n..R.GfB.pO}5..b.].L..G.&...&.n..y...N.. ...<T..l.Y.D.E.'T

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CZQKSDDMWR.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.842061097902736
          Encrypted:false
          SSDEEP:
          MD5:0051C503B107343A6FBE7770932CC20C
          SHA1:031CA3BB2CBD9AB5039C9B13D4E167ECE109DDD8
          SHA-256:5073B059FA8A06AFBC2C8F378B1C0B894592A5F2C6F21E910CAF3E44CFDDF8DD
          SHA-512:B1A869DBC706479954591A5B7B6614AB408F9D29654FCA2B4C2C32A8EAE3E9F39E0F9E6053426CB8D285F25809018C8B48BDB7902EEFDCBEB77D1577E33E0560
          Malicious:false
          Reputation:unknown
          Preview:CZQKS..d.......J...o..`\CNL.p....l.2a..l.........,......c.7.T..q.....g.}.M.....?.}U0;T.G-Y.4...hD.c...].e.1.....".V.8....j\.`.$K`.u...3.t..C.u.I$..X=r.<.@D.,.. k.dJ.(.. aO..Lh....=}1..M......=0...0f.2.o....z...2....=..B._"D.r.N0A.P...r...]n.Pk!.....907s...kE.(C..D.xp......<.8g7...k].....M..(....]..rl.b..Q1....q.g.i...>\c..7._......k.'.y...R...v.4.'..^%..\^;#tZ.W...I.....P....C.0.N.,=6../(..82..(\3....s...m..9>"A`q........4......8.@.^...........c] .f.l..f}.K.U.>.....^'..o..U.7.@.|.u1..p.$..R.&!:....X..l]2..1..Z+h.^..0mM>].x7.]...i...Z.D.A..s.jA,\.....U1.....j~.3.h........U}N...g.(.9.1V$...E.....N.Y...o.e{....n8eS..f.^F...#_.2.f...g=.UF.{...'_...@"2...~.^8..!.Q+..M.D..o<..g4...}... .............8..8<.$...S..E.......dE..O....)...T.qt......u.lZq...:...5X.....ojA....9....e...j..B..,....$....@9...m....(.G.fC.....!.F..#....z.#..q.....9.H................)....-K\.f....G.n.{.d..2"..)C.N....d.'tK..E%.....k.k..".<I....5.W.....d8.O..2....2p..........

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6d2bac8f1edf6668.customDestinations-ms

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):10205
          Entropy (8bit):7.98313152102073
          Encrypted:false
          SSDEEP:
          MD5:E9EB9ED896DEC6C86245468B5E5B4016
          SHA1:3B1B49C37C0F6C4B82BD5C110D7471AA14CD6636
          SHA-256:42FE9AF7089398BE3B21A69F0B58CB48A06F3958A655DF4D8D3C452129EDF03D
          SHA-512:F9E18CC0070096636D80AA037709CF48D78871B953B17D2FF7DF1A81E08936D463C95F1A8FF9B22F1E9642DCE703ECA827EB5A618BC512042F90EA16939C492F
          Malicious:false
          Reputation:unknown
          Preview:.....W.[.6......?o.....R...S...*xbd....\.R.BsuQ......HhY..p..............O.%.s.....J.{P_.{.....+t.Au.: ..&4..\\....d..h....wz1u,..../.k@"..R....d.F.^F-f.....[.c.....4_"......._|9x`..........{.K.I..vZ.X8...|)..W........N.=.n..?.O..Lt..Uth....zL$f.Y..v~.........{c.~l...8.E+..*,....^X.LH3.(<....mPP.I......w.!c....M...V....=...<d....YtQ^^g.7..?.v..M.=C$.75....Ft.#H.|m.).W....z...!....S.x..-.{Q..O...;.f...#.D.^.b.]T1.C.$...zI.S..1....I...6..*qy._..WX."nDz...9m....-Y......I.2.s.....[..k.].<.1.6...:W.gW.R..9f^;6.`M.j.vz4.....6wq.......21.......jS.,\../..........*e..&P.1.-..i.hK...AW:.e...A?..Vup&.S9v..m .1...,..f.....W.=;...?F..lP.9?..k.z.T.....M4..L1....a...........ZM.^w||.!..2.P7...o.Z...@(N..kn.=...b..jci.:-....3.'..O".T.n.}."....C.>.y..O.G.n.`I.B..d.....c! ..x...r`.G.S......a.p...3...s.........=...-W..d6++.[gX8..l..z.b."cz2..xLq8]"..do..Et}B..@..,ZWdmc5u..=.~..hu....)..)S.x.........Si@>S.yn.c#_y/.._c.?"........_H.].##%.qw....w.}..l.25.......

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EWZCVGNOWT.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.831299891135945
          Encrypted:false
          SSDEEP:
          MD5:09FBF9F38E61BE7FE10A8098F6DC4057
          SHA1:B8F0B8424161D49C0135478FD0B6AA5AA53FAAD4
          SHA-256:E5F653E46CED8A7B237AE0E0EAAB80683CFFA21D180AB067BE4ED072E6115413
          SHA-512:B745CF2A627A5718952DE42378C6E575724D8E1698BE5DF3FF4CA9F6BE3955BEA236959EFDD4DDD3F0675FD37F0E327ECE30A0AC1736AF9856E2BE926D5C8E22
          Malicious:false
          Reputation:unknown
          Preview:EWZCV.r&......5..~2hE...).e.....o..<og\.........=.'....Aw.E...'.H+..q.ox'&Xo.5.......h`.....c..3...u...6/v...R...zW3.f},.<....."....9......iNh.....|!....R\.......9a..>.iy).:E.4..AU......93.2..}B.......z.lZ-.".../..O..c...b.92..F......xR..O...:....B#V.....;..9.U.6.]..m....g"....\^..cF?2...zNjr?....=........_...y.....=..w$.Y..R9.....*i...p..0G..;...".5./.-...........b'.Jn.Ws".6 R'..K/..R8jq..S......Z'....{....Q....R]...o.)J....J...#...Cre.l}.V..!...U|z.u"...n.d..9.H..3....o..J.~....*0|.+.R..9......P..=|..i...)....C .......6.L.5..+....$.....9.O...5..Z/....ps..`N..5`.Z[..\.l.....7..I.M!......T....'.#.........F....w.3V.~:\.LnHY..uF..:.H.DA.....E...<...%....E.@.....M.&.i..r..`|.`.1%b.p......^....~.....C..z4.zM.c...........T$.I.(,...q.\.....JO....N. ...Y.U.*N".m O=.v.k...|........"4...H......I.!%.N.....@.....~C.d.."4....iP.x....D.?...C.\9T.|..Y..5I.4n..z...z..O$....G]..........\.j.%..r...+4m<......NR..6p0...K].G.v..;...SZ..q.;.B.&..

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\EWZCVGNOWT.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.861795727853454
          Encrypted:false
          SSDEEP:
          MD5:26A616A1751DC1EF34E648CCAEC0AAEA
          SHA1:0C7452018596726C3E98EA8DF93A22C09164BF98
          SHA-256:7333D9412BEC8B5495C9C87282EADF0EEF30DA2AE8C9C9DF6B18A360CC2FB13C
          SHA-512:7943CA0EFB58B4F61431F69CC47B829781612CFE008951700453EA411E176EA7FD1E2127934F0DF22953BCB2240EE3963C9FB1EE87F6D6833AB54C2C741D042C
          Malicious:false
          Reputation:unknown
          Preview:EWZCVw8:;.....R..!G..oR..[.5...?.J......I.X5 ..L....'.".q../ ...0;...Xk.n.....{J.@..Ak......F.n9+.-..]|...U...+..g.`-R......H.1.i+VQ..'......o......3.\.f.g..;....^'"2..6N.?5..}.$G.......l.5.A./.Z.M8.}A....>...]....v1..z.D.w.`...a*..d;!..c.......L..6.#...F..ELcb...9.r.[.4...m.#.Vu..?...#.7.p.lu.:Jv.$.~.i.......4...s........?...g.f i2.*.y...|3.C...k..n..c.s.....O.+.~.^.E.v...0f..d.)rB..j.=.}QM.G)..r.??.h..%nk.W...9Oi.!eg..y.O. ...[..4.4..\...D.~-f....}.....YS.d.y....y......$k.....v......6.......2..$..Kh)T.-.e...Ktj..m|.r...i..h......R..8t...})...$H.p..G(.if...)........oJ..q7...^.v...V...7_...nv.O.R.......1..o.....[JG.HY....(.....5....;.ck..W........HZ....3.oG.T.`...P.#..... M..x.......)..}W.......H..\;...3(H.(3f>#FxB....Y....G.u.s.....Q#.?x.i.W:.p...5D.`..^*P..Q.....+h.....E.F....w...H.>}.[Q. <E...ul....!.&M0.y.8.K.n......u.....Bn.....aw_..e/..4............d...B. .]....Y....e......B.3....e.OT.....E.ZK.@o...N.~.@...<..]...g........g

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GAOBCVIQIJ.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.856090059801047
          Encrypted:false
          SSDEEP:
          MD5:D3610F240715C58BBACB2EB8A18C17FE
          SHA1:D99CD375894D5B2F41668CC25B3FA3755607ADB5
          SHA-256:6A9FBF92406E475E87C1CD11A704AE7061EC40E47F7473676E07330B2388D360
          SHA-512:22C01B99ADFF39BFFF5D43E44D41E2F7C1199ED79C966434D2CCAE14B0B04BF2E07DE8C7CDD87EF9F2F799A10CF4D6D6077A593D970E443AA9EFD30F466554B8
          Malicious:false
          Reputation:unknown
          Preview:GAOBC.e.(gB..ql..c..vh6...W.....z..E.....".\<...-..!'...n.....6.bf.<...%.G.w.?]..(Jj....~.........V1'Q.hm.J..~....\..Q..Na.....%....L.3..8..K.S.........r.9.....".;...<.$1:.UG/.{.Q....#........R......D.F.l.A.'.Qiyt...q.h....7.......`...(..]..r...AtL....1].hd..-.'..m.......h12Y@.\.....aq......p~h9..`I...GK......M....*...H......Z).jT]....y..V. S........()C(.y/-..\w........?A.........t.a-.....'..>.Rl......U.".K......y..%.sF...).ff..MN.P.....Rm;..........[......54........|..l...#x...3..YP...2.[.%j...$z.).....{.Z..B.g..U~....b.-.I.)!..H.^N....*a.D.N9n.o..q..w..@.`....]lK,.,...B...2..'3V....T?.?..-N}..w8.D..u1j!...ih....72.Y..0.C...V.oX...t.........N...`.z..#.o_0..4..v.Q4...<..c...Q..U$9.4....c..............h....V..AgY.&i{K`......L@..;iO...."..%d.P.$z.,\..#... ..=.........`2|D......AS.Y.6..\N..X$...*s....5...8.....L .A.&H.....D..%....T...Z.U<.x.1D.._.;(.0D}..M.....4....k.`9V.......x..%O..$...z........6$]k5.Z..x...E..P....P#..W...TZ..!..=!8.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\GAOBCVIQIJ.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.843858312826412
          Encrypted:false
          SSDEEP:
          MD5:A62904A71EB7DD147AE0FB624E13E294
          SHA1:7D8C64B8A74ABC271F12C05CE08140EFA00DA5FA
          SHA-256:E5425DFA96C22BBCE640A101D78A866B571E6DA21D3D9B5B555442F3EE0CE24D
          SHA-512:DDD5D0E4623C33B84F8964CC79368433E252F527E31FB9D0449D29B38C40F7F4A97E57F798D2ADB5D657AD16F4914409D1C3F356E37BACA0A296060CA33A2E53
          Malicious:false
          Reputation:unknown
          Preview:GAOBC.d...HU..6:......\.........y...N.f.....o/..h...O.{T.R.......N[%..>)d.L..A..r}..kG...cC....e...i#i.pJ..Z.......X...5.u...h.a..O...}.;...;L.\....s.....g..p..K.#G....B......V8..#...?..X..v...)v9r;.A...{.K.....8x...m..X.-.VK..Y.... ...r.V.`.-f..e.-.ja..)R.G_f.e.hR.T.<".i.....w|S@.=..E.>..b.tU.Q.<0".p.....G.Q...1...H.h]Sl...OI....0..O..u.......x....s.bV..W..q.6)6.. 1.R..Q.-LD.Y.K...L....p...c..........O._=..qeF......d[.iE.V+.%U#SR.%T.a.rp\..[.......X.).L..+;..QP.|._......@.i.....f........!=>A..K....C'.D.n5........t.\Y3..&..=.Z.o..C.....$M.QK..u#.,.A......._.7.>.n...q.iSC.>}...}Ox.>...`.|...N...F..T..@.@.m..h|w..d....eu.]..)5......|.8.s..m{..H...@R.......#..T.q?mt....rb.HZ@.w..x.YR...`....}.U,#W.....xvR..o.^...#).._..g/q.$7,u.sq..1. ..9.JVRh..$Zg..2.n...P..L.i...[.6@JN|yn.1....~j*L n...zS..o'.x_..6..~....9..h=.........-E..}.\.q].....,.F|w...mi....'.p....h.n.Z..3..].m...k&.ay.GZ...e..#.\%...P.....>].#.1......t.9.*h_9...............:t.......

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\HPWKBOGVWV.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.845416009027871
          Encrypted:false
          SSDEEP:
          MD5:F2CE12C87979BE4AA832F340F4255E76
          SHA1:55297EE227F0984DA29371B579F66A5E61A4D489
          SHA-256:E224FE6F7DE26FDAB43CBB5BED9043E2498EE8E7701944960A61EB5956C45482
          SHA-512:2BE2CCE1D4E6DF4E9C3CB70908DEC071975D141ADB8F1AC1AFC424EB960B8539FA5ED3690359E0E243572790675013779695EBB695FC8573D4AF656339923094
          Malicious:false
          Reputation:unknown
          Preview:HPWKBn.z....../.*..>M*y.........7.8.aV.b.....A.f.}.lrw.....r.......o.|pJ..d...j...#....^Nd@...Fi.........F...].[F.....Z.@./.........$.Ou.Z........[...3a.YP....~a6c.Yo.....:.y...W*..3.}...tb-......p.....6.P.fQ.L@...0.3T+i...P..C..M.G...+`Dn...X._.*#...>.b..d%...P...>{c....gT5G=S......sL.(E)..T...1.>.zX...G.Mcp........L.zq....F....q....bD..z..RO......>E....'.l=}....<7x..PlDB......E.5...<.P.4.".........S1.@iXk.>.F]..u,sFh.[.W.o...8%.&...+.P.....>K......G..N[.8.OD[.NSU3.1-.........E.x...........t...#b...z..+."hV.......z...^J.N^nla&.Y.N4..b.i.'...a..... ...b....Sb....`...L.J@.0y ..4....is.~7_......<.`..V....-....-6..v.u.s~)..yT/..y.RL..ut...}P..--.vo.....d53v:W. ..)m..7....N..E-..M.8C.DJR.CH........2wrz..+c.z.R.g.y..<.3S.9..."..K..k'.l8u;.....]<.1.K.....4.BB.t.9Rs.......z?.......sO].f.8.c....K.}*.M.*..%G.D.b..!....,..B.....;.).U.X[&P.>.s.c.}......c.......m....D..y....b2...].7..K.\o...Z}Nc)..(....8b...'...%{..6.FC....-h.N..\.......J.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IPKGELNTQY.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.860377149397208
          Encrypted:false
          SSDEEP:
          MD5:F9B4A02CAB66FCEE4D2F8F9E0A9D0181
          SHA1:1642FA4D22C3C7000E060509ED5682913B77830E
          SHA-256:8A359CF1C13F917911E3DA9EE7EEBEE90A181AAB01FCF2B0AA63BF4184311AD9
          SHA-512:E04BE68066BDC55A0560803956D0825693CA4201DDAD9CEA8C4BB9CE7FCDFC4356F55753723EF9F164B247C24840AC0220ED3EF03B1E364A73290615416195B6
          Malicious:false
          Reputation:unknown
          Preview:IPKGEF`.q1....zH.F......."c.JF+. S.O.s..*..%<....5cQ..S"...CE...-._.Y.r..:Xk...1.....Zc.|..U....'B.DJ....x.d.T);{.~.._..h...?D..v..!.<M.a...q....&....z......!..J@..T.....-.KD.G..`.d+.n...8..KQi"...mo_-..~`.b..i..+..b...t..q.GZK=.I.......2$..HMo./...Z...DB.rM.@O....[..h....%U.xw.*O...t4.H..'...}.E.|.Y....k\.....?.2...@.YU..u2jG.._f5.....T&RE8Y.....=4.Q...k..;.*........R{.......W{X.x....@.....a...)[...+.Mw[>.hjv$.......".....A_`...'F?9..0....,.p"..I.uB......._.E..0T...y.....1..4."..k.2.*qoC.QN.G.8.(...r.y..{..Q-.'..{...A.<E...<"...x.V.....g. 7".........bp.......^G_......@....8..4mNEvE.0..m....-t!.:..qv>$2.`N..W5.62...wP..q7....0N.ZU$K.H...O_.....TL....R.V.....)......?........!.7.j...,......|>mF...%.g........\#...R........99./_..ZQ=.E......U(@.....(Xi8.......ejd......#./..9..L.V.......T..eVPf...|....[.(Y...`.s.......+.X.&.e.Q.\,.6...2.A.f5w.Q7......._6..u..-.....\.J...&..E.....$e........d.%h....pX ..L|..y...qt....e....|c~.s...

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IZMFBFKMEB.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.843663142127572
          Encrypted:false
          SSDEEP:
          MD5:376A2244EED2B97910A166D460973873
          SHA1:BA840256887187551387AAFD2309B951007C4048
          SHA-256:9FE6898D4418BB330CB14AE05A707192B383E4E70FF22BA2B9265A56E2C9B14C
          SHA-512:1C438075926B670E35EEE5EB1C4C853ED4BE79F0FE8B4A4CF88DD5164690A8CB2D4C88D05E937B8FD696F51A07373068E028031F06E927577CABE65847B29D20
          Malicious:false
          Reputation:unknown
          Preview:IZMFB...o...%Oo..e...x3.3...ZT.......1...0...~..U....I....8..w.^x....s.!.5Z.D...B..'...~.A..<T.NV.c_.~...i.J.(.wE..l.....Z...+?{...GhY.W8.n...+4P!..f.+W.....g..v)IH...k>.....#.r+.........rh.f.....,...5yN|.8..!...{.`pq.$...r.y.r..j.U......i_4..wN..w..9wd4.h.{l]B.....U]|[..m.].....O;.!................a....{>..TaFw..T"g.W...C.....s......SM..~..(.}..L+..;.S.....v1.x+..".=.[...T.y..[y.P..!.`...Q.cz{.c.zS..GA..o9H.D....q...$.e.E...W...g.E. >..G.=U}......D..=M.7.n.....^...P..3.=.'G.!....i'h&...s$..j.y......]?.JQ..K.....9e.m....?..4."~9Y.5........n.P0......x...*)j.......GP.g.....ay.0~+..(.....j....).|Z!k<....Ni10.x........1:Q.d.h..u..1.T1..r:.Sb...l/?..G...M.8.j.*...78n`...C.{.::N.!.<....?.e....:.....t.,*...y.......6.f...D...'.5.3.?,.......}.#...D..y&>.d.....,.n3...h=.w..DI..x*bo..[j...8.\.+.N6...XW.j.......V..yv`{w.....Hy.2..rc.5...\.-iQ.@X.a$z......N9..;.(CA.Y........f.....lu..y0.5.O....pA.'.|}.W.Q'x....B.H.e.8<f.../N;[G....)......._.+..,.....&.=.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IZMFBFKMEB.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.866907571515697
          Encrypted:false
          SSDEEP:
          MD5:F99F93FE7173165DEE80636A4E1E71BB
          SHA1:2FD250AF428A4FE83979ECC93EF8E070E64BC015
          SHA-256:2AA3FA008CD4F6828E017C15590D5AE041DDE683BDE4804EF3E7282E2AF17FE3
          SHA-512:8A6266EB96E8CD9C0F80FCAB0F959DD9453BF913DAE601DDB61153C2682961194645CB5021153CC9B73CB4200B861CE7F0E8D4E5D6EE5FAE86D5B793BAB1B811
          Malicious:false
          Reputation:unknown
          Preview:IZMFB..SPo5HpU..A.q.4.....G...S.L..........g.}p.....i.a.....&.n....&.W....CT..%......,\..MhV..z.\.i0u...'....r........q..h.@8u...o..<*.g.A.V.D.s...N...e.._`-Sf.A...>Oo.Mm..@....U.`..M....y...VK..H..%OAP.t.'.y...9..orm...M...i..Y.T....yG.K.F...\.Y.........O.D/..Y..).../.3!...K.....`x.A..a.....~\...............5...E...~sf.U.:Q..aFS|jaec.t...w...s.c/...;!}Z&uyh1..n.....+,.N...e.P.#j&:.QfB...0:..J'...8p...j...<.z..j...X.a[.n...[.C..;gq...M...L........!..].}..u...e...-.D.[k...V.N....JD...e.;..{'Vz...wB.y;j......q..l..t....\.q0..#.../..q...g.`.Y~......{......>Q}5.9.z={+$A..{2..A{+.y..A....'..k.F..R.b..#y3.u....M.Q.vx..M..........z.~4......|........ko........7..$.J6.^F....b..........R3z.f......Uv...F...>x....LG.m.zyp$i^.....wc.Z.1_.=..w...zT.......3i..I...7..;[.d.._.3.W.M...?0..=.x.<.W.@..=....(s.~./v.@.v....d.w.......~O5.M.qC.J......,.U...F..^......E\...7g..\>^F...X}..%F/...a...v.{|....e.Fc..W.............9...$......}.ww.3x!.....u.a........T.}..

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\IZMFBFKMEB.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8608912271646
          Encrypted:false
          SSDEEP:
          MD5:C50BC7E3879B27881363A5E25D1E32A4
          SHA1:493F03F144D3D3EF844F8FFA490E0F71F5EF0627
          SHA-256:32B70CFC89C3273EB9F8C39D2F6FA97B09E08DC786D942467E28CBECD8B945D9
          SHA-512:BACFA98F89A63DDD46E63DD24B12F2AA5020DBF93D56A043A98B49EBBD7A8EC75FFAB664266C4CCDB6741B0F47E7F6C77462BC08F0EEA22FF38900A87F0B076D
          Malicious:false
          Reputation:unknown
          Preview:IZMFB.T0..w...U..V.....h|.../,..U..P......BT.0.C..Y...@.=.q.....qa.]........b.q.....|.Q...>6/'v../..-...YH(.........e.9.?...S.i.C.#.l.~.. yw.\..%.w.......kr1.@.....~.O}........&_..#....J....:.4.7........A.j..tI.M...".U..d.T.....E..s.o4..!..o".......G#..z..xQ.=g.w*).~k.....jM......OW..&x@.%..........tOI5./.B...^....P.....f..?$........(1......s....@..m......3S.aF/.m.G.H ....=.j......x.(%.R.5.f.p.7..&1q&8..b.`...^C.>.MG.E.<'%,m3.%.......=o.I.\.....P..~$.>.}.WW........8.]..!o=..O..5.R;..m...#.j1.IGYwA.:........66.bb..w.9.cO.$..cn.Or.0.e.L.m.?....U.....U....T$g%H.G......v.y..(.g..M...9/...j.:.\.b...@.........<...c../.7d...........KI<BU..w...PA<.&.D .....].O<(.k...H.`...l_.Q<IO.Mc.?.C...s.v._1.._.8t.4..$.OO.w.=...Y..[..y...C..\.mqB.... ....5.iW..2t.Kw.f.E.s.d.jb.. .c...nq....K..d.....b...Y+_1...}....4.&O.J.......6.Q".VI.?U^oyt...J..]m.2.....>.........{....../Y.:Z..v.p.Cr/,..M.fcX.......).V9..k.d....y..vn;.GV.I4Z@. ...6-...E&.f.N..CS.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MNKQCGFJDG.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8584621286663845
          Encrypted:false
          SSDEEP:
          MD5:8F73FFE2352E577B88AB24EB53FB0302
          SHA1:EE6A53548E03814358D5A35B0497A6B85965BBAF
          SHA-256:EA986FA7FB138E089296C62833D0FF977529CA5A49930D558470C246F5102249
          SHA-512:3E9A9611068CF61F0B1C3FC2C0350CB37FE9D730CA5E53FF7BCEA1AD3D047C83EBE835BA82F39DA38319B64A4F586D16C4BCBE0A6A5904B08E96A85C8BB7120C
          Malicious:false
          Reputation:unknown
          Preview:MNKQC4:J7.aT.B%g....1..t^x.....6..Dh....5..;.3H.K.Z....&....Z<Gl..`......Z%..6R2.../. D%=.!2...*.8.x@..a.e...RV..."/E.Wt$..l<...|.{Xj......M.........G.......W.xf...5y.Q..U..{.3o......k..t..yX=Yf...'T..:.....X...O....w+..^..n#.4..u...s..6.&..?N..[..W3p..<...n.....D.....{..F.)i...{.hf..Cm.u...n....[[..>...)....f..1Z.q...r....2..M<.~^.......#o..<{. ...x...p=....2....>R.Z...i..z.g.qj.,.q|......d.c....]...m+.... ..Aw@...../.;.... ....$.9...D.N..@.#.#.A.?....=....5L.+.=..Y(......PO).,...<'........e....#k..Q.W~.H...=.)\...+.i......GS7.....c..j....QcR5o.7..^...88..('......bxD......K.O........W]['.zQ..T.s:z$...@...._.$d.87n.T)2J}.@.*$0$L.a$......h..!.h....g.r....<2hXT....1......#..u....Q@........eL.m8.(.v.o.$.........%..;S...VQ....?...".S.Y.._..`y..3Kb|..,.G^.s.KY...x......}...Bm..k..ho..+.......C..V...B..n.'+..$l.jD...h....=..F.J6.F...Fh..0......OY.Z....F.P.c.&...yFn.....P.1D).!.n.st.....s.+6.xe.k..B.6T.g.1.`...@T....A..+.;....A..Y\.....).

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MXPXCVPDVN.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.833828833195153
          Encrypted:false
          SSDEEP:
          MD5:C13D003629013569BD063800474B29F4
          SHA1:0DD64B8D63E69364FB4D0C94E4AF55FDB0DFC3DC
          SHA-256:D4D2A8E5A9F41286D6C42E34E27E0969FDF2648A64AE62814CB9777E87C5CBAA
          SHA-512:E016613BE255AF04241F0084BE70828217D526CF414584CDE9E6E8D69AB591B82A86DF1A495DB91E2A445607C8759439E490B2101FE42C155E89BB86EA3A0A29
          Malicious:false
          Reputation:unknown
          Preview:MXPXCV..S....)K.5........LM_o..#.8NW.;k.H....A.K.._..a....y......K.!....-..F...A_"..f../4.cu.X_<.L-.~.h..F......+zJ..a.D......{...x...8....6wb.Vw.<. .B..kHP...D).d.,.uxN..Fp.....LQ.1.J....QmG........[4v<...J...?.......9..e..a...U_.A0..N..mp......2.....+.`.'..`..<h&~2.wn..1...[..i-_.....dS...f.K.(........r...D.1.......f.. n{..;...=....Hy....E.).0..Z.. .O...-...PZ......M.....v..4L3.<.W..k...1.y...g.]..E...U.r&..!%...(8..F@.S..G.A.(....@..\Zs.%.j.I....R9K...Q..;.7..)..N...A...UZM..I.._..y.:y...x.V...eL...*.Oz=..zk.....9+.\.........E.+L..c."(...._.../..M.V{2.....L0.G....+...+09...wQ5.o..r.....8.n..s..f{.U.Q...I..^L.~Pd..H..Q.<....@OS..o.rr..H.AU7....r..4.....T..c...4..>E_<.pa..V..==I...i....N...Y....R..q-....%..6.E..Ma....XF.....I......i.u.>......1.....O...."....{W...`.p......... t}.H..0.....<u....Q..z".5.H!s9..x....a._..U....x.~.......kr...*.q..........=.#....4.d.*.......TXQ..P...Y...2.O.yA.W.RVb..6.]-m.Z.B../....\.g.zM.A.]I..

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\MXPXCVPDVN.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.846660666321264
          Encrypted:false
          SSDEEP:
          MD5:A45749D8DDDD4E73916F2E044A288251
          SHA1:1F33481422A6EC7922E3BFB641BB7394C7A20174
          SHA-256:8EFC9DBD4E4E4BE3F98BDDCB710AEBCE3938D1342D4AF5AE8BADC6C21B802FBE
          SHA-512:C5DA0CB893494DDBE78C5B735847DC5B54BBDF647C6C3E27D572F5780FBF0B13EE36ABB12B59F197F9AFD3AAB26FD4EE1FBB5FD7BDBC17BFF0CE1B367F47D67C
          Malicious:false
          Reputation:unknown
          Preview:MXPXC.....,.i]J.R.cc|.B.CR..O........o..J..&.}v.............;%~.e.&L.......K.[.h........E.._.=..*..U....h...=.Q 9#.!....'p.........(..BwC.~.h..-A.p.a_n#.G..X..H9..sV_...=.t.u..,..A..../.I.E....+.%dX._G.7...{.g:..tJO.DQ..d..{:.yu.f#.T.[..Y.s...._K...TE....'*E?..Yw..L;R./...#.)<.;...<*.+Ut..3.B.D.Q.0...Ec.49...#.Z....R.>.....skHT...*...,J..v.".#[..'..-0..?.[.....{.&OX/.Ug....B;..!........"....&`....j...Gf#XA.v.9...U....~.....I.3..v..DS.rA?...v.&.+.....9....v.2........k..F......:...~.|..".v..P...8S.1.j{e.b...@.{.J.7."L2@G.w.....g.C.........-N...........q..}Q..........w>m...A.......N.S6:.6{..&k.4....uI.,a$t~t.[.!.@....N.u.6b....K..:..b.F..G.b..j.BP.=p..G.j.*...BjL.....t.-6.3=...Buk...Mj.]+..z....?fq{;M..!..[~d.. .TW..r`.2...lC..s.....5y....pb..QA!.v.\...F...c.........k..B...6.E@..w...N:.f%..jD.cj.D./1...T..KH..N.CA...z.V&.M.-....+.Y..........C............^syt....9.-*..OO.....p....K.....N......N.T..?67^".G.r....K@G.=..@... ."...`...R

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NEBFQQYWPS.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.856809080247492
          Encrypted:false
          SSDEEP:
          MD5:5F053E6AD1B795FC0E73EB0AB46FC71F
          SHA1:33B608E9C45C98DEFB133346417B5543FA2EE08E
          SHA-256:591650F32276F75C66848D221CACC66990741E0C7491F0803148CF41996C5B76
          SHA-512:CF912939AD3C8CD996CD26453CC94B934C11391F0E87FB75C182CBC283B7060D24CA1CC4476115C283AC0A70A1DA607C85809C46BF939DF66E71B30D69C617B7
          Malicious:false
          Reputation:unknown
          Preview:NEBFQy.Eg..W.....X..LS..b.+W$.$...HQ+..).&....J+5]....B..0...*.....B..?*Lr.($.s."...k.l...'.]..n.\c.........l8.F..{^......}y.T..DD..T.y6woh..FAN.F.........Y7=d.i..6....Fr.]sI.Q+K.g..7......#.-..,{..z...h.....5.$..e....+....z.Ep.h...t:..G.....x...J..[c.z..Q..&b.I7D..'..v...1TlZ..%..L..n.O.4&..62.X...#.....n..h)Fo......&._p....(^.4.I.iV...o.....DvP}.Y...b.....K*....}..5[..6.E...4c.FA.....h...."._J4..]...E..x.<..$]...b....(1zx:..U#.+.d........^.9./....&G:8..>.(..,3!..:.4..V9.miiT..9..Zd.RUHn>........Suy.. ..J.i..(.v....P.Jxye.....>{J!z...{a|......\t.A#m.R`G......O....H.3....m_Z...Q.........A..'K...6..d.u.L...|...;.{"....!5.J.C6...S..4.%.'....B.;.HN*.....]i....ov.p.........Zlf*....>..'.a=<{...%.`..{.x...8'.....ou`a[I......S[...,P.s. .....m.[<.y...j.N...B..Q6SxEJ..O=..mx\W~....Ou..%.u...<Xr....59.O1./,...F...m.U......F...@.U..Z.3.Ca........=.+O.:....."T..oU."...*\..M}1/..w...kP.y.?I'......c.....^Y.....M+.":S^u....T..J_g..W...\..!..9+.cR.=1

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NEBFQQYWPS.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8484096340082035
          Encrypted:false
          SSDEEP:
          MD5:292E67215FEAE9C50D473D7B11967B8E
          SHA1:46D7A30C86E9520750D50E0A257DA96B0D8DD994
          SHA-256:FB43492747673D013799D819E2AED0D88E863B6150E1CFCC7E9C3CA1EB7B9AE2
          SHA-512:62920688A74AF0BBFB54807421BF119F0A296F54266EF0073710ACE7408D33B1EF9F33A96706403DA6C1E56C5CE570177C98FB53686172F6AFACCC8F60F88DC3
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ..@7f...$UP|.....k......:..3,.#..g.P.....|}.p.......t.....:..g......3..K#h(....[U.>.'w$..K..|V........5._../......*Fo..8.h]..K...qh(.:..s....TqY.l..@F..k.N....!b.S.3.%......07..4}M#^...dI8..2..Y....w..e.s..sW.+.......I.a.....l>.;.q.I.`......)|.......b[.S..%.cx....Y...j.....fY.c..12.]U1.E&8..}T.N.x..F. .Y..nM.%..C...Lh.U. .Z.].y!..Y.e...ZU..].%.J..;..R..N...$.A..33...lf.A....R..G...q....L..M.JBL...9..[....yV...*.|..d..w0.C..y.q.U.; [.G>g0..L....z......7..Q..Y...e...o..8wK.0Z.._iA=K....&.a.....A.T....7...Pp..z).]....N_`5...A.h.........WU/......O.'..P,I..=c.B.;n...!n.-..v.'.\...|..).....6_..[...Q....o......~G.d.5.x<4N.Y.o.".8*x.S....V..We.6G.t.9.b....NKre...D1....._.C3...i.U9.0}n.../.(....j.4a.......>..1...f.U..1.B.um.-..PSI?...;.k..?t...$Cr.....H.fi..SYv,{V.3.n..#b..A...;.0.......1}.O....(n..Z.]F.z..T|._5..d....sr.V..._y.8_/.4....5..*..q...].r,...Y.....Q.no..6`{..a.E.SH%.6.D\p.o|.*[.I..So.|OMU....^.Gs...A..O...)...O....c.(..8.a.ok=..U6..

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NEBFQQYWPS.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.855874098877659
          Encrypted:false
          SSDEEP:
          MD5:F875203B534EAFE22926C6B6DCC69441
          SHA1:A8304904020E4A7895E869EAA161CDFF3F690600
          SHA-256:864AC89FC89443BF146BA70A2360045C00F6F4239D770C82F79C22A44F9800F8
          SHA-512:8F1EC4C4D212600F674FDEC7DA626F188E2766C3700ECFEB27B5C0ED5CF71063451FA7282881C7D6E6325778B781D591AABFA26EF1DFBE892FD164C53B8EE1DF
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ).XFDb.-?.!.+....O..5...z.H..M..=.RiA.T..u..O.........].w.y-.5@....D.)...P......v...-|.x...........K?..;..i.. ..G.p=hD..._.,&V....CK.h*...ab.z4.h..*Y....H.9.:.C>#3.3..H.......o....h.....uJ.....H.....v...M.w.+:........F...3o@.....|C,r...t..*o.d.sV[..BR...n..$<...l......^.$.5..}..T[......*.e%53..T......P_b...Mgp..bv.....7x..<I.LJk'..r..".Q!..r...5f.&.9Y..fNvU.c...h.z..^...8.......aW.}.tv....,.d.....y....nV.L....f.......S...%..+...CImH.?.>..\!.!.Y..b...c]/TSy.5..^..<.p .S.. ^7.......[P./.[o1..B...l...U...v...^u..e~.....R..V@.1!`...jCT.>...".|..m.>4X.^.;...dj.Z.b...W.a.?.}l....U...%....d..3......[^y..2...i.N0...[v<.x_a"........tG7.B.(=.D..-..>.Z[+j.e.K.x.x<..=.+..U.....@...>zH...I.<.l..R...[*n..P.....m...%./z..!8...ve.e........0..oW9..,.....rK..S..6jX\2....k..]S..)...."$...i.....D..v>....%...U..9iS{.p.@.:[....:.FJE.}e8.....Gi.........#.n.. ./......WF$.t.....]..0..,S..:....p3el...:....w.._.v...cn..1Z&b.~...|3.B.S..AU.Zd.oI.X..2&..y.G.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NVWZAPQSQL.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.823218396222573
          Encrypted:false
          SSDEEP:
          MD5:386D6F021A8AC2A6EEDB8F75CFA22026
          SHA1:CA611AAA28D226E46253222BA5EF775B20024F18
          SHA-256:000C8744214F4FCEFEE6869C153BD9EBFF2E2D98BEEA0C85927B2F388A288A65
          SHA-512:432E41CE773A60E0DD7246B6A4FE8800D082D6E88E2D38221EF4521330C14BFA72027F244389CC1C31C2457DFB4CE0E1C1287062433749926FDBA493B9916EF3
          Malicious:false
          Reputation:unknown
          Preview:NVWZA..[...(..+S^n/.t'....&e.G.....c...0A.....G!.3PY..5..#....H.;6G...(.b.Rf:.+..0...y........sGc...@....7M. 1uh_.^..P7+..:`..v*}.?.....$...).N..$.1.M.r.P..$v..*V......6..{....C...)......a.%.8!..9.8+:...!p..N.s...^.kZ..(t>>....r+C5?...R.0.....F.L..H...<.>._7HV....L6......I5..h.e}..G!..|.Z!...<.u ^.:..BG.y6...v.$.G<.#! j!..4......3xeI.18..1.J...S..?....b..r.k.....}.."....V....X...R...HW.P......,...1.q(.?....Q>(U.-.......[....i...........]F'...3r.i....B..S.{.<....!.b..+I.m.il.....f:..|J.@......YT.......M.[.+.)..WH...qn..Y^..;.R.]......6,x.<..]..y.d...A.2..M!4|.<....B.....)2...!......J...'.+5+\{C...7Q....w"...PX.W..f..`j......._...W.t.=."3.G8..2".l.....|.}Q...O..3H.O'.8.........".;..6.S...(..go.n..}FJ........@>..>..:nl.....x...vc.....!.($..y.c......g.8...W...X...... ..N.&./..[.............;..^++../.xv...|..ag...?.!..{...2.. q7...E1n....N.f......B....LW6...........5 dy.d..bP.1.9...E._.g)...;K.}N..t)..s.^...C....gTR........*...<..F.2.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NVWZAPQSQL.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.830974227842817
          Encrypted:false
          SSDEEP:
          MD5:09FD3460B116595515F84C8F092BA0FD
          SHA1:021147EEEC0444CA0955ABBA8ED9B92DC34CC8CF
          SHA-256:3C236752894ED299C515B1371F02FB3872B1B60F317C3135A19A371C61DF1C6E
          SHA-512:68C19664DA5993F8EEC3F12D820B161C7EC210BC261F18D70907D5B86A1011384972829234F8ACED6326EC7704CEFD1BCAABB8A5BFE3DD62C83D57F10A3AF616
          Malicious:false
          Reputation:unknown
          Preview:NVWZA..d..vt..wO..vY6!8.^...;....:....&CC..ls...i..'.7K..V...Y.7....ee.~.&@.eY..q ..f...Lzb?7....O@(...8h:...w7q..bd.y...g.,E:........8r....(.0...2.......z....iq9...N.j. L..I.c)A.EP....y.....O.D.p&.$=..|n.C.X1.[.<%....".{...0_<M.......=@..,..>..(U./$F.D.Oy....F.wK.....A#u..;.E..X.U..;<.`_F~.K.......V8...~.~...7.V......Y5...f).q.)Y.^....O.6..@y~=~X..8...&.)......,O..@.cI.....r.Z+=...4.=...m.3....R....5......k.J.8~...C...e....3.N_.uF..n_.W...\-........6...z3..x..Cb...A0.iG.......X..nI..4.;..8LU.4.-..2@]9E\L.'.s.4!.4....T......5.&J'.(.....",..{.(..h.Jb.g......p...}.W.:.Fbr!.L.y....4-.5.vt.ca..U...b..d...o..aW...x .'.L....R..D..O:.l.=3..+..K.... .&..S....bg.....e.XN...jd)6|.A...-..[....P...@.....zm.q..=E.......IX.=4X..9.5.....=.i..&hS5..OI.C..O.c.?_D..=...?..C..J.D..x?.'.....u.4..0O.......^.x.~._..q.....-......<q...d).]DG.r...!...V......d...E<..).H.=%..@.........#...*Z...=.....IJ...#T7....8...T`..^.$..`p..5..|+J.;H....s...`..cs.....[N. c...$

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\NVWZAPQSQL.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.81900345316788
          Encrypted:false
          SSDEEP:
          MD5:5911479DE802DF4F1EC5481E333A50EE
          SHA1:9840C454D5C0CA8E54EB3406F2D3839C40FC1CCB
          SHA-256:401BCEE5A43D13DF020BB80A87EE8FF1E6A9AE6D33CB4253BE9EB931FC7256BD
          SHA-512:0BE4BCBD099F2E9038B9E133E46B6E68487095215ADF0D426369C7B71852B5377B635BD750739193C129C5B842EBB45AA9460C67E1CB62B9985156ECEC18310F
          Malicious:false
          Reputation:unknown
          Preview:NVWZA.I..^...q...D1.Cz\-w.8:....F|.'A8_...JMIGB..=.d.!.0....F."..?...!W.tO(.O.z.n...E.lK...7....-.....;...IyYB.]......+...w25(JE.....a..V..;..}..w....:{Y|...e;.!?..U......-g...l....W.P..Z..Q.}....Hh<d~.<..S.. .R....K..'&.9...!}S.........ac...y[$$..>...".CA..9.....ti^./V:g...".)...t.7..l/<)...;HW-.u&...V..9.;.,..A..u...N.F!.,r....h.rn..qz..N.w..P.5S.....m...~...:3C....hD..Uly...]'..C..p......t;Y.HuP.p.....Z|...._.I..\.H.....<..40>mI.d..1x.p.?.g)..C.Tc....A.0..Y..h..+SU0Z....l...vl.....p..... ........g.+...S..W.{.b|..E.w.[U.K....1I.&........9.w..N...I.Q.*.....<P0?.g......Q..O..3h....5.(..4.u!.7..}g..`"6..?].t..v...5..g...q..f{..'.v..in.........S..b........B.=..3.c.?.....K.:2...e.ao..1.FD.V5.\8CU.o<c......;8..v./.p.....f.......Y.pQ.,..N.....t.c.B.a.}...\....Dk.M.,Y..1.;0........:g.g..%.. .38Ki.....M.w.<.3..@ZQz.R.ebffQ.............+;..hV.M...R.[~...{Gt&.._u..7..L.ztSL4uO7....l..;.J.......+..?...........{.Y#..).!.^?..pJJ.......jo..J

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWCCAWLGRE.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.870030257992837
          Encrypted:false
          SSDEEP:
          MD5:559CB11296EAFEA9A11D5EF0B73474DF
          SHA1:B630D1E8C14C2F0386C4603D5E2FA4437C018CD6
          SHA-256:750EC809C9A37D71878EB04DD222A2586977802AAE2505E03F03C24A1A687B94
          SHA-512:9C158DC663607231C2263B77C23D447196B4FD4926D63E8A2E92B0387671493DFCEE5A03EFA2EDA412F45A37EEDC6FF76E207E35C67DB709470C8CB39F5527F6
          Malicious:false
          Reputation:unknown
          Preview:PWCCA.Q1.b..i..t...,D.q.....a.h\X.V..-......j#HL.....x!.:..U...v..y........-A:.......OM.y.....*.U^...>.T-....y.....n.`<.....A...J..f..X.4E".a...."Z...*..L......[.T...^=.kA.X.....M...w......(.#).O%P.H.n|..j..UvaN#?.....Y>.F.._..U..".c.<A...i=..<.=X.xp..j.-D..........h.........lp.[..M.U....JO.......(.A..I;...@I...v".!....'...../..N..G...,zq...Sf.)M. .Ut.@j.l(..V....T.H...=...o..&......]...d.B6.O.:... ....S.........../.V.s..Ni+J..P}...u.....y......l.':.3.M.D..T.....1.k.>D....H........+NM...s.$....I.Y..-.l..V.......L....-......".Sw..q.s...b.._..V..0.. w...I[O..dJt!.Lc.%24...qG.,..;....q.Bj..Q.i4.`s..../b.:...[..ay.p..V.L}.e.|......s...4.D.J#u...c....M.{..C.H.3/.'...T. .:..b.M.A..7.....y.-...'..C.O^^..;1]s......4...g.........Z.{"..."..~.N.J.~...2..K`.6.[c....i....6.9.CH.o|..%(|.7oN.G.Z~tc....;F.g..$KY....".gt.v.RV.....o.[SOG..>.........FB.....1ozi-.....iNE<....(.EE..b....t..l.9W...p......j...r`....D..jd&..u.3....._H...s.`*..7w..q{.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\PWCCAWLGRE.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.847467609691885
          Encrypted:false
          SSDEEP:
          MD5:9EA6D8026220F580F6F285584644D1BC
          SHA1:DFB5020CC0AD0FF0F29C43CE4E5F1BD8952475D6
          SHA-256:B7D927BE5CC5B6CEC59CE818BC3D9C25AEBBBCC7A6241424945E7B387D3E1036
          SHA-512:5DFBD6BA681B6CD6286AB4F2ECED386302D6BCA4E25E5460CCF5E21E3457B57F8423FA037B335DD2823C4233CC4123EB47D076FA0462D575C5980D44753CD3AE
          Malicious:false
          Reputation:unknown
          Preview:PWCCA/..xu..=..@.et......,M.w.....[>.t U`?.*...E5.P..L.....F;2....m..B..6.A.L.......<......3U..!...........9.".B..b..K....44...........V...cL!/..sSs.!..u....^m'Yf.(.......9..{.Y&.L.)N....'n.~".H...R.K.....C#.|....7wG......F..u.g...k.8.{..E?R[...I.W.....'...m'X.2....I.A...*"v"K...u.%F....,.r^.x...g...h...x/....g....h..wy...z....l..J........;&.;.<....4.P...S~....BT..s..S>u.n.i..#.......+M..O.1..J..+u.".........8.aA.WD`q!.?]#...z.....Q..8.0c].R..t.....[..Hu'Q..p..7.5...yF-,.P9.......9z.D (0...^......].p..h.~_..Q.x.]"Z..#4.E..Sp.\u.u.H....j..|.Q.t.4...a.w...I+._...##.....rz.i3,2..""..8]...n&.GZ.......>.k..S.......t..B..^...#.....Z@..4L.e.Tn.?.:<.72.(.u%!$..`.~&.g.O.......T.A...`jIV......S.......9..6.....d....5.....O5u..]..6{..RT..bJ.y...k..6.7.....A2...IwQ...-.N.Mm.!..b..~.^$....8. ...^..F.3/....."..|.A.F.T...Q.r..G.P.y.*[..l.u..[..s..GI8.r^[..%....V~l/Op`.?o4.....:~ck.G.../.a...^2+^...7....ZKT...X........\U...FS$..p)O..*PD...b]]..k_......X5..3..

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QFAPOWPAFG.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.850876243695911
          Encrypted:false
          SSDEEP:
          MD5:50CC7E0435535B6EA1F32FDC5A31700C
          SHA1:5A9D50828C552F82FC2166C6A711F1AE23938EDC
          SHA-256:5BC2F536FCDA9615F92E259BB21C9BC65A7A4FE114B373F5FCA45287B8F391B6
          SHA-512:29616D71A9ED74F02601199D839F3EE8095B1CB17C7402417D387F7E4410B32425159C69B73FC787869BF9A8C65E59F0E25510AE787B6415BCDBE0AB93632ED1
          Malicious:false
          Reputation:unknown
          Preview:QFAPO..C[K.`...4..&.......r......*] ..!.8w..,I.@..&..{;\5....>#..........'6.Ya.j0A0...T..2..P.'...Q.l.a.C.@R..gN[~.l..u... .H.@.......t.X.x..4y8Bt....~.H....*[..r....}:[..l.r<..,.H1Lqw...\.t.e.Z...V.^,../...'..........Y..C$....9.x.j.......v.j."x..'.>zs..|:_.....<..)En.......-l4..~....F;m..9Q&>wOdg>..z.....[p...D.........T..a.q.<0L^(J.Ih...Y...$..Vzw....D...C.........q\......:.?%.*..p.D.Q......@.[..}.c....Z..l.D.<M.....s.&...X.%.L.g....3....T.....'i...(.|&...]YR.B==....j@....9..n.Y.[|........>.....[z....6.....~}..LU..}&...sxxS...Z>.;.#x.6......]....r.c.3d..\r.. ..g.m.7$_.x..B........w...0..."..(g..5.....).].N&.G...c.o.3;..U.Z..z.?.?....l&c.^.#..4',...{..*$. ..1.f...i@.;T......Z.#......Uj.QD....{.......<.>A.g#..Y,........i.<[.8.2.6#.HU|\.K%......c.......!-.]...>......{.".|.L....._;...*.{.......DnJ..5..!.QY..U..k...B:.d....G..D,....V...N...S....R.^.4[....Y>.&.1v...L......*.......;...'..k....#=b..j..|Y..6..56..T....._3>Ih..N._..J...T.......

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QMJJVFJDVI.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8300696380461545
          Encrypted:false
          SSDEEP:
          MD5:C3FA9933D2A72EC578AA78AFA0A429C5
          SHA1:98957F3E690D6119A9D3B35804B786281F974156
          SHA-256:A202981AA7793496989382BFDBF765FF0CBE3BC77281F46F0B3C296AF6CD3BB6
          SHA-512:2CB35DD9964E2386DB9552F4B2D7209D0369E0C7686FAB80C9FE622DDD23D276488240A7833F9438766CC9D6BEE9E613AAED8BC6B182A79219DA4646BA775F77
          Malicious:false
          Reputation:unknown
          Preview:QMJJV.7$.....kw.k{M5....)_...LG.z..@+..^..M..<...+..P.g...'.....]y..._........DrB7..A....a1....g.p..Y.:.G'.#...fF@.a.y..#E....(.K..(..h.....~............}..Bd .0(w8...Ti....]....vI..g....9.....`k&r.Q......YF...|L...y..%.OS.D.2....1./..h..4.dR...|..R..F..V^.T.J\M....ZG......y .M..^|.J}......z.0..`..drJih..l.Ut.g...WI.......F.w.....>.}!.H7/F".|w.. ...L.'..u}.XEr&]|.6tR..G.%.^....r2..@....$....'..`T.Z.#.W...w.[....[....`'nz....).Z.,..R.)..L.).O./.......O.Qp..-.L.\4..8....|.~G..rJn...}.l..v].8..*.A..+r.Ij..\...A..M...I...x',F.....d..hSN.,n....B......{..L".4x.,..?...5.....y.{..pCE...E.B.......) #.i...3.#=..Uh..f..+.5.C....w...,..G.5HM...F"!.c.R...C.a.....S..%...n7......o.m.' .[g.pZ.()P...n...iQ.:..L..).I......`_. ...z.....z. ..c......pI..._..j..O.o..hT..w.>.)Zw.Y.z..^..{Id.u.\...27....<eX.s..s.KK...3.rB..B.}....@]..#6o`...#h.7MP.!.D.._...,9y.....M.i..O=..L.2..........D.....:/p.......~., .4d.Aq.9|.)r..Iu....r.t{y!m..kh.bP.>5/B...~..C.{IA.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\QNCYCDFIJJ.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.846481486650147
          Encrypted:false
          SSDEEP:
          MD5:FCB52C6D3E0B8D6DE8E98D0062D7C7CB
          SHA1:E79AC5A84357E5A8B2B24BEA908F7ACD3FA627FD
          SHA-256:CE70810D0AEB533BC4E58135CA12948BE188429954035F60BE63758DF74E3A72
          SHA-512:EB871BCE4DBDAB8F8E3693071EFDEA5A64FD103600836CBBA0706431F9FB4A4B3293F7D9E4F730DD73448CC3F0BC66F2BD4FEBD1F23AE000D6ABE8EEC53AD0EA
          Malicious:false
          Reputation:unknown
          Preview:QNCYCE.GBw..C.p....@`.. ....JB.>.'........."f.{.. k.,..bX.....U........;..G..}....d}.....Q.jj.k..7M88..2=e.^;V....1....9..q.....#..;.........x..#@..._....(.+M{.K..."W.i.'..p..?.8.~.........._..V..e.;.o.w. .-.2.ew/K......*.L.o:Z.F.....K.....h.Q.&..C.....6....o-..Z.@s .........G.'.\.<.+u..f...I.w...:>(.R.,.^q.i`$....^.{.U.u....[/...4..}.<..\..L......}s..=t....# s....6q...U1P..ev.X.W...e<.]f."....._t}..Z.-...#B_...C...^..........Z...:b0......y:d2..BM...!.wh4.....Z..}..5..|eVo....U..sXmt..5...Z..Qr.:3UM..I.,S......."...<.6..aU.....v.j.J......@S.C..m..c.Qy|...|...Pa.X.{B../..,...ZR..e)...'E....Y.bf.49_P?........3)z.;..<..A;........8m:...j..M,.j.t...v...t..FQ....Co.6.Ap.k....(...........d.su...U+.1....lJ.....9.....[.....1t........'..(,..)....7...F.?C..Uo.7.C>K.......@..v.A.?.4%q.k.s..s.U...sZ...U...dl......N....~..PN...2..\u.....`|..\.Gz.-..E..H.....!u.N....s.d...>.1.H..[....,3.$}[#&:..s..@.....%O..4....T,a.[.....q]4..{...e..t$w...... =.%C

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SFPUSAFIOL.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8381375215855495
          Encrypted:false
          SSDEEP:
          MD5:D92B3D4D166D349237966E8726F4B905
          SHA1:E203CBB3222D75AA30945145768F67B41BC437F8
          SHA-256:CB44BBB87682A2FCA6911A8D7A547E1630A4D160F2DC45A81DFC1934848C6B3D
          SHA-512:9DF87AA81766E039FF1B7AB9511FBD9ACBA5C58F5D5F497DE74C17D62832FD2F1E9C32FC1CCC85E092668DC8F321BF12CBDFACAC0A136CDBFF0A76F50C595E28
          Malicious:false
          Reputation:unknown
          Preview:SFPUSX......K.....(.~77-.f.U$s.w..X}`...3v....s.../..\_(.D.....O...V?.3U..$+.J...p.s..S......Nc......./.vu....@,V..gJ.P...!A.\.f.<.n.7N70..Oly"..z....p3>...J.b.~.+2[.. ..;.Nw...$.)p.3.~..f.....bM...-.S.\....sm.Ck......<2..^......X..;U.6F... {.9u..L.gdz.-.".....J.v#.d.^..5..cZv.hd.].5.'.b.po...-]tB.4D...C.2Fu.l.w7...*Y..6...6...Z..n,bm/.....(..."4..5.{..C...3..A. q..9.....;-l....1{=).....WN..'.N.ihb".B.v..\......-Ky..6...y....bK....&......9..r!.$.,..d@..J.'...;....Z..+..E$P.?...).._.......&..U..{q...'..l.!K....'S"i...0...Uxr...Z...Y;'...P..NGY..:<.^.........t.o9.my.wh.di.."..nu$..%....Y.95...5....\}....{J.6aHn.aN.Ru.g.l......T:..........a..3}b.RCM .ys.!:LQ...'.R....7.o...[...?..../.t.'/+.&$...7..T.m.7e1}f......QU/........0.P.Z!.k..fk..f.......Y...m......t..........,f-$...u.VX.4...?..8..4&..PV|.O%......S........W.d.'...G..L.-:.B...Q,.@9..f.P`..U...-...k.O~R..u....,.o...=.&&.....pZ;(.T.[......hB.;.7p.%V...{,J?..x.....Bh..C.>....H'*....

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SFPUSAFIOL.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8337612968568315
          Encrypted:false
          SSDEEP:
          MD5:0CFFBD48A6344905E50462E3B0C4880F
          SHA1:EB265296922126550B78AF5A36EDC3C0C64A80F2
          SHA-256:396F2334D85E488B5CBEAB344833ED7BE6240FFD1B6C99DBC52E109675B1BF18
          SHA-512:140265CF16931CB54B9E9A1A7571CE3D828B2E3063DBF202FE3172189E29270467B07B938FCAD640BAF309B64B5C7C9299E83CA7E942AC97D83B9BE69A478989
          Malicious:false
          Reputation:unknown
          Preview:SFPUS..0.NR.U.."........ n..M....>2....N.....Sy.;.:aL.)m`O...]v2.....{.)....<......g....j.e.{.)n.h.ct?.v.....'.e5xh[...#I......SjB..5.ES...N.....2.....\]..7..(.2>}.(...2m......h.S...]N,...O.R.QG.H......<.....y..a...&,.jb.Q..y.i.fRK...C..z...~.b7.c.i.T'H}.X.9.t..<..v.u.U.p..f..O>.,N.J...,.bZh.Z...dv...X.4..R........ >+:S[}M&.$....|.E.4.\..i.2....2.y..A.IV.....K..T..I.<.=.y..`.....f..h.........&..j0m,.}.(.%ct.$#.JB........7.t.j." c..+...I....0.....\.I..vs}..]......j4.W2..x.....[ss.B..2.5..Y6.~.>..AJ....x.>..O......p3.........!|}].OF...R.U..9.. ...I._.....!......$_....f,Z`b...a.E'......H.).....}..P...s1........x.`.........9..`...`|......F..V.R$.Go=..|..<..R^.z...~..Y..y.d../.z.....o....._m...=nc*....A.I....t...5....c3..(*........&.|.e.s.,,.U..0..K.g ...#..H...H.%z|[...F.1.9...x~J....y............W.A..S.O.|9W.......^.Vk..b2u..[H0..`...Rx.gv(...+0.....".( |..s......'....uL.......a..I.O.<,.|.+..Z...t..`.0.....~IOZ..ur..5.`....

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\SQRKHNBNYN.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.864260574767129
          Encrypted:false
          SSDEEP:
          MD5:79416E6283F9CAA991C44D3C14018E1F
          SHA1:0D5BEF35172909713BE3E3117795676B57890F40
          SHA-256:FD58413D7DFA9C0886C43CDA730A94C80D4AF673B50C570E607692B6760CF849
          SHA-512:341C72FCE6BD8F371212A94BDE881F01735158E30FE0B022E5694F067C0D75187368862BE5DB7EE292A1A117486F1224F87F906EEF6EBF46DC657CAF5EF67239
          Malicious:false
          Reputation:unknown
          Preview:SQRKH..I..@.w>......{ ..@~.{.5?B/.}....6".U..`.~fnb.A.0s..X..R..[.i5......d.;H'\.....~....T...(.]M.@.[l......E.Kl;FR..V.xE.._..1.....~..I.......<.._.I..o..o..#......$1.......CR3BCk....b^..........s.C.R..<.dra....-..cwC..~......j...-.....GP.e..88..{... .O..*@........h...l.Z9.Q..GM.......|.3.d*.}......n)...5h...4...}..sP!.......}..b....DZa...... .....*.L.YY...d........,s.?.8.;%....$.K}_......p....c..ve..%.<3).W..?..../.f.gA..p}.....u..?.;.d....{V.U0..F....w..{.a]..o.\....JF..5..A.[.G#a(+Z{u.&.7..k.,..Q.P9,..l.3<..L..b..Tk*..7.;....Y.j..J....=G>D.S4X.P.I.(&.?.i..k.....g..z..z$..\..jE..".../...>.....S...1.}..S~...j..>Z]........J.5.BEyW.F..~C..Ex..........9._SQ..ut;...B...|.. ...b\.Bg../..U..."...sU..(.N.N.!B9...0Jw..x.:...54.....(.t..H.}..S.J.....^.j'8.O}j.*.>.1..(..=P..~[.qN..B$X~.6.6f..&6>.,...T.N...}.#!.."i..$JK. u(...~I...0.?Y.3*.........||.T.v'.8.c...a..kz.)..I.J..U..5.6...3oN..c*.H.H.S.....w....=2Y...f...\f..P..^f.|...V1^.|.~........._8...

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UCKFKZQOSO.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.854139855338259
          Encrypted:false
          SSDEEP:
          MD5:D62362ACD88148616683648843A08D42
          SHA1:BE04469593180B66E1754FBD7EA83A0B8AD29799
          SHA-256:381688D221B36948B73AC71F9DCA3FDF85E97AC1B6B55421EB1F8149CF4CE08D
          SHA-512:44492136E0DAC0A1C5F1847103A04216474362EB706B437ED5B23A04A205B71BD8BB7D8C034EB76F9B9FCCCE1D56612E7208014442B40C9E76873D3B408795C8
          Malicious:false
          Reputation:unknown
          Preview:UCKFK.u.R....sQ....x.....j......B...U2.Un!.<.$v.%..s...XSR....v....).D....{...m..oOL.....h..P.o..p=P..V.T...<7..54.p...^.or..A.....*.#..........P..R..z.r.......=...3@..j...r(...J.`y..........t\....g|6....._...|..8.S.[.1Q....j...s..#.............S..rM.(.]t..p".7'.r...[.k...L9.;..]..y(M...P..(.]..iq...Yc......]4..M...>.C.y....38J.2Q.<.KA..0~.P:.]..(...S,y......(..}........mgn.83.b.d|.i_].5r1G.... ...U...../...+.?J..ETC."|.s..p.).`.'.....U...).}...x+n..S..=.{......S{....?. G.4.S...c.....yw4.$..e.......8m.....B.$n.._......@./iNn.a9.Q....'Q.N.cn...c.j...}.Vi.....m.m.%PM...p..8I...SZ......_.7j.".mW..).s.s. .7......*]..U..M._F.o...@.a=0.o.#.....PX....!cq)..i...y.'..... &.L.$.n?$..<..0o.... ;z).t.w.Dl.-...d..b.%....t..k>....Y...M..gf.|.O...o.LOaP.U...4...~..r..s0....*.n.h.5.W....\0.4......U.U...S~.r.....]~L{q..[H.."....D..>b+{b.,h+Z....`o.t2..jf....j.>?..`T..P..bvNC...r.....W[....t..hj.Jr..\#B...T....K..._..h.....#.^.....I.|.....<..RX.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UOOJJOZIRH.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.84689181325237
          Encrypted:false
          SSDEEP:
          MD5:26E240B119EC9335A3A89A2B3CE533C2
          SHA1:84EB19E3B9B7DDFD449F8165B6EC83E593AF2EA2
          SHA-256:55EFBED9E2CF225E06D363634BF8A367058078596A88F89DCF2912E044D1710B
          SHA-512:1BB9A9D0A9C2AE047E7790E5F2CE8292B93803BDBCBFD6C1DE1AF4F4456126E9E404845DD2C1F93DC311EFB1F107FDB0C23E82FB28B525B7769F3038FF47A96A
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ..%.Da.a..Amh.K..e.3......W.w...q...9......Dd..d....<...A...`...... [|.%..=.0z.Q..!...Z}..X.Fb.f.j.W.B......iE.H.....+w....+._.#K..(O.F5H9..5...+M..3<.K.]w.....^.U.6.ZJs.......5.nA.....*.z......i.8.a2..D.}.~.x<...3......u..3.&wsoP.R...n..5-.bn......=.^.1Y.oJ.x..<x<.H{.u..D..E.[.2.(....'.k.....].Q.n.C..7...#.gs.23..I...A.....A.....\....l....jv#.?....8mE..K;.yE.....EI..MS..OZ8>k.TD.D......8H........H.fcF..........~..".........]B. .....!.A.....xIv.n..'.|.q...+\:#.T....C...,..n.......{.z.....+...*F..A1........N...}Uw..A.(..C!..n.cr....kv>...<V....6...6.l|...U......'..ul,.6.bzv.....2.....*.......&R.....-....K...y|.3.85b..w.....*..%8(...v}6`.._..h.4%r.:N....:..1.."..3..F....i[.T_...$`...x0..u_..=...qa..0..S._.$.?I.....>...;..m.~L..{.......Q..N<..b.yjX.{.N....,.....%....a.#.5].%..Pw...OK.X..X?.Co.6].P....1lwy`o.4./-jL.....C.H/..^......> .y..:..u?X....P...b.Hj.....!..!#b.....W4.^N.|..L........M.[..B.H....&l!..?.F...{.(MW{...<2..q...Y.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\UOOJJOZIRH.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.857024272606863
          Encrypted:false
          SSDEEP:
          MD5:48E8376F93FA4B06D94A70AE87FBB1D9
          SHA1:6E38FE3693B8189B67288CF93094A190A7C91825
          SHA-256:E38012A1915591ADB12EFB4E5B12EB14CE7C86DDCBEBBEAEF265C9E208C2B25E
          SHA-512:F63EB086C0A4D75DEEAFC33CE2C89B6DC01CF60DC34E8EBA1BCA3E0D155FAE8C440B5D626A26EA88FBCAB1EC4E6C9145F5FBEAD820097C6A6B13BB8A332BF701
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ..5s_s.Z.Sb...xs36.v......H#uT.J..........#M....._X.'/.4.......PA'N%.@X...:....$.z.$..8."C>..,.....<9F...1n.2...T9+..}fz^.o=..G.Z...K..z.t.2.....Q....t.....%.?..l.*X..D.W9|k..f..Y=.5"@..b......8.Y<Z.."..e.Z"Y.B.8.!H>=..Jg|...l`.u(.?.\q.-O..f/.z....}..}.WNG@.j..5.v..v.3.2.2]?F.?.X..H1.Yp@...)...A.FVQ.e)..%...n....%..N%...h...--..G.GA.........y.'0.P...E.......Y.....|....y. ...#...V.`.L7..}...2x...........|..-.nx0G..q.....5..p.l3..P..l....'.py...GZ...v..L\.B...o-.....@..~......WO.(..OL....]].i.Oq/..N.....@F.Cj.Z..-. +5........E...&.'...v.7.SIa...s5ca.m..T...f.A).....#.L.4c...... ,1.l...)8U.w........:e....-.G..]-S..-N.}........s.k...1J...C..b=b.....K.>21....3#.y,.D...)..1.y..-....x...G....*..wC..7.l1.x...nI.K8..............t7.XE.G.bd-.cP.6........N....0.T..x.k./.g9..0.....'.....]q1Z?g.....l&.wX.Q./.Sw.h.d.~....l.e...VM@.}...&U.Q.....h.........Up..^..~....$i ..>..y.w...$jSx.~Q.~........t%....&^..%.......HJ.z..N....D..w.m0p]...D?5..

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\YYTXSGEDYK.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.84425436610714
          Encrypted:false
          SSDEEP:
          MD5:926849324099FB25BEEA8B39A0D37CD8
          SHA1:B7A202B602F3126651D76292BBB289E4561C67B6
          SHA-256:D0589C16AB29A60A71E5279D810F2732D89B592C923D3DB903BE32943CF47D16
          SHA-512:58C0F29A806D3C9C01AE86BDE9FFEF5400C0B491FBA3528D9B94953F1A874EDD670CD2EAC91A90C0C43EBF676DC16A3B1B6594A0C432DB304AE5AE9A7984AEA0
          Malicious:false
          Reputation:unknown
          Preview:YYTXS;J.Dp.Y8.z.'..~...[.a.........~k..........G.."W..IWe.Z.......E5.[..8....m!X.YKT..8_...:..$V:...7..G..c.w$.....+5..gw.s2.....+W..7..............(5......>..=;..d..=.......w..~a.`..f0...{..G.}.Um...h......u}<.,t.6ZQ.l=g>A......G.{..A..n.....jF........(oW.\N.....0h., ......NM..E./.w<..~...-.7I....d.#....n&..%.....e|..f.....1U.t/.[_...;.*`..U.j}(K.S..D .$..;E...7.=D+[....P.2...Tc..M#,x..+..{w2..k....B..T8.9`..@.}+.N...ol.8.)({....2g.|.}..yL.|....u'.....N.....<!...F ..n..p..=.;....^/..^.nW:..1..?.E.qgXJ...../..>#..s.D...aJ5.2.K.].g`....Y.Z........4...*z#.......-..j.@..X|/.$...o...../z.{...1.,..>....E<.......ia7N.[.vw..'!.e..+...Y..P..D..!.".....^..p..P}....{...j-5..{..[...J5a.n.5"!.tH....+y.+....2..........9.>.I...;"......a.,...A<.Pmt].0.....?....=\9..N..h,?.K.n.....R..H.5.p.../...C......8......F).A.S&!.}...H.|.H.5p.V..R.Vt..k.0D.>...8 5...*.T.|..*..%zg..-..j.7.zKPg-8..d.`..'..K......m2.n...U..J){-AR..X.....3b#.......6^....Mk.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\YYTXSGEDYK.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.857885411896788
          Encrypted:false
          SSDEEP:
          MD5:88BE7185535C8698797468BBD52ECEB8
          SHA1:680612FB23AEE653C43FCAAEFC65D8A14EABF460
          SHA-256:B34B4FD5002902E4F4A53582596EDF856082377F6686846D31A68A444D74CFBF
          SHA-512:3261D7516C2E7A4023362CBE9F2245992A3703CC159C67FDFF9D93894F7E4FE229A0360944FF8F283215FE8BC093AD66915CD5E21B28CD2EE8F1EFA237B131C2
          Malicious:false
          Reputation:unknown
          Preview:YYTXS.BB....v.?.]..K...b......|./...>.q..(..P.....DkO...q.C....G.j.T.".C.t(.Z.....Z...&....P............c..[X..BhTG.A.C.$..3..'Z.}..)$vG/ov..@P..!Mg...w.j............~....\G ......5.....I+./M{..2w.....0.m...lb!..C..1Z.h.6.N....%.5#._y..._.l.H..k5..._'.4!..p..I''......n.c..(.8.w.j..Q.U.W....D.{..M..+").D..u..L...8....7&.W....R1.Hx....7Lf"[c..l4D.!Ad.c\..DR........{..;A..0.`.k...5.%i.;F.....*9M.....D.k....].<J|26.X.m...V......r..\.^t"b#......;.m.fk.@m0'...;."a...$.......8U.....\c..Gz..c....E..?....D0C".......E.V.-P|:..U...l#.R9...kA.&..G....[n...u3;.|.rM.\...</6#G..K[b..I..K....~...9......Z.....d........^.t.5U._.y.U..4..\.<Ou....yO..7.K.DD.....q.f.t..s.Z}..k....B.d.}...V.f.xy+ZO....}....[.d.%.^..z..8..W.......At..+.$..a...=.../.t...y.=.i.r.a.hE=..d..l..(.e...%..|........Wb`O.v...2V..c.L.w........7F.j..Lx.&aO.h.......M.~.c.{z..M..08.x......2.F.....%F.TY...R..Ry....oQ5QE.....b#.....l...V..g...1(.3...H....#ht.......w*S...9J...l.s@@....5.I

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\ZQIXMVQGAH.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.843498236047406
          Encrypted:false
          SSDEEP:
          MD5:5851F4138A5AF17DD2415139C527E85F
          SHA1:D1134302F221FFCDD452B9E958E6E568A15B7C4F
          SHA-256:4A099994CB6C73D888A954B49D754F4BEBA9AFF67B6B564A975CCA6115D68E1A
          SHA-512:2D43E03F4AB584D3483FE6EB89A532910B02F2A9AAEF4FA3776F56BB50D5C87BD46F2AE2271C0150CCDBF791E28D570486A28007830758443F67530E1BCBF4A9
          Malicious:false
          Reputation:unknown
          Preview:ZQIXM....I`.. .h...0..Y.....J:....)....*<E>.;f.[ya}.........!..Kf..Z:.9,.9r..V.v..._........[.aL.7$s..Q.9..o...G.F....=.\.%k*.....1.p&...4{..8g.)_..w......:un\.......u.."...LD.5T.`.QWL.f]~....t.j..\.e........;....IDJ1R}..W...0.1.v.uu..V`;..S"..N.z...R..._...0K.....6%B.m..~.,...y.:...~$0.,.v.....f.n..r.. ......z3..........#...n...b.S..$u._../Z..2..J...}.#."H.>~L...E.=..R.d..(:.......-..x.5.)'5.._...b;..J..5..Bri.2h..3U)...|.F.........W.~.6X..../...,...m...Y:+\.l#....3.9...D.BU..zQm...;.6+.V7".MX.4n-_....2a*.....P5.N..F..`YGv......Z<+.....5....Ep..........D...N".7.T..x.l+......)F....*...}H...-.K...h!........7..9|V..=..E.$..[MCGCO...c@.6.ww."l....*..J.rc..*Go*...U.B:...~@.>.hX3.J..J.B...N.]...9..=c.f.......9.0.......K..\....w.b...T...n....zI....[.B........39..j....<...N..)..qF.x......%.....cR.k.+ [..ra].v..\ ...Wj...2..a..e..(0...6L...G.,F@...2..qj;......sb4.omB..R....D....g@H..v......G)b....e._..Z..m.z..P6]Ad$.I. ....:..%..8-.F0gw.p.

          C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1383
          Entropy (8bit):7.854060660121282
          Encrypted:false
          SSDEEP:
          MD5:11A0CE7034AF5A302697304324665803
          SHA1:2130DC2B69A82D6BFA9253D52BC1B708415A9891
          SHA-256:750A023B7F30A5B837F058C3002EDDEA3AC669728D2705A39D8206122D460EC0
          SHA-512:A5DC486E1EC75D755804AC0CDFA818ACA9ED690D572639F52A5403B69916AF0657E387C31EDECC29ADC6E4C96E68713FDDDDB2CC2907309D3418181DE3CFA5EA
          Malicious:false
          Reputation:unknown
          Preview:L....Ds..=..v.W.p*u.q.7c..n.r:....9&.....b.A.TSn...C.l...7....C.P!.).T.u...1...^._.<...."x........hp"~.2..r.s.....d......1.&.a.5.z.?N.....E..`.<b...R......k.Z.$..MC+..W...x?P={....Y..F0 .f..^{.Uh.l.. ...2....]...V.,...H... e.r.[...=..Bcqt....|...z..'.G.8._5..H...".T.7.B.m#..l{.7,...X.eh.)........zo...w.....f...kc...z......-?.GmA..q.&k...NrFu.........ajy....w.ZY.N.!.^...{...~.\]\..'..O.?l.0....f..*..P.L...cz..#..~!..;;V..d.~P.Y......i.2.W...&hi...-{B....p>K......@..o.!..*..j..di8....b.jny..%k...aDXp.Y....n.Qo.-.C*U.M...-.....I8..zu..w...j...J...i.........S).D<.F..F...*....#....O.(....6....$.C..7i.4..Q...".xy.;Z_.....3......D.!.;q.L!...`.|........I......._<..r..T[.................r%{t.@.>..T".......1..'..<.1.z5.,Y..y.......xm.?...7T.n...d4.'.z..r...LJ....6....,NH.....JO.o.@(3.y.E...K.:.."3.N8.S......:...p...#(dvQ.0.'....r9G.*.l..b.~...d.5....V...e.R.g..'... ..H.......^.{.........3X.......UT...V..k.Hs..,..a..$...v.... {..7..[}...c...8..4

          C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):341
          Entropy (8bit):7.248446809133152
          Encrypted:false
          SSDEEP:
          MD5:43AAB24ED1BCDA7FD9FCAC870BD9EE2E
          SHA1:40F6159A95903EACEEE71AD29AB4E9A991CEF20F
          SHA-256:92304DDA043A2F32C9C31D977445565F1F9D1E81CF1A8B5C06C3EB3D45C89A54
          SHA-512:8011FED54F26283F5220DCEDBCD1B06B13DF4CFB632E5153521BDB5ED3C3E8BB4E06B74AF0C866891B5F8A693FCC5B202BD495EF16582D721F70F295CDD47451
          Malicious:false
          Reputation:unknown
          Preview:deskt..Q.I..}$...e..9~...j..]..(...X.U".x.X.`I.|z.~.....>.r.A.$U.0VAo|.m......<..D`ZE.8!-.B..'..@.P\......Y.f..<..x..../...<....8W)7..a..t.bb{1c..5KF.$.^7.q.&...Y..O..(..r.d....j4{..k....7.Ybw..K.z..=l.@n8B..p../q f.`r}.Nn.C....~e...aa..=e...}z.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:JPEG image data
          Category:dropped
          Size (bytes):21441
          Entropy (8bit):7.990619414429276
          Encrypted:true
          SSDEEP:
          MD5:8199198367BFB8013E9CAA0F7C33FBE5
          SHA1:A6EA93F27A47A24D31E44A7EE26A62781A827DBB
          SHA-256:21112A37F67CABB394054DD5BF1BD633722762606EF6B9922225AED3B3834E30
          SHA-512:342E01E97819174A24CE28D3A262652F19874604C11A000C4E7BC2B2901BEF90CDE272649F4400B02F7671E6AD4CE913AAF3CD94839708B290672808F703CDB2
          Malicious:true
          Reputation:unknown
          Preview:......&....]Q0...n<I.J\I.n;f..;...U5..4......[+4F<o=.s...v....,..l.w.o.XC.\.......;.l.^G#._6d.r.F.., Uy..^...u../'....p...4X..z}iQ}....P.-. .3.*.\0.....1&.2xX..\b......<...L..8..p...u.8..fY.....\..m*eu.x.3....&G.....F.R9..=...G'.....;.4elV9.......{.-Um... .=.J......U...xF.G..H...............P...)#....{.N.v..B..7..M.}5e0eV....S.I.e.v..6WK....x.-.....V..%@..A.UY..]..N..9.p..@J..&.z\..._\..:fyt:....=....:...C=.^{..kA.3Z8.*o\....sj~.......(.PuS.....~#....e....90*..C.N...|.E..PF..P.2.4A....`..~.>.R|.t.....n...v.;.B.7c.Mb..j#.!...`..C....~.{K.s}u%.(...$.>.._ZdS.#R>o{o...2..M.~..T..rS./..-.. l...Y.0VSXD..$...m6....Wo)S-....z!.O..."Fd..,>...=.t...K...&..R..N.@. e{I.C./.h..6..e....!@....'r.}..k|...06X2<...9.o........;.........A..k...F.~.&...}ij....)j.h..T....+/.(..j.]....Q"..b.~.....sqY.Ns.. .1..ep...y../.0.^...~}.d.*...H.2..>"..H..[...\..q*.&6.:q..=......5.K...eu...c...})..s.....w9eH.. ...Q* ...r....Nd..gu. .3..@..A..9.Z..0....<..M..PW~4.._.

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\AlternateServices.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):488
          Entropy (8bit):7.516216329721869
          Encrypted:false
          SSDEEP:
          MD5:02496972096EA7348A1E2954EF4D5961
          SHA1:CD205CF6E6777DBAD8C1B0C3CCFA8E47EFAB6DEA
          SHA-256:B82FC1569E4C28B009FE17622934AF299FDA3E35BDEA6C5EE3D969741102EF54
          SHA-512:7A8D4E1271D08E9950F801819F52D83C29EEA0436FFE7A93929B7C39871FCA7DBEA08D4AD03C3220A498ED4DCD6A3E9858303C3DCA8F11715C4827F4C269CBFB
          Malicious:false
          Reputation:unknown
          Preview:https....1..E..._Y....../.A..N.}..%......)..}6^.{.dj.....+.4.J.\C..u'...6..q.E..}..M,...o)...K..]...2..h.`..R.:.......!..ss.T.89w...,.-R$?.R..........,sy"#....b.b..e.M.<..0..-..n.O<"A..+....v..D...OJt/.ed.=..E.Pa$DL...R.R.&H.JE...|vJ..+:.m............*:..._.,.......l...KN\.......X...S.Tp.N.3V.~..l....$..s.....X.ul'...4,...V........x|.x....K........at..n9.F..38.,..&/.D..BXE(@.Sr.o....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\ExperimentStoreData.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4444
          Entropy (8bit):7.958728546460362
          Encrypted:false
          SSDEEP:
          MD5:40D21E2FC63ABB2B2ECD631BF230C8BA
          SHA1:80020419A305F02436B3F1339FF566513BD79E7C
          SHA-256:6E096B541B9109172C57BE74657131D9C19E5EDC426043B607860BEEB3FDEEC7
          SHA-512:5E8FDEFC448C59B602252F9ADE23BADB730F396840F683A2B2CACE348FEA845915A4651987FD17832DF020903817B80B501EC1215CCBCBA5724D2BB0AAF2D855
          Malicious:false
          Reputation:unknown
          Preview:{"csv.....h....`@..a........d...u...br.GD\...(?.L%.....e.?5.).0....r.#....P{.8..._ryW......3X.x...~2..0%.@#5L......_.../.7......]...X*F...:...W...uVx...t;...W.a....bp..y....F+.............4kA..............)Z`#K.........3....*..gT..{^..|Z.Fj..H8...O..E0...y....$...`.n.<..cQ>..qWC.Z.@O#.3#,.$..4.f^.s..7...K..lC../...Z......o~....-..M...I5I............H.)..~L..0..5....q....m......$.1...4Jo...F...W8|.).!....`F.....hqf.$!...B-.....3..$..J.....F.xOyv.L)w+.e...+..d|'..t..@..B.e..(.......9v..n.M......u6l|-.?p.B.jB...?.....T.r...H....2.......k.k..<ep.l....".mN.......+.O.ny.......0.8M.}..!.....r.n..#.CIS..S.o..j..9.B~...o..U........f.."........*....jeb.P\?..(..,Z...v...V'.3..V.....9aRr._n..K....a..d..x.....7.a...6'........Y. .Q9.\.E.z&.....jJ.>e.-...l.7.WBm.z..]eE,8<2=..>...J......Z....I....q.m.1x..@..bTr.6e..:....l....t.~J8...i.4.#.}A\J...E.u..s....q......rF...<l6......nspD.F..s..6JV.u.j..../...(6..P..K...I......P.?vWz.T".~.._!.D.......).....T.<......o

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\SiteSecurityServiceState.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):865
          Entropy (8bit):7.779159846233838
          Encrypted:false
          SSDEEP:
          MD5:01EF81C7BA6B3A8B93ADA9A4BB8460A7
          SHA1:FAF337A739DC759FA9126FA9F99792239A15D639
          SHA-256:86DDDC5FB0197F4C980C62DBF16CF47CFFBB21B63E7F906F4A5493F253EFDAAB
          SHA-512:9C0328595BC0F9DD30ECDDE54F66E06D125FD8D6197B7F9C037E65E920FC55F98E33A7E1D54FCF20214B99D2C7900A28475EDC3FDF13216982165219EF01AD8F
          Malicious:false
          Reputation:unknown
          Preview:aus5.8..(..D.\mI...F..D....o._.[p...Y...Z......Y.......W.v^..9.+.;Q..J.3.yX...P..d1.N[j.'.B.EEt8.......MB...A..o..!Ub..R.<.."V...e.+..s...b#..?..".*......O...*.~..k.y.>...."o.8...+..~....._....5...=j.d...p8PK.|...O..b..M..........GCQq1..&L.....3t.Mr:Z.........&.....E....~..!.....Y. =...G.....0.MC..D...5.9.Ucq3V....H....S.....J....e1........,.uh.^m?.BL.*.R.}.j6...qi......y..9.f...TJ......e.P...X^@...z..~.......Sg~.;$.K.L....{....9[.R.cY...w?......yI^...s.43...=....+.............BF..F....?+Mw...pZ.9O...._(....@Ep.i.5Zf.C...O....$Z.&..^c.pg#.daft.k..9.G....!.>.$..=....f......^.....h...O.P=r.G".y..`.. .......l,W.yn.0.hH`F.77$.X..u..$..2N?T.B...|o.p.R:........2......G..uZ. .2W..."..mUA~...t...(.) 9I...<c...e.C..>...2.m~.X.X...e.=e..Qf9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\addonStartup.json.lz4

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):5621
          Entropy (8bit):7.962885318365355
          Encrypted:false
          SSDEEP:
          MD5:AA3326BE20F1D740C6C1DA77E61381EB
          SHA1:DBF71C280DA07DD84F1840439C4420E5DD8A20FB
          SHA-256:8AE31791B2474692B31193EF12769E2FB57EB3244C454FC65CACFE3DD2C54F9E
          SHA-512:BF5F499D344D596C5B16C5B65ECC52426E2F5A9E51B4DC8B3425C566632382189B02090AA56FDB921C601E4D4810833CEE8E93A435A7FBB2D289157FBAAE5F93
          Malicious:false
          Reputation:unknown
          Preview:mozLz.3Hx..}+.7J..B.fP8N"..>.......*..F.B.^1i.'....d.M.1:.m9..y..v....K`.F..u)...EAH@.+-....Z..Z..o.kH..in.....|)....#....:....#..I....W...@..p....S..(.-....4>KG.].:+q+......c..02^ml.....A.8>;.....u=?....Zk..fI....*.Y!I).....R.4^.\..=...Az.....%...7....@....Wt..6v..faa-..eT../..t=.!`.e}v...e...%<.F......v3.sp./[.K....f.Zd:....$8Ku..(vF....o..........O:>~..mj.6u..(....r.....J%0......@..|....|.U...u.G.L..,K.B...|.....2..<C..|."8....<O..sZ..c8......M.[@..?..:....l..4.:I.(d#.f2...3..G.m..[.J].[....>....e79....c....B.<m.)>o..:..9.t..\%<..:v.=-v`1.d.......r.aM.....M...I.K!eC.h*..99..u0.[oxM.?...;....e...[l).=..!..i..@..]......B./B`I.|.2..(.r..}<zdO:]..E.t.........K>.).....NSevrL.H....?.....iS.z...*.>...j.f..w..mX.SC..s.}.%......W;.9.M.....G.w....U.7.K........... O.......k.z..._FOEv..k((.....x.u...|.g.Z.u....k..."....?x..e.#...0..5....$p..=...R..=....f...P...../)..p..{~-.D....X(........q._......d..T.<[...?.w.s..s"...R..i..x.*h?.zL

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\addons.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):358
          Entropy (8bit):7.3885882116135235
          Encrypted:false
          SSDEEP:
          MD5:9E74EFC84476CBAA09EFFB3F8D193286
          SHA1:A4CB05AAB87ACD38AB240FBAB4E48016C0B5E9BF
          SHA-256:B7C606DF0DD10F5F534E5E8502C6CD50CC811B5E172D47633828585E0D3E3905
          SHA-512:9947A34CDB76325A79D90C8276E496EFA6116280624A562B68B1DE3D293C68D4754A2D22DEB4FD43D42CBBF34F91CB414B57990389CA41CF12E3E6D213EAF6AD
          Malicious:false
          Reputation:unknown
          Preview:{"sch...t_.l.]wy=@I@4..`.4 1..z..F..@...Q...3.h...{..Z....H.H...r.............;s]....u.8.J..9s.+t.n...K.(.kK...@*Rm.#.;Ct....3..^;..k{..;...`..Ld.M....n...S..o...mo..Ys.4......-.....l.I.'p..<.3......[..NW'.C.?......>?.....B0a.s...gk[+}.0N..ui..-.T.y..<:.n..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cert9.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):229710
          Entropy (8bit):6.276519773277035
          Encrypted:false
          SSDEEP:
          MD5:6C76D872A304385C31522809332C5E1E
          SHA1:A581789F37ED5E69BAA2AF0F52A007F440770F78
          SHA-256:1EEB9B207942C20394C096092D3D77E85B47F187BA8735A197AEA6D01828BF2E
          SHA-512:F271999FB32AC89E15E49E89F30C819789403747E43F7CE8203588FDB5204F42FF440A3024D5D209E990F69DDD21921F094C855F8321806EC09C6B7D53214BD8
          Malicious:false
          Reputation:unknown
          Preview:SQLit.e.Y.U.l.Xr.;....q%..[.....6....r....yP.0..#....}....A.n...g..M.@.2.......\L....y..<M...... ..@_J`..y..|..c......' .8...G.9s}.....3Vy...wK(..(g4.J..}8+..`.;2^t.. .......a.X.>....B^.S..v...:...?...A..w&..3.dl...uM^....Z.m.^...@..-F#~b....]\..z.[!.r....d...*hP.a...wG.!.]t..H`..=J...i..Pxx&3...?........q.%.9.kb9..'f..;.<.'^.v].Z.t.....m.?..}q..VS.!4.4.]nS.....i*...A.w....ZW..j_Y...|......+....=..... ...8.%....p...3..v).@hO...T..Kixa.W....a.R....Z..:..Y...bT....-..&..,......?.L{ M.2.6...m...*M..dW.+.....Vq:Ha..G......._.....0.ZM.G2.nG...CU....R...sM...s.f.i...O.....0......P....H..$.. ....w[u...eV.8x..p..X...<RP...=y$-......`....x`..*(l<..%C....[x...=)..K....6?..;.+..a.#.c...`..a......m..|.X ...l..t`.!...m...{Z.."-H6...9`-Py.ZHp(.#.i.y4.E.../z.....{m..d......3..g.)*Z.;|.Z..Q...0.NU.=..7....N....k.bD.......}....e.......mF. ..F..2..G.."..;.6..V...T..p..+$.m.....I..PT}.|O..f....|..Q.....w;=.unL".\.q...HPx.{5e[..mn.O.........<Ug..;.F

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\containers.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1209
          Entropy (8bit):7.79979611834789
          Encrypted:false
          SSDEEP:
          MD5:0BFB86C4C93CFE21C3E48D939C5E6B6E
          SHA1:5D53D60630E8C4330EE846706FBDF22476571EAC
          SHA-256:32716A9A9A25E70940F72E93F1D0BBB845831FD59CCB360D5F1B21894482C60E
          SHA-512:F950477D8470386BD663601692E8BEB93A684C73ADBCB36FC810180BDFCDB7EC26786960B5212CA5F70F269915901892764EFC4A5169D016232CD1758CA399DD
          Malicious:false
          Reputation:unknown
          Preview:{"ver......?....]......K.._].3*...!.......!V..].a..g..B..dZCUr.Xk..Ol.z....D..9...4.26..o7.S8+.....!5..)R tb.$eq9.za5.......FG...X.4Q..5L........7_...|...&:*..[..b."~...M.A....Y!.....Xk....vK.b.......W..$.`...V...F....C.........a....`.M....wi..048pb.~q.~g..k.>.9&<.\(}.....&z..'.y..E..P...s.c.bS.\........h....`IIR.`........<....s.K..e^...o6.]y.."..h.K......Hw.U...F..$........3LI.&......g.9.b.9....[.&.r.;..Q....f....O.G.-....HC....VC.xj. }glz(...o...tc.d.,...6..c.Z-.S....j.....h...mn...QU%.......v.........R.Bc..1.l.oT.HL.K<.l.6B.s...P.E..j.....j.!..w.IA....9". l.@S......-....RH-a.p.5...S...-. ......V|..%-.4Uw2....v?.r./..W.,.(.....4,.l.pe....X.....P-....I.>.....z^DU...-....Qg;..%......(N..).^..Y...../k....b\.....@E.....K.:.....)....][.%..M.5}-W"...Q.S..]~.."8,....mZ.........h1......}..".$...,.x..i.w.N.p\..Z........O.k......;..'7Z&.C..(\.D.TKRH..5!.2.VM..[....I.80..qh....5....-q.e...Q.....{[.....B...g.!lB...pJz.g..C...`..

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\content-prefs.sqlite

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):262478
          Entropy (8bit):5.648781373915034
          Encrypted:false
          SSDEEP:
          MD5:57A78D1D5EFAFEE590EEEF15699066E8
          SHA1:916CFDFE1BA3DA539E64CB8977D3AB4BC203A1C4
          SHA-256:93D853A99FA7AAEC45C196C32F4E30E133D4D199E572F699A41E8BB236C59E78
          SHA-512:1A0FDACE7C9732014D7814B44B58AAA12F4CDDE2D2860ACEA157207B408E73111EDFA3D28896732366D5FFF5878481AE10EE63E28CB9293D54C7F87A309A56D8
          Malicious:false
          Reputation:unknown
          Preview:SQLit?.f..V.!....p.$.*.....a.P..eB...]....Q.s.o..5a[....5...7...}..D`[.o...wc.2;N8.!.:%0..R.....o..|$7FC..*Y."..{|b....Y.........?.#wo.Vc$.$.m.|.*.o..F.t.Y..4d.v>/#[U....v..L%.....YD.Y.J.a.yeA-.#n..(..s.ziA.a..A.i!...R...I.*.).y>.8....\.*Z.....u&\.LT]..v....[..nV.Z...Z......^nl.`X.7DBa...~.:.^z.E.C.x.V,d.....J....+;...Ot8l..|...........#@...S.N..|1R.4H...J...z..0.:aA.E~.<{...Z........%0.h...N=Z......]...<..C.x.._3...r....}...a..E8{.......=..[%...4R.........X...J.....;\KqY.Z.s...=..Q.......#@'....h2......qh.......<z%s...i...r........v...m...m.j:..S..Ua...Z.A:..&.....t.hl.X.....z.@..p.....E.V.H.q.B..AI...-l..`..........b_.(..D..T.*_W......l...6..=.'S...1.%.X.*4..z...Si..3_"...\9-.u.......Q.....~.x._..kE..U.`...)*K..2...'.HrO4a*.4..@......wf=E...%.j..w.0ba[~?..%...(/.....>..W..........{...E.7k..Tj..2$.3...........z.S.e.'..../.MB).b.....'+G....#!..N-.R.%....E....B..rC_;..F...[h.g.O.......`P........}......r.....C..Gv.q...4...bH

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cookies.sqlite

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):98638
          Entropy (8bit):7.998231420586706
          Encrypted:true
          SSDEEP:
          MD5:F0E516C58AEE44A92FC77C2ABF7765F6
          SHA1:D6B5F9D3044DD42D6B20631E448D2860A0DFA298
          SHA-256:3191A07EE42B4709E04C78F3E97FB6469A65F08D404BE775EF7851C653849A2F
          SHA-512:020544081107A1E0AD92EABD747D24B80E683349A260F06D40ED17B4C99431FDD4D6ED8246245F6D6299D87B744C237359A9DE30AB839F5550E37276C7FE758F
          Malicious:true
          Reputation:unknown
          Preview:SQLitN........[.l.f...+..7g(.......@E4[....3`.........A"C....>..#..vH.J.F$5.M..Cq:J.")...B.....P.W.#a.{....e..o./...>...\....Kj..$@:....k.1X.._.$....:.I~3i....g.........PT.(.O."...M..o...g.i~/...sxglIO...0wi.'...n...K../@t...s....i..}.E..v3........f'.......?..xrp<R..y....Y^.!.4.......J?".....l.We......<..*....L....e....T...,N.@...h}.Y..U.....=@.,..kUgL..d........6S.,.1}q.p.2H5.q+..N.G0!uk.~5..+..6d;."mq.M-m..A#....i.x?.r{y-...n.......].*....f.aPA..&...}.ZX.QM..VV..i.Oy...2.Cd..5U...&....T.k..........2.:....~0...U..w1,.5.c....t).... Q.w.GI..4.Tu9C.[......O..E>......C.J.|.f..Eq..n......T.cB..p.]w9...i..'.<.TG...r..T.Jmv&..ifdt....-.......t~..v. $.+_R.a.cx!....}J..C.s..+.h.J].M..u.4.TP.z.........4...@..(E).Q+.C......i.K.l...A..a..D..f.M..3B..........4o1..'2OV..........5.+...{+2?...........o.../......n.l.=.El+..Er......29s..]...TE......%.T.)..ll.:lI...gAU_N..l?......E.....m.I.......=_1 ...&q5.f,..1iX.(....g"...._..+..[y...../...

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cookies.sqlite-shm

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):33102
          Entropy (8bit):7.994187532141216
          Encrypted:true
          SSDEEP:
          MD5:B3FE8EEC01012F747A839ADA5B9113EC
          SHA1:BB63C78DB734E9B2338A8095E86E2A1C658A8200
          SHA-256:7DF15524A18E1EF1DB08155A8EBF5B566E3396B550F315E146CCD0FC69F9E110
          SHA-512:E14F748F07F4808ECFCE13407BDFF94C11BAA5C65A5DF86074C2FB1E76ABA17355583655180F1FE5AB07480DD0FFED633547A63A09595CCD0383D502F0522197
          Malicious:true
          Reputation:unknown
          Preview:..-........="\....n.Ly^....N.....?....)......l6.....p_-.;..T.~.Q{c..b..5<.g..w..}#.YY...#w..$.6....H..p.[.k.Hx..$!....}...v...6rEM)zVDKU.h..$..k^...!Q...z.........T.qg.,.0S._R.{.X.K...Z.......s....#.N..Z%~.0.f.8..CPrW.....F&.........A......A.w.QC,hD(x.-..S..b..V^.l!E.Jw.;.D......<j..U...F.oW.......%B.Fd..x...a.}8W..|.....~.......O....Y.?{..tb...3o^.tP>g:.R.@..k.........h._..C'.A..l.....I."&.q.M..c.W......KH..>..J...Ye...0..B{.{.+...<}z.e..n........L.).Q;...w.F&.z4U.`.n..._..!..ha..sX......r^..*TU\."......IQb...{\u?.^Q....cg.ws8.>.......l..d9.....oc.....l.L..p..#1.v...x..N...."..Pj...}.g..JV...4..z...B._.=..`.#......(....Y].....(..*E3$.?..0<Z_."...!8....,.!.#L8TyC...;..".9.u.....9_..EPk...XK.g.y9Se.;.^k..b.G..+bew......=...4......Vv.....w..._X.#.bw.Z...<,...5F..3.W..Za.L.GG{"u.....=..lN(..=......./...R..'.W.5.q...j8.q|1<@k.M.p;.Y}.n..x......9..I.20..p.6..~.~...=...........k.T...q.......|l.H.....y.D.....[|....8/6..#.8.....cl...W)F..N

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\datareporting\archived\2023-10\1696585570317.5a2df80a-6d47-4acc-8154-21c869393df7.new-profile.jsonlz4

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3872
          Entropy (8bit):7.954680748752526
          Encrypted:false
          SSDEEP:
          MD5:B5EAE0FB77783A2AF21DDEFE1F8986B3
          SHA1:16D0903661702BE98B4670F99267BB91DA4BFD1B
          SHA-256:7AAF6763E4C3C74DD6DF85FA54F89E3CAD182D0BBB15D7D3FFEE8C41A3B0F989
          SHA-512:83F785898A2CC3029A4172C88AFD9AC8C33F37660CE80CE373A5F35DC4F84765733E76D1A61FA1EF165912FA7EFEEE15C54486A7E6C3C4ADDAA2EC357EA9969B
          Malicious:false
          Reputation:unknown
          Preview:mozLz.@...k|`.'.m.......\.R...%.<....uK...8..-fR.Zm..).~.8.....(...y...<.`C.../.`.3`..1a.>,_........<._....#...u..$A....5....u|..k8...Ot{p..:....v)g.i..9........G.|.@E]@.QV.8.U.^.......].Z........c....a.=.R'....^..C....))V@.s0M.S^.0.L...0..z,........M....n....~.|.Z....JN.....7... O.J..a...#.....T..V!.[....h....).."..>.X.$....x.c>R.....$..B..4.........I..S..).X...)E\..qM.~...0@.*....m"P.!>,</.g...oLJ....r.....[..Y$...e.(..S.7..d<.S..;....;h.q.....b.~ye.:.d...rR..F......[w...._...l..~.O..}.}j...q5......1.../..Y.RwT..Wc..t....X.&..<u..j...8.O.Y.D.^....L..\8.G.....@...2zI.5/4l".....2UjKo.V..6..g~Qz/i.x...?......I.. ).b..c.[.h$..>..h..cd..m........sq_..."5...P......e....u......P@....>..#.V...X#......N.+..h.-.t.....9`3k..'..m....p?:..z..........a.e.=.>.r.../....Q%gld@..sUz/d+...E.r...A...jdB.w.C3".A....5...;..&.<......B......u.8D.9..%...vF..W..:1........wQQ.i..Q...^...o..|..e(.....-....1..b..[Bym.#..bJswT:P.._.6..}.*3u.S...

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\datareporting\archived\2023-10\1696585570321.86f695bb-32b2-4126-a3e7-4f639d9cf7eb.event.jsonlz4

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):3949
          Entropy (8bit):7.954052476288372
          Encrypted:false
          SSDEEP:
          MD5:F2CD600157F68DCB9AAA154862C39F61
          SHA1:F821697156C501BD170A14BD5EE794B96FB55C9E
          SHA-256:D69DF8ED36B45A1F1B805D2E86750D167629D3EA0A01D2EEA77ADD289EA90FE2
          SHA-512:4408D67670CC4206C51014C7D8C7B800DEB962AE92A9DFED065A3502A48C39315A7DD753AB782D83D02CA2FD4208476A320F1E5F6A9C45B6EE957F1022AB07EA
          Malicious:false
          Reputation:unknown
          Preview:mozLz.D.....!...jW...E.4...Fz.r..N(#...)}..R:..Q...63.88.WM.R....61uZm$...aQ.V..Bq...#....(...LK.`..5.\..,i.fM..H..>.ZEo...(..................Z*..A!cvVdu...x.Y.U.X8t.].g..?.u....".H.[=z.u..".....}.E.%:O..3.Y5.Qd....\..P.m...K<.q.._.(Lw.S,xm..E...VZ...N..e..a.1q.ay..........t)GD..aw.E.1..)q..+O#.@.b..J+..K7....Lhj9...8.......]..........^............5..........!.c..C._.}.tU...'.3.1.....m..&.K.c.. .{J~..x.).v.$e0...A&t'......7Y...u..>...3Qm.F..B....U.....`.A.....".QaN..\$f.C\.W.`Xn...L.......p.y.W{VD2,.._...X.s.....M.L.....7N.M.RE.....`^.I..A.....Q......7\*......F....U9..p....D.._........B...=.H\CGKa...LQ..0{.>.M.V'..'Y.....JC......lP..S..TG?..bJ.N.]...F.,..wu..&.....gd...I.....f..@.....yu......=..kqO..8(A.D.".3.E..1D....H.UK.b...c....d...M.LT!........w..=.f...Z.ej....Kt...I.....:.^*......z..Z_{.1..VxZ.................... .=\.|.W$/........9..H..E'.4....d..0..[..O\t.%;....I......=.....l.Z._Vqh.i....C``.N.[.a.O]..W..F..B...._..Q.A

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\datareporting\archived\2023-10\1696585570325.95422764-c580-41a0-9f20-df979876d1c4.main.jsonlz4

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16919
          Entropy (8bit):7.987862380712737
          Encrypted:false
          SSDEEP:
          MD5:7482AB6E9074577D507DEDB39C5274C7
          SHA1:C06F18A267F83773CB80D3B6D1F6E23EAF3A5AA2
          SHA-256:44999766BD80C96A8706C8141FF5A1E3866C0A06C587CB9F4E40F0E1489AFD54
          SHA-512:771712E0A2050B915EBEA2E27AC7F130F383E0D9A79B119635F4460970455D241E0A88C648271FFE6C3EB5101E89E0D7ABCB5C3774986D278408EAA8F04ECFA9
          Malicious:false
          Reputation:unknown
          Preview:mozLz....5..i..$..C.<...}...C[.]y..j...,{...P..>|!=w........rM.K.K6Aka%.3..p....@^.c...i...S........sy...m..&...}...>.d...?......<;9.x...u....%n......)<.D0... ..G..K.Q..[....p. .p..0.Z.|.w....4...[.gv...[.$\..".yo.c.I.q.....C...ss~c..Fq..0.S.0R.5.\{....!K.$.C(X.9t...dW..T:..i.......f.............WzY..n...\c.(gI.D...;.V.&..\Ya..~...y.P.7G......o...y.|pc...*..Y.A>..0P..~.v....A.Y..S..3.w...j.B.....}}..8..0EJ..z\.7.{.?.x.....+....+?v..]..7.0.`..&.A.. .z..".A...b..Q..2.jh_+..z..d....#..i.(.........tJG.S...f.1D.......r.................FH...uX......F.O..X...V......QykB.\....e.....'......./.}#.....0.5...O..{Fn*..43.eD.......@.....d.........I..L...wm_..DQ..7.;z}...`.C.n}...4..z...4..'.......>.<..%...Kf..0..G...?...-1....{.....>$tI;.>..o...$v.U1 .4..:2..........]n.5.....)..C....a.xqj..R...n.,.$...(Av.r..-...^..3.:Q...!9......88)...5..J....6'..*P3..........h.\.;.m.+.l..J.-...@$...d..\sV.....3.0.*.*...5..90...H...|vn.%.vZC......!...WL...V Q..p..M.

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\datareporting\archived\2023-10\1696585570326.26c49559-dec9-4c72-8582-645b4ea2da18.first-shutdown.jsonlz4

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):16929
          Entropy (8bit):7.988575691261626
          Encrypted:false
          SSDEEP:
          MD5:360B986EC88E37478C96B55AFF6F17F0
          SHA1:2C4A05E215224F10566C83371D08A7CE4888C3A8
          SHA-256:1F75B4483A5DEEC9A1FC91AB6A394D05164FDFD22DBFA7E0334CD6ABD1D8F395
          SHA-512:BC3506F4763DFB21A5D3D0F9916332938FC972D6D62A14E00783DCEF7582C08C8E810224DD87234F7DF16FCD468E5F5FC263CF3892C1EF859E17310A2895FFFD
          Malicious:false
          Reputation:unknown
          Preview:mozLzCRT..FDp.0...v=.#e.(.^L....G$/.U......hi..g...0........z.C..>.3..2.,|v.L.QI5....EI.f#...].J6}gN1......D.%..B.]y.L<LR.f..o.........sP.r#YA.`...u.)$..z.....5Po.b.Q...o...L.&S8M.`.$....f....i..8.T.>..v..?...>.....V....0...X..-...+aA<.Y.....h..............v$._..k..}^...i..`.(.`0/..s..Q9..OO..^.V...iG....uh.8:..$Z.?...Zz..DzScz..w...+...dH"v.^.D....mg..n.!.4A.`N.P....A...--.(..qCh3l.N=....7d.6...Q%.;.3.............X@v..X.......U.L....{....."..xUz.Y.].59EK..Y9..iK..c..%Y.r.]5.8X.?.&} ...iG. #...UK..3..S.x.".s.VkP%.:8..c..#"L.OqJ0...}../n.....T4.N_.T5.O[...D::....5.......:.v~5.'..z.CaX.5.....K..PF.Z.../.q0.....Ik.1.U...d..4.....~.~....D|f..'.".%.x........#...x.u36..a..\..Fa'..Y#.......oo..a{....E......x-{...v.@5D.....Rz.*../.8...uxi.)9.e6....GK.T...s..Na=....@.H....>...4\...=....s.G$ `@.p....J.J..>..p<.8z.:.M.-.}.+.k...N..>e...o..L.r..*....%.G..`..|....:.7V...@c.2...n6.2.O&.`..v.-.S.}.@`..nh[$..n.@..)...IjKL.&...J...(f.0$.N.7(. [R.....w.O(k/

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\datareporting\archived\2023-10\1696585578019.3235c558-7b16-4bc9-a13b-cc8eaf418842.health.jsonlz4

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):777
          Entropy (8bit):7.732377562459398
          Encrypted:false
          SSDEEP:
          MD5:6BA1891F15D5DF9DD8BDEC8EB0B0CC93
          SHA1:15D7E3F37A09B0C42AE61089943E40E2DD336F2D
          SHA-256:B981C0164CC3257D01BBA0B67B59DE5FC15A792D724AA8F7B766C87D2226C106
          SHA-512:A7B8470197AA46CD933C655B6C467C9E42886C7A9BD59EB178E07DFA55F8D2744C454A14F18079A61E329598245FFF77761EC7E508FD886ACA987B32858FC63C
          Malicious:false
          Reputation:unknown
          Preview:mozLz.....qs.\.h.......\.nw$D..|.n.xTyW.C4m..A.vx..q%...+...s.mK..O@n.V..|.......t..$.Gw.^.K........!.L.W.l.U.5H.........g....Xaf`Rc4h..Q.y.A.O{....p.y.nr......+k..5..~.,.g.H9.!.Z.....T...L.Yi......"o..*.X..<.+c[.-A.e.Wq.p.[...5#b>Uq..h..J.......x.J...an9..U...0.d..4q.))....Y...L...m>..U..r6`..#@..wB..C.f.....|!.'l....?....#.2..d.^.j.n.../x..........M{[......&.8....c6i...,..'k..$.cbX...Q....+=$.*..xr......J;.V.m.x.'>G.Q....)..J.&........).,[O.@.....N m.w.%.....Y....r...;S+(..C..`Q.Bh...?.nPs-.>...r.-..(/..R...J\_....Ac>.9.}..b...V.v.;....5.0...qrL..EdN.g...f.}j....<.Cb...=.._]!uC.u..T...G..v<.$..b}4.l..L...YZ\.O.s.sa!1.4......'.....%..3..9..of....*.........9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\datareporting\archived\2023-10\1696585578051.39084f19-383b-4302-93d2-c63ff16a129d.event.jsonlz4

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4699
          Entropy (8bit):7.959979527347163
          Encrypted:false
          SSDEEP:
          MD5:1B384BBF8A9B0AF1A93E03BDCEFC432A
          SHA1:A4753E635792DC16D18C3C5A351BEB8C85AB25D5
          SHA-256:1CD6E231E8E0D49F1F861DD63E89D721A9CC3FE4C89A494C89AD9F607A6D0328
          SHA-512:B2B284E50F7D779CD0DA720A668A656CC2DF02A35CF4C717FDE69D227590E432837EA3BE8B8614CC8EE43CA84BE5DCB9F84AAF4D5F4389CB750FB76DA6E68611
          Malicious:false
          Reputation:unknown
          Preview:mozLz^...YE..Jf.H.I........*..........5.q..ge.......5.a...XC...3..!?.........B.C.5.z..5?....[..(...).<...g....>..4..^..0.Q2...o.(bA..4..G@)...Y.@...4R..._.+...1.E'.I".H....Ad.....t=.t..u.|...gg/..0.;[Z.w..[...E..].............X.Z...m$..C.1...5q....f|..4...1......z....a...4.y.p.1&j.dP.Z....!...-2..........`0`.A..$X.e.$a.1?......Tf...U.T.Uv>.h...y.T#.o:d..<P.C&...+.P.qG...........vD-+_b. N.$RA....x.nT..p...T.UMY5<...~..Rd9....!..X..w./..6.?.n*.n! ...........a.m...<.v.+.........k.9:8..3..j_2.=9U+....((......;.&.uKrdX.E...fv'....C..Tg..>@y_#......l.iA.@.`.*...GNRK$\.T..cz+r'k.4Jj..(A?O.h...\....h.#t./F..........k..6.u.E..F..0..G..R..,*C...U<./.._.Y[,..:Pz|fGV.....Tf...$p.mM..%.L.KB..Y./a..l.:#.~.^...~#$.............jS...*."f....7i.w.+.l...l....p......i..j.I..].....=......./..H<.q.@...!;....p...........G.^.t........!r.p..#rU..'.mA.3*.gR..i..^NEn!.....xP...^..'..N..i'.,.*.....}.n.<.B...N..L..m.za7q...-.TTp./0.....XPb..p.6.\.NS.V,wf.f...Q..

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\datareporting\archived\2023-10\1696585578052.98f36e5f-60e2-40fa-9fb9-37eb33dd4417.health.jsonlz4

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):776
          Entropy (8bit):7.753148666714085
          Encrypted:false
          SSDEEP:
          MD5:B382CF7B6028B4DF7AE671026E8407FC
          SHA1:088ADB8A306F2C16AC277333BDCDC79A6D34E242
          SHA-256:DEA97C73BC41CB2BD33914FB5BF94A3037A80200E896B23031CE497717AB4B03
          SHA-512:976E50A36B9562B1C794028C7F9787E77E503FC4BF4CEA5A3250EB5DCE382E7E0E7B9B4000DE8837F87AA25FBC68BB06924F710E28D5B24212D5508F9ED13DA4
          Malicious:false
          Reputation:unknown
          Preview:mozLz..O.9...6.....nl. ...O.........H..........k....?g...............x...{...K....._@_wj......>(...".d6, .|.L..F0w\...Q.\..!L2...7y....p......JL.....=..._jR.*......{.....D...."b4...*.T......S.x.....A.+......#.........,....EZ...l..cR.%k~.G....{..M.F.wbKk.....m..h.0q]V.?.......1g...#a.$...NT.R.S..FCi.qk<Cs...b...6.... .1=.xv..g....~...l.`.A.(....H...j&.....9|....@t......(.R$...k$E....+X..8`.?..i..85...H.I.......wf...7.."?=]*.]bMz.b.9}.^I.......Xg.AB...z.+...FY...o&.L..oH^...Ta.7.|...r...7;LH+..BF....^.5...../.".....0..]m..T~K.g......../...^..W...mdy<MJ~....3.r........G....",........,....Z..k......y.I!..5(!. t.:._ss.&...+...34.O......y.......vu...>.}9..p9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\datareporting\archived\2023-10\1696585578056.062597e9-9a8b-4446-9d2b-dd02a663ab26.main.jsonlz4

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):15770
          Entropy (8bit):7.988689671159972
          Encrypted:false
          SSDEEP:
          MD5:1D6680EEADD84A36B6377314C3C717C7
          SHA1:8BB158DB0AEDC326FFF4585885B679170F5EFB35
          SHA-256:6BE3CCB2F5DF8387B11B242D32CC9F63B875766BA97E1883CA1D4402DB0162BB
          SHA-512:3929EB615208BB3A3526DF52702075B4791CB42A9DBB1403A44FAF84A1EB166ED79AC25036F6277619683257AC60F196693F56DA37BC0618861E440442C56934
          Malicious:false
          Reputation:unknown
          Preview:mozLz.Tb...o.k.Ouk....@JZ....3.R#..#.c..}.y{. .*B_.K......O.H._.6...."f...6Y.Z.c......7P./..K...D.~.S.......b....../....P.^NS..k....<+Ml0..G<.d..>f....sG..7.G..|...V..\.[j).......Z.%......E.h>I.&...:..4O-D....0...|v0..+r....Aj...uIOxU..Y.A\S..-....s.:[......6)..2.0..mN...............<...W.Y.%bs....Y..#.=......Q.1...&O1{bv.O.?.a.H.&...r...B~.....Q..m.H./{;..I$....B..i.4..H4.%..G..!..]g....S.....T..oB...-.....c.d(.f..}...h..a5..T.q.._.I.A!.................C......._^..8.J...#B.ia.D.....dm.K..}4.Y.>(.:?cRd.g..T...B7..J8.\...3..y...{h2...@..l.....,.R..qR.Ot..n.M.z4...:..9........e.8.*r..a..BkM`{...Z+d;%.|.....;.......wb.).".7.?.d....|..'....K.V.#.....2.9VJ<.]..u.Gd..Y._T..hx.I........AN:...|..!.W.T..>._Ha.5.#...1.B....{D.1....6......A..o...q."........o1.....4.>f...c.-...<.ot..L%..i)...tTrM.....)~..m..f.....l.c.....Y@-.%.W..c...n.Q..+O.......'h...|^.l..qIS.b..\..d....i..:..P../>....yu~.....R-...N|.>.9.........j.B...U.w..x...."......P.

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\datareporting\glean\db\data.safe.bin

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):13364
          Entropy (8bit):7.982762073569727
          Encrypted:false
          SSDEEP:
          MD5:A025D7BF479E3699B32E17E3D5BA87F4
          SHA1:57E3F9ACA65F75297F33E48F488691095786A2EE
          SHA-256:347599A4940BB181D7C762402DA75C7410F546E4429745731E37A238251F62DC
          SHA-512:EC9B998EF035BE7155FB49DD5B85D9DA860747D15EB5B8A0D0D88A95DC9A621522B36C6A25F1CF9CECCF5BA6558EDFA6516B9DE720F04FE3DF6EC455C3C72AB6
          Malicious:false
          Reputation:unknown
          Preview:......b......h..G'..&..sK...ei.\I.\.j.....dv`...~K.J9..7....g.M./.o..)]3.+.L.Ix.Y..V..g|..I?Y.A<.q...0=(.f..+.A..:..E..!....ll...&..,6...%..&...........&i....dv.......S.g..q...{~./a.~|.{.~..z.8C....n.........>....-".k.8~.?.K....rv..Rj..{G..g...01...A..`.yjd/`CJg..>../.*..Z.p.x......z....A'....T .<I......[.u..ug..:..P*7.u.I.EV...,p.../..xH.U....S|..n...{....,s)h ./3....o.,.l... ...)...8]..J.0..*p?...%XKM.JNW.J..2.9zZ.-t...c.....[...'..._bs..G....)...Y4z..oa...V.{.I. ?$Lo. ..).t(A0.wM8P.dd...R.}....+U.*#...Xxt.7s...&.\h.qXE.i.v.....7.H._W..yN.I1...H....q...l.ma..Z......|....'...G.Qe.......+J..u....2].lS...K@............E...4.}g`V..N..3.Wwd(..-....*.._`.....KN.v........*.k.9G.C.)...w..t.NF.....3...^7+..V`....*........[..J....q5.<UKs./.w......ENp..U..IqcR.....x@.....2,g.S.@.....t#..U.xE.o/......a...........E..0..=....%r.mR(.~G5...E...uK20Gvv......*).9#>.(.........o..=.U.Y.t.:..8..&W....)Q.....Nk.....<WVZv.a-. .....u6.97.9.I...u/...&A.8j

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\extension-preferences.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1423
          Entropy (8bit):7.8682660332266865
          Encrypted:false
          SSDEEP:
          MD5:054176B1A15398DCA48BF040571403E0
          SHA1:2918D0F3E9E893F65BB82AA8A3F4A6541040424D
          SHA-256:8D79B16283E92E52A50ABC50A4838B4CE04CA0BB2318068223CEC91DED53E133
          SHA-512:417597AF9A96508294013A069B7B509F9DE230BAF9A92BB2380A455AEF3EC5681786BA05453AB1CCF8B219B8216A577F21F81D5B8B78CE2E1DE0913148005B78
          Malicious:false
          Reputation:unknown
          Preview:{"for...f.S.Ni..%qwb....T&3~r.}2dDf...~H.i.!P...+........i.uo.2v..S4q.1tw...P..L..w..M.l...G.`.AV....a.Y.b..X.7~[M.|N....f.7.....Rt....y*.G7..(*N...]Hy*...c.N.B0B.j.JrH..k'@..>r....p.][.X...7.*....Q.=..<....F.VV)....3.N.}.&.p..'s...".i...\H(.....?..3<..;.m.Z..t.....y.z.W.^..6L...j.j^...i.]-.p.s.M......Mh.s........7.(;..0..I..#.z....;.(.9Uc.d.h|Lp..b..rB...gNd.K/.0Z..t+.$k[h..&..f.u......!.k..p.?..I..[...3........c... C.E|........?...ou...........o.X....G.%...S....y.:.....d.!$.-......q.FC....U[?......#..\..m.tAN.B.^q......2.....3N...j/_....sG...6w.l.o.WiIN...ghH..N...W....4 =...!T...J..".W..s..3;...H......`..;..u..n...j...'U`.P.v.]>K.5d.).....K.....!..u.e.2....\....;........v4.Y....M...2....[.._..k....).#J..u..%.f..ya..M....y{...F.U.M....Z9.1e]Ls[.n.i.5..;..Em..K7.<W..r..m.....?y]x.y......j.#.d..U....@D@R.k..{..V...\Bmy.....X..32.....6.#...R.P.2.H...z..1...?..*...]......NWs...... .;..........;.6q.^.l...ezB.Z..P.Z..S?.4..A..=...K..I.......j*.

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\extensions.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):37164
          Entropy (8bit):7.994351521520179
          Encrypted:true
          SSDEEP:
          MD5:0949D007E65F083B45856BF9465FB97C
          SHA1:46F74B4800D205A3934BB20B9884E41F31F1B0D1
          SHA-256:E48D4DDB018121E9016C6768E3BEC596F2FCF25F64688C906FA58EF39535FD5C
          SHA-512:CEC699C21B70189DBA3923625745FACBFC0CE74A205131C7A26B725B9278048C2A9A0FA138665244DB91CFF3D440DAB9BD72F441B3111803533297BE40842763
          Malicious:true
          Reputation:unknown
          Preview:{"sch&..x.5y.F^.}....h...FI.5......%.........gyg,W....N..........R..Vc.....?.. ....68.............5..L.w.....@.?./&q.2.....@.j...r.;..g.v.......%....y.x......0...V.J..z.......a.y......#T....-OWH/.)g9G..P...$.d{I...5{C.i.DLL.S..3...9_.?....A.....E...*d*WQ.c*...9.aw.<.9...]u..Ua...g...."Pj.....~_V..v..F....e..,...B..f.Y.k...6^..L.1..w.t_.'..Bz..+.i..>E..$.C.......)4.$...,9;^.s...t.e.../..$.k.|j{.\..o.T....!../i...I.{...{{.n)....^.....vy.s.d,.fo.<:.:B.#..z..m.J..E..D...........m....3...~-...-r*..-5.Re...`.^.b.qW.q...k...SP.g.......ej.....[8.......1...Z.Idf0.s.@.w...Z..X.....{.r..-.Se.O....7s......@...'.4.../.$(.|..[.....m....2..z.PZ]..rP{...O.k.1>`.)...5.q?...M.1..D.\H.ty..s`.{.?6=........s.....0..x..%..=(.C....<....ht<.h..r^^......f..N..V|q.......WM../.C..P]F.."...a....H.....,D.z......U.A...t..Qk.u2.....9(3rh...Uh..Ddn..s..ES.TujCR./...`.?..W..>..y.............w.^.~%.$.p..!......>.....!Z..Q..t..4......{..X.,....,.B...^..vW.(.7r5.Y.^..G#.g..va..o-c...

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\favicons.sqlite

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):5243214
          Entropy (8bit):0.4262009258818903
          Encrypted:false
          SSDEEP:
          MD5:18DC32C18912B27F07CAFBDCAC427884
          SHA1:9BBAA74DF9233D6E9E264D9320192B0D1A51BE22
          SHA-256:CCD95096FF1D4CD42953AC42C6003231D257A3C497E5DF1979276B651120E416
          SHA-512:9C530002B0F690ACEF192865704F0783E0C90CE53661F05FF590E1B2ACEAEF6ED1791AE695A4F603409EC37DA7715C34F882B15DA8ADC6AD2CE811EA0185301E
          Malicious:true
          Reputation:unknown
          Preview:SQLitp..S..9.@....qu.{*.......<..I.8..H........O*r/B"........p5$ ^.....V.h|.J.;*y.k....$....S6.,."..J.i.[...Z..CZ~TX....A....:.3.0.%H.|$...9.,.8w....c.P....e........Y\l..c+.h)..a.....7...0FPt.bf.l...);...d.:.....U.*...=wZ.%za..j..V_.P..=..........^`.w.....f...k..E-.M.X}....[....1V......".t...8...x...'NZ......KD.....T.....4E,..H....k..8^L..@ w.M2.W.......a ..p.....W..k..fp.....,MA..m..p....H.R:..C?..."V.%/d~....XQNB..{...j...........s%............51.<.,.3..{;(3.n.....7*.Z....`........J..........<diw...)p.IcH....E..A.\lO`.......F.k..Q.Y....=....D).~.+...]+...XR?.J.o3.P[}..v.~...._.0.$B.O.....U./...l..g.!N;`J.2..u..%"&`..pr.z...",..w.(..&.!...-...o..m......2V......WF.T.N)DN.. ...x.{....FYL.Cp..l......x>...mK...mh...C..X.._.......y.1..>>.I..U.....?m,.+RX].E`D....a...."..r4..#.=..N.....?......8..............g(..=%X.a~N....n...h.-..y..N..(....T.......#.....x*.......{...R.......d...3.=..p..5?4.k,.b.*`.t..qC.NFu..$.)........%Y.K.H...1)...."......$

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\favicons.sqlite-shm

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):33102
          Entropy (8bit):7.994837641657864
          Encrypted:true
          SSDEEP:
          MD5:6F958EDEC98DBF076FF9A62158A7BD83
          SHA1:A91AA6A053633ABA1B1EB871A978E172DBF86BA7
          SHA-256:FD1535148574575058759AB94F56BD397F5030D4450569ED92399477DC8B5E0A
          SHA-512:5ADB784DC36AC794B58A68CF8C7E4CDA83B0F2433E47B1D5C6CABD52450F235078E60911CC17821D8561F4B590B58CDBFA8D21744C0FD1BCBF61FE2BBF39EFBD
          Malicious:true
          Reputation:unknown
          Preview:..-..#..... ...O.Eq.Y...lg.c.7L..p.(.L....S ..#G...)!........A..O..0^SV.r.\(..)<K.d2^@m&...../..B@...E1.-..n!.....g4.Y.z..d.j....W..k......*..}/.+G....b..V..a...}..O.t..u..O!.g...... ..|t=..C.v.x.DmL.O...i......_..P..v.,.S.C.....~.*1.d..... .S....x..M......y..U....8.....e=..v.(..|.v.u.(TVnb..?...t..x.m.*.JP?!....>..MV._.2.A.>...n....j....7.V.]...58.....?d..|...dF....^...g.u~.dE.A...(..Z...Hs.=.M......f....8"i......./...L....T=..+...{.V*....@+.=.C(...8./...#..@.....ZK4....."\....|.K.1t...w....3......}.Pz..DCh.Z.Y..+...."~.....#....%.u?#.....p..-.A@.N...p..t.2_...*.:..i|..V..3..f.I.Og9.[s...N..x.<p.....p3.....[3!.]T..n.0........r......e.v.rOfB}.,.P*.........>..uS9....K.V..uy\...c>qU2g..".J1...<.n.V.#..8._....p.]P..yA...p.......DZ.......T..cw....Z...Z...[......,.E9;..q.^...J......].?)kK..,-:..ty.-A.m.=9H&b..w _1G$.S.._.ma..o......D.k..7.yh!...|......ki.9~...t.......Zu.x...R\&........V..h_.........E8+..3.$.C?.r.._.m...d..V@.>.B......"1..E.

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\handlers.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):714
          Entropy (8bit):7.694405783784418
          Encrypted:false
          SSDEEP:
          MD5:F227847207EECFAC82DC7C1EDF25165B
          SHA1:F61995F47243726F87A136813673DCEE2EBFCF0E
          SHA-256:2080D0BCCCCB5245363FD6C28BBC6182FF29A3A69419B274F285D5B3909721BD
          SHA-512:D31AA4DE81715B253DCDCBE9DC3BAE354805639CDE4D2C4D2A8432752C3C81709C9C1F216E023E3241294A867A0FF1BA509B2777283980384B857D657B6BCC04
          Malicious:false
          Reputation:unknown
          Preview:{"defBd.C.T.5&....K.g./.....[{>p^c..x[b.Si.'V.)C.........#.....6.R...0.a.....Sy.z.9j6..(s....F.M.....G..5....N.\..&;M...~4.$.........vt.}......`...61......^.I.....0..G7k.c.:|...Qn... W.cy...t.N.....x|...e..X_.L~.....+......p[1..R<+.B..).M....G.c.0P.U.|..o$Y...L.U..E....ObCG.y_.......|]M....../.Fph.G.....[=..#Q..9....\...w.80.&......B..$.}...k....._<..`.R.....$..%&...gATK.{.....l...u.F..(..^b.r......^9...tW-0.\...wU.. ...|p....jZ....8~\"$.9.*.f.O.E.C.....Q..Ogy...[..|{..I0.mC.v...+...V...1.U..(.*..nT,9WV_&.,...G@..........A..Ri7.j..3....)..b..29kS/.b......@./.S.G.X.[PP.....T...3.....c....sX...UZ.%x...]]2..V9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\key4.db

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):295246
          Entropy (8bit):5.154585497139843
          Encrypted:false
          SSDEEP:
          MD5:02F222035A6B8DDC36AB2DF7BAF2F661
          SHA1:4B3411A4AC97B7E85DED13B67EFE64FB5259431B
          SHA-256:436947555B72AF74655B942D01FEADB7FA7BE3F24179D47473A1AC088718EA39
          SHA-512:EE73A8BB43489604BF66ED9EE61E6A9F705B3EFD4BAC4D9006D8E29D319B9F040EE65EFA791239E2227AACBDCA0B86F715942E63F6A5E816DABC24F56F22C69E
          Malicious:false
          Reputation:unknown
          Preview:SQLit..d.H..x...Ry..........+q......j+.....B.t.O..tX...7....]..A.V.~..S.5`.Ya..;..l...Ambc..hI0*..WFO.....b^.1.N.?..5.9..9.t.Ro..&)z....V...5....5..?|F.A+.C.7C..~..u.N.......A.Q.1...%E...`.......*6....r$<.\.....*.4x.Q.9._.m$.....a\y.L..Y].........5...R.b..q>.DK.>.2T..0z.......C...?.L.B7|.$.L......7..MF3.K..!..7..p..q^VB5,7.)...y...1..!....Io...c4=..v...x..~Ei.&W?Pvl......* .|.\.P~m..K7.MY.d...(e...j^.......0..#..r^Y\q.M_d......eS..Y.H`j.....s..m......p0.|...E.t.!{J.........S.s...S.j'.ysJ..........q..ka.^... ....h... q....v.~....(..$.cAn@.F.O..p.o.K_(...!..4..(_.F4h..b.q.+%m.t.z.....u...m.@..)N/.R.......G6..".=.i.Y.d.`...t'.&.....z.......S..8...&...%....y.U!..v......5...PFm....Sj..$.wj.$....p....].J.q..S..(.(.&.g.s...%X.p.`...6.v.3b.I_..Zm8.IZ.NK..\.......je.{V.v....K. ..D...y.#...u.<.......:..~..e....C.n.,ll.D..n.V.I{#..g..\..Mi.{...l....O^yv.Q<.&.O..s...I./V.....~-..}V4qt{....7.H.w[..a.YI.8lY...I.".A........7*...S.......E.....<.

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\permissions.sqlite

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):98638
          Entropy (8bit):7.998300425169449
          Encrypted:true
          SSDEEP:
          MD5:C423BD5427171D83AC319BE6BDD4508F
          SHA1:2BC7227E5C06B163B84BDF6DA90CAAD59C52F152
          SHA-256:97C645C849E866964E375AFDDE561BAFF5BC8D5951609E4BA038CA62C9CA692B
          SHA-512:B14DCC02FD9D1625EC97F74826C02288A5D076BCA5854F6F95F5BBDD1A410E804FE27CAA45D34B0671616DC6705DD4659D32D4DB87F265655B4654A7DE705D53
          Malicious:true
          Reputation:unknown
          Preview:SQLit-...N.I...U.....Am8.5,.._xu.^..F..\6.S..^...(.{O..4j.. .~.W.y.x.A....CbL.O"C....B.].........f...!oj...O........Ls.-T..^ .V.....n.$.....c...U....)4.EQE..9.q..I..Dt..F...=.cl.5/.v....X..x...K...gO...df.n....P.o...=.k.._: khR.5.M..3......U..GkS."...8..37......Q...&..&..._iu[..'..8....N..l.?..G$....WcB.c.t..8V....a.T...g.s.X.O..C..ws.K.%....@>._....-.Z./6"..>L...!...u<.....EY.ccA..Vp.M..#.p...2...[.x.g...&.f.q%.c..c.W-A.t...@..c.n...e...E.xP.#..../.........co.\Q....+.'y...^..G.=.bB.....6\?..A.|=M)......]%s.Z.O'..........X'....RQ......<.<1N.8.KJ.$. .....%.D.......p.%......}n.U.db..V....!\...X.0.o..*mo.1yL.E.....I*\g..;lI.a..B.....Ua...h....h.......B......$..`.h.....8|..)..0...%.gzH!;...\..#.u.v.~F|......] ....<]....O..E..\..1...U....s..@.*.lo{..;l[.y|..............UQ&..H'yU.C..h{..<D_.v.....A.....b8..h{m....j*.&.(.D...w7Q..).......mZJW.iU.@(.H7.5.D?,.4+.!....*.GL.$m.....|...=..x....l.Pl.....Ds[.K.w.....2u......d..D[.m...o[.wy..E....Q..X

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\pkcs11.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):852
          Entropy (8bit):7.720194352627478
          Encrypted:false
          SSDEEP:
          MD5:430106DCE34B303D8671DB425526D89F
          SHA1:865841F4CB3F7F68C02E3CF3676ED656DA5FA557
          SHA-256:3C5F59CC9435D29F4A269FCFEB984EE21D5F133FAE2CD3ACF85DC74503CE890D
          SHA-512:D23DAEC0B0921F6FA3F5D9ADBE3315C4D6F9436013CFCB0F89AF1653ED5B3BF387A32869843B40E4693FC8AF09B28795FDA6606F5170C6C30DDAC48549581B4E
          Malicious:false
          Reputation:unknown
          Preview:libra..u.d....7.;U.]i...5..qS......b.../...xp....f!...d..W.|.,.......|.Pl., ..#Q>..nQ...=}..0f..80d...A,U.'..5...q..r.Us=._.X.......`.P+.F..._.q....&..w..Gb...1.....R.....:.....#...B.....0...q.3j..n..7.j..K...mF.7..4..J.v......Ct.s.r.2..4....X..*....y.jf7...&m.C.."....'4.$:rv{.5...."x.E..=b3.o3].&....5.{Bh./..ZO$.*%..Z.P......:.W..gB9...||....W...lu9j......k.].4]..O.Z.....Sa..[.d{2l...~.d...O....~...b.#.....u.~..k\P)vZ..a..Jb.W.X.}..Y.....er1K...nE....`....}.?.=Y.b....+V+i...9....^o+Rz...Zu.nb5.: <ZQ.bg.A..O.;.ZeZ..@...g.c10d.O.......*Q......V..T...l.rCC...V...8.\.:.w.0........<..T...Dhu....,..4...2.`.>..@.F.|...t^...O.....U.}v.S..n7.n8...34.\....y>...j..*v.`M........T.!.i.....`.Y.d...7.&1O.....IX.y&.....6.MB.iT.m/.@.4.Y....a..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\places.sqlite

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):5243214
          Entropy (8bit):0.4320736788055991
          Encrypted:false
          SSDEEP:
          MD5:D831AA2550862741E17650BF72342E45
          SHA1:0F27B5A83596E95DC2258F762493AABAADCA525B
          SHA-256:AD1BF6890102305B735F3320212F88F706EEBF84B32EE137EB839A2BE2D81880
          SHA-512:7743F970FB62272EF3634676A2A9FBCC3F5101C1E50EC6EF255BFC20A5D84A89ED49A389E695B0165506E49D10A2994FADC200C76F3E70DD6301E2F255231DE9
          Malicious:true
          Reputation:unknown
          Preview:SQLit...2q6.o.........:H.CLf9K..4_n.W..M..1....-..{...xMBK...I.%.!.../.F.0.......b........8.y.Wx......."g$...h.1.}...+..1..".k.5.f.k,U1..S..87#*.......(.?wJ.Py.2@z.}...VF".....;q...}a...L.79B.m..s."k....k..or.yo.M!/Q..3...7..1.....|F..PO..m.....y.X.......u.9.-jy!..=PO..`RF..M{h%..Bc.c.ib..<XsG!g.C..Y..z4*...CZ....y..X.xv.@4D.&.;3...H...,.D....Y@.6.....ol..d'..dix.=q..);..d....&..r*.s.v.=.5%...C..q....|.>c{.m...].<.\..s...c..j..H.......7....@...H`.."(..B.M..D........LI.o[..<..4.(.....z.......V.|.q.B.m...:H!r.W..]......d:.s..+M...M..@...N:.w....q.v%...]V./..X..u..-.&&#.)...t../Y.`.l.....C*..&.v..|.]A.A.O.@..r.s......r.]VY*..lW.>.}&.l..|{..q.8.(Q.)...B^..*.Q.... S..I0..U.O.@..`h.[..W...(..d...)..j$.y..o(.\_.H.#1..R...KS.~...+0....0_n..C!..Z......)xw.}0..X..A7+i...w0...R`....Jd.._...U......!..`.f...L..2.9.U.f..*..h[..&.......k1G....a.C2.....&.+E~.5p..M.....AV.6..Z.1...8.GR.F..c..7....U.%.|i.\x.:.1.yE..6...+..8..P..x.H..g..k..m.D....h.E.K7..q..s....lH

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\places.sqlite-shm

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):33102
          Entropy (8bit):7.99484257010462
          Encrypted:true
          SSDEEP:
          MD5:551B92D39B54169388C2E78F7DF7AA1A
          SHA1:CCCE8013B98BB81417D6D5016A8187BAAEC30827
          SHA-256:6D5EFA13DF57BEF68560857A993A2214CFBE137DC7499AE20F71D66C033B5722
          SHA-512:8EB7FC13C76EAF36B611808D158737BBB339762F53BEC880BE62F61429BDC05E270F706B6514C511C50C9C6F51DA3F1BE461F084E66BB93BBA6B17DA044E6768
          Malicious:true
          Reputation:unknown
          Preview:..-...i.y...?.HV%.OV...[#.P. o.....p3..)Y.Y..._..l|.0J\.&...Z..M.1..1..Y-Ul.P.."4..E.U.......i&...F......*...)......G]..%...(....:.".u..En-.:..3B=FL.A.p...8...ZG?..>.l..e...+.A...N,WZ..j..._..R..T..<R..e{..x.ZK..R..c.9...Wi.......o-...........j"..sFTC5...g.&.t.8.?...7.......A...JYL.g.....P.Q_....:...7..T.....N>*+.n6...y......A..0.p&.m..I.....-........K)Sg.......x3;.dR.u....J..-%.'..z>n..C..Y|..rt.....of.....-.d?..M|....r...u...k.....8.o..d.V..A...!6.....o+.Y.&....si)2...v..NkT..=.)`&.HJ.9..|9Qp."....z.\8Tk..".....z,.zc.... .Lcs...F..!.."'AP.Na....;+..&.=...<.d.V........3.B.7|Vf5s..C<s...W.).......Ws..z....5..1y|....}....l._..r.f...5.N...v.q^&"....e.......y!.?.B...0..K..Z..5.T............G.......O.$..\.........K.d<4..V.%.A<..b...W......<Xn......Q..K@....`....\(i.q.L..6.<...3..,..W...At..h.[.9.O.i.L|".lEf.K..]..\J.y..ydE.w.z9.(..t..*.G......1Tt......v<j....d...*....gL..&KUk47S....A.'.]......m.S.p#..<<_X#.....lx4.;.X....7.`....?.

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\prefs.js

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):9652
          Entropy (8bit):7.977416226212569
          Encrypted:false
          SSDEEP:
          MD5:B63E3CA080B3990CD72DB89962275637
          SHA1:48B42805B9C40825FFCD2897CFE5488D88FD00BB
          SHA-256:61B99747E8D06783C171D94989D834FB9E884FB9FA0DB96F459F24E1E9D693A1
          SHA-512:C6D710F0CE1319EE4B31B751DFE1F064F882AC8FC1992C32810AF4BBE4A55D284EA6465790C10EAEE1BFB295360FB8160ACD10EB2DDD89C860B3A223693DB102
          Malicious:false
          Reputation:unknown
          Preview:// MoR.*41W..K...v.V/0....../=.........O.]D.?...BX.G...t..E.+......4...}!....c.wY. ...N../M...`.....P.V.;._N...;.D>......../..f.yDL0s.........&K.r....Z6..K.O...n......|..n...5......+{.q.'`.[.M...=m.Sl....A&QP..".X....P.`l..LP...m..QI.~Z.%\.l..S.).Tt..F8.P.[..+..bFim.,....2.b..a....= .....c...h....K5....G... ..Dy.~I..f..s.....W......<!o.V~L.L.Y~...N...._:.>..~`J:.cX.$..e.....y.K..8XE.m.n...h...l..cY?.Oyc]....%..*h.9.A.^.W...44..v.....1........4f.)..&.m. i.$..>..E...o.~g$..X...g.6ieY.......q......7.....v.N.."..3.[..=.qc.d(.)...t..iP.I.25....)%.$5w\.D......O...1u..|...Qy..X.M..... .P.'.-..P...cW...k.2..5..A.R.T7....=$Ib....hM..XFKt.H..v.@......d..=.%.@....{NEZ..hv.)..;m..~...I.g44..e......L.#.~...Pk...>v..36..S.3Z...h...n.9.wkb...e...S=h>y.!x."......B2...(E..=.&E..A.s~d.."%.u...~....Y'..6.G.|z...3.}.?.E..t.-..o.8. ....d... G..$.J<=[....|9.S.GK..V...a.....OogN.x..,.o..YA...U.....E[...c.....7.l.l._!...&..._..g).U)YE..#3.......a9..'m...M.

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\protections.sqlite

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):65870
          Entropy (8bit):7.996992454100369
          Encrypted:true
          SSDEEP:
          MD5:0F4489E206FC4A6600DC09CD9A292225
          SHA1:199E6E20F55C1C3D3F4FC202D33F88FE939F743F
          SHA-256:AC6ED966CB34B81C40A0E268F00C17AE6C111161A3D53CABFD5563C493A57EDB
          SHA-512:6AE4CF8BF13BCFB20E05EAE622EA1E33E1D326011F9036FC6C6D98C488BF9B2EE1BC74A564787DF96E88FC46397D5DFADA81974D7640903AA582B7FEB9CB9D0A
          Malicious:true
          Reputation:unknown
          Preview:SQLit.8..<..Lk^..r...l..P...2....a..P{.H..3..N...P....\M.Lc..!...;...D..aL.A..z.151......$~A.=Z......xJ.fE.u.>.] ....>.\..?.d..(......c.....-........h.y4..$........E..f.2..<+...8..i...M.......Z..c.8....P^V.,)..*_3.......f..>4[;w:W..76!..k$A,...:..C..9J..y..7...W.....h..._..\.<z0.....y....{.......:.....\..p..r.w..[m..~.Z........aM..S.i8.Jy.3..xO.\C....y..<^._P.d._.Q+N..f..L.p&.u...?......%.,......yk1.407!_.......WZO...7........5v-.j...t.6..x.....2.S....o|_.}A..(.Y...........I...P.....B...a....('F.%...U.0./.....=T....1..>.Mh.ljB...Nm.}..{..];]m-r...._.e.'.I.....P...T...V.....d..,..3G....M.5C.oR....M{q...H-.XK...t.i....Rcr.k.l.<..[t..}E.........V.tM.4.&.OB.N.'....-T.+.J.`.Y...#0e.......@.Qx..*.*..X.y.>Q/.U..W[.Ea.k<\,r$......0.8y.....01@Y-..+x...3R..Vx=....-M^[....3..&.3".1....`.....,7zk...&.%a.;.~....;.P<..V.8.q.z......U.c.%.4j#../bRX`m...pf...7V[.@i.j...R.I...Z.[.kS..........2.........1.kpS.B......b...V.lk.r..2....v.&.-.h.08...

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\search.json.mozlz4

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):683
          Entropy (8bit):7.686616203865717
          Encrypted:false
          SSDEEP:
          MD5:98CBD11F41E244094DD282B7D9A231CA
          SHA1:1F3DCEBE1FDD12E5866EA1D5B60E1E37BA5122DD
          SHA-256:7BECF2427D7ADFA6A12EB3826983988B371D6FD23C7A9B385A38970EA14236DB
          SHA-512:255778C84B6F3D7F3905B20FAACA710ED878F1D2EB3BAA95137B39E13CC372CBD867A72B0A1CA7AAC5B46C1409D2349C28B885C0341E45CF3967BC059F0FE17F
          Malicious:false
          Reputation:unknown
          Preview:mozLz....G..,.!.}$O...r.%....D..Q..>...&....d......>.e.%-......kaE6z.........m7DO......G.u.pQm..l&-B..Y;..x..$...z...r(.@..$..TSNj....H..Q0.......q+..fq.z'..!..A.<.H...X=.|3....<..ja.....K.?.. ..BY....?E....U..mc...ea...o....../..E.&r...V.NC..=....!.iM.~.{..aDI5p]pT.O...3.`u..]..1".?)......p.....n=..e.\..S..B.&.G...~6.1J....B#q.^./).'}z.(.v.X.G.c.U1 .<[..0..rOW".I.h..l..G..80bl.s{...$.aO.7.E!zsU........].....<..^.;#....$.[Cx.aI...j..,q.l....W.,%).s...@..Z.i.(.=.L&..Dw6..s...d......|.i\....[...Xs.n..u..4H.....b4....S...fM..J....X3S.iu9#.s.'.vL..F.nP .ex#.....bB.F.].....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\sessionCheckpoints.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):622
          Entropy (8bit):7.632707209015163
          Encrypted:false
          SSDEEP:
          MD5:06EB57EF1A80D255EFB31D5A6C716F3C
          SHA1:544B9775967B4883677AC995C1FA67F9661CFC6A
          SHA-256:036494E7BC0AB597B075275496F747C37876885F13746DA072B021E4446A58E6
          SHA-512:1521D350F8FE47C7D3DB4206ED80C50A18B703115C2BA2316C67CCD6052267D25E86E11DEA64B1C2AEC6D256D764DF9F52B4BB835554ED9C15209B5377CB1C51
          Malicious:false
          Reputation:unknown
          Preview:{"pro'..W..9.*m...D...........mi.B.H.$p$.....0.p~.A....~..b...o...n3^......x....n4..M.].`......r..M.k].D.M..5X..bI%...H3.M....W.4~P.~LR..5z.'s.9....!d........... ...u ....}.^s...;.F..0...(2.t+...ar..).T.=......sr....Z.....*..y.v.A~.../..I+.+....wR.#.o$..Z.a4..j.Y.'p%\.T...g..N..g......yN..!...8+.W....9ljQ..!LF.....G.V{rB...A...#...n.^..?a@.7J...H...s..s...'....n>.&..E~.[..&.[p6.D.X..{."...q9.z...l.].Q..4...B@.Ld:.k7\.[g...k..0.YF.w..y.s3..N...9...p..........he....*.{."-.Z6...XB+a.e...?....J...G.4p]T....m9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\sessionstore.jsonlz4

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1550
          Entropy (8bit):7.863633238904233
          Encrypted:false
          SSDEEP:
          MD5:45F89F5812C0842C338A4FD536F7E09C
          SHA1:0801E78942B2234DE6F23BDDAA7EBD1999A40894
          SHA-256:E32813E02FFBD127F559DBD92A26B765B7E25967D682CD0F687ABFF875F77A30
          SHA-512:C59920C2E760D0357A8C5A63E86DC722352711262C49B1A652AE13F127531CDE1334A81A749BB7EEF63F277FBEC6AC2DD060F15C13EB92CBD5061C02E08400F5
          Malicious:false
          Reputation:unknown
          Preview:mozLz...Y..".j{.}..w.oC.D.k&7*...?..P1a..t..U...HM...?^u..o.X..q.&....$."\..~L|;{..-.g.<m..."..P....~dJ.L=...;=aC..?>...O..$....3...lc@_).CyV5..iD...k.pM..RT..[...L^.7...2.D.@..hS.6x.hK/..PKMy..RQ(.Q@..SL.(.i|.....g..w...7.S...J."\.j...~2I..#..H.w...U....r...d.Ow.U...)..D.a2....J..$C.`.H .U....pl-8"Z.O..14.V.L.1U.;..%..fq.LA.C..H..O^..(z>3.:......~..:,.-.Mu'.K..}[.....g.,.....L.........R.1.vN.R..M....?.%U.$.m~-......c.~.6h.p.ax...........A.}......k.....z.~.Mw.Z!..=g......:p.........=$B.<.x..)...yWs._.V.r....)[.....j...kr....~A?.5I...A..h...#.....K....A~...=.\$.Q..2..Ta(..h...K=.&g`.w.sf..n.5...Z...:9.@bM.w.0.../...]i.t...k'.'A..6....?.;.%...8...\.....Fs..&....m....._.q0T.(3..?.t$q.9&5..XPI.pZ$f..8...,.>u.f.H.o......l....N.&.&.. .....k.Cx..#.C..ks.....|xaC.\qT..3..Mo...ZQb........W.c..".=..d..q..gD...qX..EC=.V.G.8|.......-.4.q...vK3.zqo..&...An.iMQ...........A.y.db....p/.A..>.j..4h..o.-...X.J.;XC].*f.....:9....i/M.6p"P0t.e..>>'b..'.<m.....

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\shield-preference-experiments.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):352
          Entropy (8bit):7.337240842951199
          Encrypted:false
          SSDEEP:
          MD5:DD67E2BE7036D00DD790FCCAF2A80EB9
          SHA1:04F484C801A1A2EFC7606926EE77A1DA997B6BCF
          SHA-256:5E7B40B034C7555DC966A05BEFAB02264A115C6CA3473B15B5CC148C6C8F724F
          SHA-512:D6626BAED6C86510CE63AFBD09EF1B978F5DCBA7E844A4EA83F4C5F63A061DC425F68DC726389A457CDED66AEC3C976C5F887C77DA6D4740B1BFC81EF699D6B2
          Malicious:false
          Reputation:unknown
          Preview:{"expo|.=`@...^..~1...|...,6y.j%..*I.Y.L.fq.....[.ml!.aA......2F.....;.._..2.dd...........$..G....@...4."ca...-..aTY.X..-5....a...G....]..kecr.(..vP....<....?`.r#n..=@.,._E<.}.\.lUh.P$.^H.N..."w.#0J..&........f$s.$:r.y.>..P.e.....\...0.`.2o.s^..(......k#.....Za.69pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\storage.sqlite

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4430
          Entropy (8bit):7.955824371320212
          Encrypted:false
          SSDEEP:
          MD5:DB9060AAD0FC2D2060CD31C7C5E006B5
          SHA1:C2A7F47B58B1B300B3208039E5BD5F61E6030C2D
          SHA-256:856B0B3EA3D58FCB32F6CBC89C746F0228B3E06268031EAFC7F14678210DECEB
          SHA-512:41489FCA57DE06C0CA0C1C9B5EAD69B8B9C849A5537C4F2482353DE47856FCA2AFEA23299FB6700A92415CBC3D2A846D8B9A97EEEA2E2511D9910B9439A2EF56
          Malicious:false
          Reputation:unknown
          Preview:SQLit..WO...L/.....HE+.q..l........a..*R"_....I. .H.......\..;~..e5=k..V9...:|`1D....w..DL....s.?.ea..M..Uc...4.XG....NzC.C?.rB....+U'.[[...a.....=......s....K[X.gA.P."J.>.V.KI*~.[..ay..F9)Vt..k....M.....*......1.......3,..+8..B ...C.'."~1m7.Q.8.9..IL.....s......p...c"p.j~..&nK..DJ..hy..k.n...i....^s.(..}..c.....;(vm...b...ld.d]).^...Q..uB.K.N|.\...zK..O.md.z-t#...W..............|7..8..A.6I*dK....q...'ty$....W!...L.F...}..%j.0S;.q...N.....8g4q...@.......Qu....7E.b.K$..z:...T,.q..<..^..CS...|..q[....C.....9lX....x.7w\....`..r..~EMj.U..0.p.....#N}..*T7f........pM...p.IC..G+"........L..Y..3.i.:..x...........j... 3.*7.,&.!.Z1.Y.a++.A.nd.Q.....( ~..X.0j.. ...KQ..A.....E.`....j......9.~..WP.e..J..Z'C`2.@..4..$..u...n..6..n5s..:.H>.......r.x;;y}....]+.."B...\F...CHP.pV._.OD.;........~1.......P.....?.....~z..Oi.0D..L?.c........1.......5"..I.G..U..qo...W.H....r.Ba.Y.. .....OrH..N....?V..0...z.%.h}.c.....r...1..9h....;.M....t}.+.LV.~..T=-..p

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\targeting.snapshot.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):4888
          Entropy (8bit):7.964888825958932
          Encrypted:false
          SSDEEP:
          MD5:688F35E3AE6B85C0BE6191052A376583
          SHA1:4E2BE2DBE5D1DDDD59227B00AA1CA14386878BC4
          SHA-256:EC1B733527E280F8BAC1679415DE0E031155E8A40C263452FAB88681F9C60F52
          SHA-512:18FD8354771A9E90C765D48C4E7DB6A46A806A8F2BBB4D2C1A954732DD24C4256310BD75B4DCDCF1088516F93894D1DB6C6B727D37511D59A1B7CF9FE7074590
          Malicious:false
          Reputation:unknown
          Preview:{"env.f...^.>..U..}.u.$.aR....B...IC.<9f....5.G.....Ip.....m.1&q.....V..i.E..A."..V..n...U....b.CE......x~.-...i}1...m.?d.8,..(?a_"..%..."......C> ...a...w.5.'..t..#E..~....L..+!;.T..J.1gi.;...s.Y.:...U.`.t..'.P...,..e..DV..\..w.C...$..S8..V....O...X..`....'....U#.%..g../&u|......G..J.6..6/.0.;C..("....2....Y.`r....L=%....w~....3.+..]`3........y..x.A.fMn...p..]`.`..|w6S:..v1.&......}<I....].n.#...B...J(....yy...9?......_../..6..Nt9...m3.Wu....=..fa@5.k>.....C..{2...T+.o...{..M.s.D.y~.....Qe....5.#.w...\Qo....\-@.A..+.y.".......1.4A.....b.-.Y...8....1Y...0.4Y.e0.}u..dw.h....k.R6>v..0......Xp.....HeE....T.N[.....'..T....#W....V4..\...>SP..-s......C@.C..........^RfG.o.....a..W.DP.q..W..D..;.B.S..Y..{.l...e.}7.*.F. ..yt..K3"C.m..^n'..s..m......[..`*M....|.c.;...#@.6~...X..X>.6...$s5....G.."a;._....o.bb....g..n.4=.x..Y.o........d.|...p...F..t...X4............-..e6.I..:=.G......s..T..Z.....z.xm.,{1...}0...k!...J....?...oK.(.....$.~....g.

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\times.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):384
          Entropy (8bit):7.29927354674258
          Encrypted:false
          SSDEEP:
          MD5:E7EAA461517A84670B5893DEC0E08B8B
          SHA1:4C98CB49CB166FBD1164BC0C8A899CFE9132E492
          SHA-256:F4E7633E4F961AA3C55866766D2FEEADCABEC865127BDF000CC05EE1E1F35EA4
          SHA-512:1F25C5CD9B464D273EACAB8F1E37CA63C309A41C4B851BEE63E97ED2D92EDAC09F3DEB4E7D6BA811BA7772D9BE6D1C3590C08E959F55FF4C28B1FD522EF58427
          Malicious:false
          Reputation:unknown
          Preview:{"cre.$E....X.e<.~O...$6.+c..n@Q.0...,+...f.y+.jc.K.C..@w..SE.[/.e......+&...j.^..9|@<)q..|.3.$.._.N4.;.9..F...qw.|/'.{.n./c.0..R..L:P.-R....BU.o..*.y....H.t..0|4}XQ+|~G[.".......K.8...0..b.Q.D.?p..(ru..8M...C.8.......Uv>...O.....$..mq0u..Jd).....a.1U.tA...K..&..9w.....+Qa/..U.!..7...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\webappsstore.sqlite

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):98638
          Entropy (8bit):7.99805921654691
          Encrypted:true
          SSDEEP:
          MD5:71AF248AFEC8603EA88BEAC8B6ECE3AD
          SHA1:4BE26CAACC187AABB17FCF88698648075A782EB1
          SHA-256:C5300CA15C328A2D58081F396218352FBB5744D58E72947B4B9C8E40B061D101
          SHA-512:1A82D0C6E22222FAA9F2428F6F5865C19D0C829582C1BC16640BF847CA5DC25657DED6C1438B9103EBDC2210EF0A3D8CD14FF6CFFCB3668565671924E839499D
          Malicious:true
          Reputation:unknown
          Preview:SQLit.vO.......U.|...lke#..<8m.2h..Uk..........1.CZ|)p...Z..(S...`....6[."|.........AY/..G.'..J.....Mi.|.L.+.o.../+@...nN...kn<.9X.....^@.4du..}..\[7......l..?....r?+.8......Q..w..#."%JI+..2A........7.2..A...J.l.Q..}.u.j..eI.e..|......}.`........x7.*TwD.+......K.{..\.I......X...5.0...X..t..@.9..*.......O).5..X....a..#+..?....{..:b-........L.DHv..+<...k..{..m.c.... ..n'.t..Tp....r..........IpQvx...o.TL60F.#....dl.#.GW....Y?...uylb^<......4..%..5H...g....@.....)...i..v.....=....)y..Rcv..Um.P].j.O.L....Z....H&.Z.A*F]...G...s...jr...+g...t'.J..G...:.Q>.... =PHXs?. ..)..........L.....'.O.p...&........u"S.4..:|..m..b.\..8.4.u.......$.n...@....b.\:kW.L32.@..n.8.I.....:U..on.?E....4...}..G.#.d.L..y[_Hz..S.YPG...<..O.>n..K..=w .4N......"~O&g..v....b.Fy.+n.mw.iU0.l.n?{1...`X.BV.$...7.q.}..QsI~..g....F..."...4.^....Z..T..Q...^O2..MF.H..ei...K.GQ..y.......Y...Pe.`.T.....T(.... No...-...J.a.W..70.....G...~...:c.hB=..]ZI'.....K%..Cn<.Y...}:

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\webappsstore.sqlite-shm

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):33102
          Entropy (8bit):7.994676586028132
          Encrypted:true
          SSDEEP:
          MD5:3700BADC27E44758B3CBE986AF848EA7
          SHA1:EFEA3E495FF78E1D6C0E22790B979A85B613340E
          SHA-256:6B8AD7F66282852B750E78A700E4FF9EFF6A566293C33FEC7B17176540F748DF
          SHA-512:38F7A321DD64521EE04AD4E9DADD27973711F4AE6722444C3DC8AEB0834DAEB5BB1ABDC3C60A3AD00FC6ACC447055705E04410F0341322FBBAC522554E19F622
          Malicious:true
          Reputation:unknown
          Preview:..-......./.J..L&.R.M...e../=.....9.y.j.J.Y........@./..v....X..}...]....L.:.....2.N....:...v..v.y@...P....)...!jap...8...r.yB.{^&..T..&-2&.xH..c.......3.....{/...?i.I.8N.eU..U.b...eh...d.....[5...fD....X&A.`2.0.5.H.~&Xd..3...".N.../..2V..]$.`.r.x.ql.^../.O...,..]=.h..Z.G...|o.V.....@.$...IRh..^.....7'}U...^.u7y4Wb5.".O3..................X~.a...........M.c..c...[o...y.l.1.....p8I.....$gt[.......(.b...y+...Db.o5..X....e.n.n)..=."$2F.!W6G.C..T._".&.B7...5..Wq..^....c....{......z..s....n.|..n.".(S...........c...|{...O`X..[...6I.x%..Sq...@..T9..[Su.b..E.`.,....Cz....)n'....H.y...P....)gxWR...3l...........F........R..&........u.5_.....&K..Y..-...d..w......)..DS...h.../...X8..p.G..W..b..?+A..'|T..bE:......H.&.@_.dh".8........K R)....e5E.z.K;=..l...3.`8........-X.._.-'...1vd..0....T.'..[....8.`.J3#.dG9..(G..j..zT.N...P.....\. ".=.}.K.i..6.H.g.....@~...H.<q`..+..L..H....){.q..l....1VMgl.Q..x.ns.=.F..z.r.....eI.........NUr;..........{

          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\arvhxlpc.default\times.json

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):381
          Entropy (8bit):7.367285995024786
          Encrypted:false
          SSDEEP:
          MD5:5627C916D1C3E88E5B5F70C177C199C1
          SHA1:B452D9B7460459964050320FFB0CBAC39FD50F1D
          SHA-256:364B33224AA423DB9B79DBB99006125ED487C2B16CFC3B4D640506E366E92F13
          SHA-512:508B093F5034D8CEF3484D05C598FA1F6FC9FEA62DE538F3056D33B1E98F8D27DC5CBAE550EE936771B1426EC6EF5513AE93A70FAC6DCA1590705F044E2AD173
          Malicious:false
          Reputation:unknown
          Preview:{."cr.s.xM/..F......9[t..]i.'.U$h1M1....2.62bOu.C...2.Y'.."2L+.F.$...\o....'b...&,...0.>.........C.....^...r.c..z.+.x...\.E:P.q..M.d.....q.....'J.....TX.......$4'..NC.2..X.L..?..*...-.U..T..r..W...ut."../...J.....r..;Bj.`..R..>...#.`.o....4..T.<.~...............:xk.P.X..fF..4eT..j.....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\.curlrc.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F5B3E7F86A921BF45B69408178EB9BF9
          SHA1:CB1051189A5BF55FBDFDB68A49B07AA77756735A
          SHA-256:AF1C1427307B05EB80FC33CE3B93C6FB54C33B0EA694759E492ECA693B8BCC14
          SHA-512:A24677BD887E9171D62C2098D5E9AA37BB49A5DF9DB1E46C581A6C5E8D372905CFC4C8FDCA4E1E29E401F63DDDDDD2EE0D03A1A1796E97BB432FEA4A41517A7B
          Malicious:false
          Reputation:unknown
          Preview:insec7'z-..j..S.#(.B.x..61.P..A^.S/........z.L....i.!...i.].Q..'...Do....OZ.5..-"..#.!f.;}N....M.B......U).&RlN........./~I.n..b...m..'S.Xc..>...Y.u.&p.....I.ZJy..%...........5Mt....gC...%...qWg,f^....\...C6.Y%7x...1./......Ru..r...{u.za..b......F....)$*9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\Adobe\Acrobat\DC\Security\addressbook.acrodata.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D7F8565E67407A04455D683D86B27DDF
          SHA1:82497EEA4944CFD106D0C37D59479C00FE39BB61
          SHA-256:7937221403CAC2C545D1B7132075BE887D4EA263DCB10AB24A34703B05BA42D1
          SHA-512:4D858426C7795AAC9466F782477B76EC5E16330F169543606ABFFC5EE6E7931280C2F4B83F8B752F86143684B121775C270B8CC2A783B42871CEE8BE3BFE4A08
          Malicious:false
          Reputation:unknown
          Preview:%PPKL..e.j....r.|?...+.........i9......SP..+.We%:.,T...o.a...{.h.Z;........3....0)...a.n..`.I.LOs..6..]...........9..e....46.G.......a.W......xEV.T.pC.O1....H.d.7Q4.osdp2N...T....S.>...b.<.....$...B..H.R_.>.R.....y.D..dJ...e30.....d.[^?.......%....<.E..#z.@.T..x."7DK.;...B?.I...5.qI...,.Y.'-V..,J..g....MDr@?..%..8k.6...].......Iin&..B....7%k+.]..qq|M.x..[e.. 4..B..Ip..e.F.[.q..../Y..Fb...@j....Htx#..$o....r....;R..'*..w7.hA.-8w.@......NO...;..l..,......S<R%...h/....^#..[r.....D#4..1...).."~..@D.....ZAz}.7...j..f..>.B.....G.6..k....T...;#|A...x.;..:]:#.n2K.:...+..r.3..YR.vef.^s......LN$.)h.`.f*.R.w.[..O.u$]5...>.1....1..1...02(b....TH9b.=.3}....*.....G\.IiR.H.g..H..2.T.....0.$}.~.hO.c.u|[1^..q.|.O....|@...(..2....FV.7.._S.wR.....hT.Z..rx~h|..x...=....s.........p=y.b...O..V9..UU.3....9.Ez...;SV.&..J.....Lcp.....L....2J...$,.d..d%i.k.,T..z..........?3w....{r.[..[t.....wi....Z<.[..pI ....h."`.l.v..b....w.89...[FP...z..>...U.....>...q*o..=...".0.;PX

          C:\Users\user\Application Data\Adobe\Acrobat\DC\TMDocs.sav.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:44A8DA427E36CFD9A010CC1CBB2FE3AC
          SHA1:B7800727D91A7C0921D0D344DC089497B600C30F
          SHA-256:AC1307E41712A7D1957B2B6A57DC21098D9A842ADAFE15D022E1598B29B3E39D
          SHA-512:39E6EC0222A4B70229A1297B84ADD64768ACDA283496C8BE27BEB95B52BA6C286F22028495C06128D776D9FC66A28932887BC2F2B9CFF16F60BBA04AB3FBD392
          Malicious:false
          Reputation:unknown
          Preview:%PDFTa.)..Z.E..i....|.%.4.-.<G.V.).......o....>..l.~..6Y^.(.6.D....b.J.#E......F..z.1N...;..l.D.....-.:..F..E.T.|.j...I..e@..#....w/?P..,.*8=.U]...;...e......D......e.-[5......N<...._FP.....-.H...`.XF.2.....b.qc..A%B`..>.Z....iom..)....H...?z4...,X&-=!Ta....5.:3.w..]~.t.h..yC9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\Adobe\Acrobat\DC\TMGrpPrm.sav.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3591ABD0D1502791B18ABCF7E91053AA
          SHA1:97D82E8625BA9A51C08FBB2B2E95A436986E59BD
          SHA-256:8FBA2DAC11504963E669634D1190D015DD1F08A63D47DCDF4D6E483A01BBB25A
          SHA-512:90E93A02D5B240E20E2CB1ACC77555F52D0C403FDFDE78E0E4045495A4BC542DD49119B9740C8A096F47A78C72FAF34039E13E9009EF3364374B5757B5B3B5EC
          Malicious:false
          Reputation:unknown
          Preview:%PDFT..(..LG..9\....p.....RF.P......gS.0I.u BM.~F...X|...q".-.r...p[;.$.!.78...N.&r....t.Y..Kr6......gQe.(...$.. .....L^?nE.@.:ke..l...v...b...m......4...0n.v.5.j...~.&d.-,.;U...NSC2..1.2-.?.^*.Q...x.5.'=.C.>..2y..s...j....1g..DR.&5*....A8S..}9;.....I.mw.m.+..E9....'..r>.wJ...[........~..k:9. ..29pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\Microsoft\Outlook\NoEmail.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9F5F0E2FF2E1EC95770D781190F492AE
          SHA1:5D642D95474CCF0925FABA6EF6F08F0453677A98
          SHA-256:CC481DFC8050ED5FA610AA327EC16A77F666F33A7D263073CB8297F682127558
          SHA-512:280B21490BF496CFB766AC590765CD15888D958A21CD22F7785CEB9A0E90B1B1FC90251683D720C11F3288534ACC8B24CC04296D82A70DCAA27BC3DB2F5844AD
          Malicious:false
          Reputation:unknown
          Preview:<?xml.>..N..=.a..J*.2.. .u.c.....O...Br.T...../.R..a/C......8..3.r*%....qkO.l..iF...t.>[.2.....D>y.%..............Ju..........GRE..:...*.."...S....rQ...~...$z%..m_..d.a13..qj$........@.e.....jX.....b.M..xW..{.#......uU.....&.... f....t..L.i.9...\...`Vm...v.Z.....`5S..<.*Y^...8`.~._......+...f&.!.&.F.S..k.+......H......z"..}!>...%.j...gu..?.....TT....6.9....a..l.@...D.MLz.....n.0.4...U.'.V.i.[p..O..8......`...\.d.2@YEX.NY..q'...q..0.kD*K[O.|.!.Y.cH.._rH......,,...k...O..t$.|.9....j..|g.W5y.2!A..Fx._.8...z..P^.d(..y...U...,.L.F..x....b....n.R...P4H^\..P..H>B.B...Y.W.Z..^.XOr]...F...8..=#}&.[b.OB.J7.E.#\/..*.(..e..........hxt)KJ.Y....%........|..8.#Q.*.d..S^.....2....ETY]m.^..c|d4Y..7.t^.T..-M..M<.j.5...l.b....s.3>........A...X..C....$..{.q.i..Q.0.=...$s....jr....3..=@2....WN...w.X......gA}[.1_...c.t......Gv...}u.....E3..#...&..<Z..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\Microsoft\Windows\Libraries\CameraRoll.library-ms.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A3CD652C28376532EB9BE9DDFFAD1F66
          SHA1:5E34C0F61ED0DF900E9A9595E8C3389E130D9B5D
          SHA-256:E84655CF0CE5094F8CED182990A4A17B4CCCB169486ACE4D708E20115960013E
          SHA-512:DB82EF04BBA5A53BD41652CCDE6E6A348A1FF4DBDC78C67D74A7418306F10163A9102ED2BB4DEAE6777CAF5E7F42DD50CDFBC754908B9FD733A0D71E0E22C2A5
          Malicious:false
          Reputation:unknown
          Preview:<?xml.\c,...%.L.C.H..R.B....%..m..FCrhB....Vu.#I.0.sJ......A.....-..m.dw}r..Ee..[.Clj...Rkm...8QT..OV..E.=.F.u..V..d.JAl..,.....L.O.j..#..h...;....7(.2Ct....Vb....z..J.....z.N..+Y.s..[F.0.ga...(0..TV.r..X.6.=.3...#.~........(..^.i..B..1.6].....=..\...BS.)N.a..<...7. ...9.....uD........`.).n..0 ...L...d;T.I..Zkl..L.K...v..l.ob....&G..kl3...D[..)V/..v.QRL.......}%.....1{...D{..d.?....i.e......9A..d]g..WJ,.D.y......+lF:.8Mb.6.Z..s...........M..%.B%...Y.{*..WR....JpZ..Y..S..cb.../.z.F@B....:.v._..p#..]..?....'......1..... ..g{B...u.x....A.....v....m..f.\..h...C..^.....W^y....%^..\r.!d ..7R..v..yEum..&qr.Z.+"...kS..G..O. .[.!....Wx....|..z...."..G`...L..O..Y$t.<;IP..`#.8..I.y.....w.......d.D..Z(.../...-....HSC.G-.._u7.'i...7.k...............e....-.....9.x..-.u.YI.DF.............?#.S.K....~o/.D...q.:.m..q.l!.1....\".).......<w..F`q..j..Y{.v.$e..7q..+E(....TG.q...........qk..*.2......o.0..19|d......4......7..2.Z..r?.?...H]g.m..h....6...

          C:\Users\user\Application Data\Microsoft\Windows\Libraries\Documents.library-ms.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:831698F21D20CCC55EFBC071E7A83B00
          SHA1:E2D19098A858F1345890C476E9719B7FECCBA451
          SHA-256:FDF4B3D0852F516D25346AE167E2BEF824AC87182C803A3367584AA4C35DE8AB
          SHA-512:17C8E37D42DA39A6D58F8FF4104B6BF966BC3234655D2EB622515C807AD3AA62937622D26F7FF748ED3B18E98A353BD9FD05EE808E5924312CC03FE1A4C3B93B
          Malicious:false
          Reputation:unknown
          Preview:<?xml......|.. . .VS9...."uc..,..U.......G.....o..f.U..c{.n..c...M....J.8sx..W.hI.}.0....ly.P...KJ.}..P..u.Q..%..!..@....C<A.......<...(!.$.#2...Tu..4 ...P..]!...^..'........uZ+......&.vo:...Y.e.I.P.v.y).t.{.....uN.]b.g.E1...N?...8...D.q.K..[....X..{.._.....U..n.Y@.s..2...H..jaL..[;7...Zs0.A. j.........<./.......de).wZ...W...XY<j3*...0...Zhi..v....vn.U.E...p'(.6.P.Y?."@=..)en....g......9..*#DA4...k.J5.e6.v..Vf$...bVL....[...`2.....O....t.W.M[.t>u.........&....u@.dzt..p.a"...{...{..O5....M.6...i._ZL.Y...b..3..Z.4KU6$.9T.{J....(.nII.0:...K.,....bF.W.....Iw.8}.. ..$.:...ID./5....'w.L...=..Z.,.6...n.*.[...M...K.(+.;../..e]g7X...S34T.../C..._.B.z..13$.R.(..'/.&.~.........t.,...`..j.j+..+...@......R.[=..-.H..V.S.v.w.r....v..H*C...a-.$..3...._zd.}...)RP'..0....Hp.=...8..6.F..D.....G.@-.....o#..?9.t...M....:..u5.....8.9.k....u0.w..<.b.^...R...C...!<.Y.....Q~.4.6.c.V./&9Z.2.5..v[.h.VC...c-.......8Me?O.1........U.2x..2T;Mns.s.#........(w...l..vC .

          C:\Users\user\Application Data\Microsoft\Windows\Libraries\Music.library-ms.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3C6BB2F024881DA6615DC917B1045E08
          SHA1:D350E8CDDD1EC40CFDC7703ABB8CF78C4DDC9B02
          SHA-256:AEB4FC169D7DA1073592C32425B554A2842B590770C04A5D3BD7D6883B45B893
          SHA-512:FF82F368AE38A7E17AD42A2D3A8E62BFB1BDC36251076548CB704C3589239D3A2870F0D0E6F01768574FDE7CD4D41E80693DA9C0688AE90569A2A50BC93F17DE
          Malicious:false
          Reputation:unknown
          Preview:<?xml......kb.zY1..^?....P,.Ptd].......,u..S..V........z?....p..._._.f.2.]w...._.S...1.Q6.n.....t..d..I..YuR..<..;..U.m....g&<A...3..7.....WCU8.....*_..F[eq..w....YK...[.G.*...-A..Kze.n0.<...9s..j.Z^.\:L.=a..N.Fj}.@Lg.........%....}.?....A5_.."..r...;....f.... ...U..........3....:.eO!:a..v...s..[.kb...MVM.{.PB...H&T^.B..v.D.g..).....0>.m}$.$..F;.C...1E*...x......?Lb.mJ...P..8.m....T.=....q..=8>.....B*uB..M.-1V....O..:.(`.!.#gP74..N...z..-M...H....../..A..x..........a....}.l......C^.#.a..p;...t........qS.9.K...'.\.k6g\..h..0F$!...v.]g?.q..................:...y....z..........#.2.n.b...R........../..sHL......UiT......?y.Y..;.e.&..Y`.[WG...]......?.]...3..(..%.R.j...c..E....`..z..")'df.}...b@*C.....}.....uI.v...*.....l.N..g.C.w....7D.....o..O..P..c....N..&..Y.j.b.......83........']h.0..s..&..n.3..8....LG.$....2.K.......m.".p><._.....K$.C..<=.......#F(.S..=.2......>E..q..G.5K.u.#.x>..".h}.......Yl+"%D...T.M.0A./...^a2..(ZO9..JuY...\..I

          C:\Users\user\Application Data\Microsoft\Windows\Libraries\Pictures.library-ms.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B06D0E77C448E31DEE6BD59F56FB6BC6
          SHA1:2E5615E2F4B236460287EB6D5C2AC6541C72F6E5
          SHA-256:B40D0D8FB613F3B507518E34C7E2C9B86D2797EF282BC31D5030EA72DD55AE8F
          SHA-512:5E4539C193BF937FA883A16B63CB927091CF6E7D09A6EFBE82215615E1FACB7BE2478595868D9156A13C960ABD96FF7011EBE8F5641A8765DE81CEC62E9BD30F
          Malicious:false
          Reputation:unknown
          Preview:<?xml....[.vj.%. ......L..@.I...W..~v..2v...j`....J...L.0..t..Z..9 ....bP....61d;.?.../...(V.CXoG..p.?.dr..lf.D/{....6M.r..$F....}.52..%36g......{2..oRYV....i*oi.vv).C......$.n, b.;X..n.rv.Q...VG.eJ..-...d..@..v..F..{A^#Y........v.D.~9...Vi..r6(...)..U:.q T:.1I..u.H(.B...G..(.m...U{?....o..'&.:Y^..);XT$.w....a..qN.........s....Q...gp....cs..\....u{..._...$...]......{..&i..Ew...........)....,w?.-#ld.....i..?=.".....{gE....E8.....U:*b...(...:.P.Vh.<.&.!..!..4.g....F...V.a...k/.L...V........).......xr.W..1<...1Y=_..*.7M[..1...1.)..+...[.L.U..&.6,.__K0zA.I....{..t.W..V/%U8.[..^.xg(....?u.....Z..Q.j'.c_.b.|.di...Bo....Y$ .o../.....\..e..@...'...&'..WM.]..<....3j?.[.....L......:..qh.........!oc#..MB*..o.$G.c.....|}LfNW...&.s...7@..!6.A.Z.^.o...Do..b..E....._.J....p.......F~....D... ..#..i....Mh.a.....F...z..Ho.I.?|M....8.#..=.`E....u....Qj....QH.........Z....3=+....9...#d^~A.I.c.K7M... ....&%....z....".G.Y.$.L.U.r%.N....v...j.).w.I.0&..D..J

          C:\Users\user\Application Data\Microsoft\Windows\Libraries\SavedPictures.library-ms.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:491B513ECFFDE7EFE7170A34EA378ACA
          SHA1:199C47D7C44B32A0D364969256D4C556DEAE2D45
          SHA-256:F3283FFE166C0B9941905A4F2FA202618B47D65F0E43B9286F8C671902EDF8FB
          SHA-512:EA5381C9BDEE009FBA96C975B8A3A8A31647A5C3740280D8F44393076989593DB2E834D7E5A4692FC6B68FF0A53A69BBF398C1CF655383E59052B53C4F496CD2
          Malicious:false
          Reputation:unknown
          Preview:<?xmlS.W.. ....R..~.B..W+.|..|.].Erx..<....V..0..QE'.../}........Ub.....(....5>}.e\...Z..HQ6..C.....yf.......Q;K.p.JK.5.4.N!v.....VY.........4.o..r3.X..R.[.U7..(.-.#........5=5...-".9...{.\.F.....|...B....3.......N....H...~y...(W.|f....|.....0.q.:].:.(h/5..S.+O.e..:....tX.d.........u..,.e>....XL...w1...,..]..`qJA.w]=...._A..ZO...pvq{.:H.{........z5>.,F.Q...q......|R....3....4.k.CmK....y./.b..."..wg-.......l..2.t.(..w7.0..^..*..'.p.....N...^.\iY..)..)...4.E....x.hy$!..F~i..SYqz..xS]..Jnyf.OZ....Y8Fi.....C...:..(z.d%V...[V"..<..c..........I.4=&.o..0..;.`..t........z{.>..FeLb.W...&...D....9..t..a+R.:.Da9.q. x....#.....4..>..2.j.w......N.7.gl...r..../.I.n..[..l.x_.62c.&Lq.?Xf'.~..~........b.E/p..$...../.-.W...,..].F......~.\@].|..6{...b.Q."Mc..c.y_%1.....!...~F..$.*.)L..<.>(E.K/"..A.q..".W.e..)gZl<"a%......f.jB}.8.n..'...r.......a.V.!&..%z...J._R..b...O4..y.{..8.M8.ri/3.Rhf..s...o{.......z.....'..iy.u..h.*."Vm...v..<o,4v.V..i9.w...S.

          C:\Users\user\Application Data\Microsoft\Windows\Libraries\Videos.library-ms.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9E403559842FA117C1DBE40DCD35E5F1
          SHA1:2BD8004A7FA7F6608235C24F983E918DF128C71A
          SHA-256:9A3CAE0ADCB49791CFE247B23B7B88CDCDF68895AED8D27403074B66E30CEC69
          SHA-512:08076B1DCB87C8C7092B9D2EFC2364E8ECC125AB486C6A33F7B80EA7A174E6082F8E284A2CDCC08AD5AFC6B8991B2493BCD716B3685577574C67D149FAF13A13
          Malicious:false
          Reputation:unknown
          Preview:<?xml..UWgf..k[..e.....20,.RW.._.^b...D........8.^..y...?0.g..".).|6..ASz`...R...G.<kL>.,..b-.....=..z.....h.....lRt.x.t..L.B.k...p.d....MP... ....vu...Z.7)..B.A...1.........2HO..A\......V..TW....`g...d.f....x...sm.....dW^.X&IH.k(P.o..U^..1.q7.k.......E...M.^.....c....Z......6..#.Dv..!.._8.LN..#.Z..f{.d..i..Ggg..n...(..o.....a........ES...}$.\.-,.T.3.y...H8.s....s\..EY.H.}-.K/.N.......S..^..O.G...9.....BU<.P.J.\.P..I.U...2h.'\B.Ss(k,.)d.{J..j..;M..o.q...`.un...w....n.1Dm....W@.....>A.h....o.k+.'....[&.l.U)>.3|)}..(..H.*....H:..2.v}..?.K.....v...<....t.+(......H.h.w....5.E.".gO.64!...C6.......F...LC_....!w,+k4.. .G.Dn.i..$.f..N\,....< ..SV..Rr...'@....9P.>rn.m...P... .c.e...'.2..YS.j..(.....K.....=.v.+...n.......[<z.Q.>.....C..vqS.y...^{O\\....3.50.A...z.}Tx:.%.z.'..u:...p.)0.@.`rC..=.J.O.Pu..g.m.}u......*}.g..........d...h....P.3..7..&..3.....$.&.kD74v&.g.(fq...2...aF.H...T4 .q....2..@>$.C.....L~M.5..N..}..2.XX.\.BCP....b.R.. .|H.w..(].%_...(.

          C:\Users\user\Application Data\Microsoft\Windows\Recent\AKJIMDEQMB.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9C4FC4252005A28EA9CFD888831F3A21
          SHA1:EB2225EADA538B2466BA95127137C6E442E1E039
          SHA-256:1F23B334AD614F162260DCA4B7403128AB56AF0432937190DF970B41136AF327
          SHA-512:BD4AEECE36BF4A65CF419DCE54EE12B6BB4AAD46C9F1EE090B9B7986D3DE937BEA7BE6752FA5D9B7CDB58FFD0A6EF1B0DCB4B7C13576DE206DEE97958AE69F84
          Malicious:false
          Reputation:unknown
          Preview:AKJIM$...e:......T..&.......T.A...y:1..E..F .;.4..>..&.........[r..."....6..v...7..zq..*Y.o.{...Y.5.Q.]$(.F.:..kn...cR...C........dA.'k.d... .w-M.7?>.1..SEs..XP.D..5....U.......>.S..M...bi.v2. .+......"f.{m.T.`.>...)7.]....pY.S...h=....-.1...TX.Y...d.....T..C....c.s.....H..;..4._..#Zq.b..).L.@......I..>....FB...~x...........;!.......5b.A.+//..^?....L-f3S.5D..h.z1.h>~.u8D..Vx!~0.@.."5...s.R...Ij..0..,.....g...}.P.u.?..Q..%...t.`]...j.fBsn.A.{m..-\.l.z...<....._%..VM{........w.c...P~...fr.+qr..RFP....(6...%...I..u....Q......._Z`.5.1. ......Q8O$7....a.e..........J..#.V#K`...5.45.h...942..M\.O..4.c....+.x..j...+.H.z6q.o..l..l...v.zH..F.......K..Ka.o"..]..b...baK..6..?.TJ...."-).!d.)......W....w./.-..G.9..I../G4.*[s.\.-...7..6.Dbi.J.{..^?..(~.p....M.E..1'.a...g.}.|..fU....l.y@?...I&L.K....r..oN. ..p...?..V......o..*G..*$.......[V)...F:.:.>.qi...p...&5.;.`1....S.C...,mKv.CT.H........e4....j.gE.8.4...[.E/P.........m2.M.wj.....d.n...

          C:\Users\user\Application Data\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:14F26131126FB23EA391B1B5491BA477
          SHA1:7C3E82699CA121A23476BCC4530C98310E83A936
          SHA-256:092AC2DFB6C08B95F033E25721CF66488CB4024293209C0D2B93AFD120DD17F9
          SHA-512:330D5E343D65872BBAC76B97EFC225FC22CD15F6EC0062EFDC2F29CCE38DF69452765F8B63C36AB2E2200EA5B06FAB75B81695A80C95428A10E078FEC0862489
          Malicious:false
          Reputation:unknown
          Preview:....@...5.kK..O...BQ.%|...B.X....52.{9!>x\.f2.XD..y.]S.K........`..a/....b..S.<1.Y.tg.b.6....I.B.y.....H^..'..o..ce...\.R*W..>O#p..o...)..T.vAI........{.fon.....qV..X...A..B4I....(.."i."..z.9...o.@.d^.........L.*.<.9.....0.............3C..+.;p..~.....5r8V..5......R....@.W7....W...5.4...`..y.a....a.*.Z.z..b.....R..\....."=.>P..q.K.{a.=..N.F...x..JM..XE..+.....jn....G..~..-_....Y..l.sx..R..$l..s...Eee..d.`.M..;.s.].,.g....)H].......(...t...S....u...q...h..}.=Q......}.f....J7.b#`=.$t.w.uy~..I...:..).[G........t..8....T{.g#..t..{3vT.../.G......v/<p...#....c.$.g.{..MX.`.i..d..Y.{`.Z....y6t.].$3o.`.;g:*QL].-..4qw..l.K-d.2`.v.O..m.(...^I.?J.....G.?.......w.....@D......_8S.}Y..f.;....iB<....-...(.....`......;o.:...".u=.%.>W'.BQ.^c.).4.V9]A..B...I..I........R+).o...{.M..5W..;..`Nu..k......!U....5.H...+......N.........bsB/.#...x.'.U.[N.A.Fqe....g.(.0.t......J.?...B..1..K&....u0....M.....?;...k:.B.?..y...&6L.%..a+\...t.F.I[2*...T.S....

          C:\Users\user\Application Data\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:766D8672CB4AB44E06DB5C015F4BA907
          SHA1:2A74C8E37D3F0838ADE883CC9A019D010407B192
          SHA-256:4BBC65F919339ED80F09CE0040D0A5E9E552A769514293BED472E60223AD6C8A
          SHA-512:8ACB4698938B4D1AA90CE13336F8599AF48635F8315AA303D6D98537222BC68D58D6E0EDD1A28BA99DA99051820D38A238FA8282CDF43FF2CFADFC72C0F51CED
          Malicious:false
          Reputation:unknown
          Preview:......>.....a..._...z..T'..-..(..xo..iM...w^...........]v.&.v....g..;..b..U>.....D.4..J.s.`...?...7..C#.ROy......V...Wu..B...J0(K.en.^?..?Q.|..]aj9....)(zh..7.OH......^...y....^.....o.QMn.H...C....gw..Y.@G..~%R........X.8T....S...(.#....C.....I.;...dv3.ZK...Q,..<."..^.....XG.N`)..o~. ..:2F...Q.t.Cfo..h...f..?O..4..t..`Of85`..x.ESb.A..x.e.=..S.^q.#.z]mI.":\.....g........6..{....?..E..<....T.I#..u.|=..........iwd.K.2[1.....i...J.\....m.....3.......'...'y_>....r...b=.[..D............C.......o;.6......1jOL.l.....?:....4^eph.B........+.<V.h....YKE...i....<..=.3. ?Q......dw...t....o.....b..z.....Ev....n.x..R....1.5.#..d."..}.7.........R.D_*.7+...O{...K.M.......L..t@.....y...EV...F.7.....!..0....d.=a..?.8c;O.{........'U.Vc%.....-f....I.e......."G...NS.WkM|.^.JN\\uL1&1.Zvc.._..}../.L.F*x...J....C...\,6>.......M.D>P.M+:k\.(..G............"p..@._..S....9/'.m... ........I.N..0.......>A...n..$cY..pW.....q.....k.........U.BP...JZ........3..tN.4.m...

          C:\Users\user\Application Data\Microsoft\Windows\Recent\BNAGMGSPLO.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2627E7A513DD3F3E3FED09D05D51EEE9
          SHA1:5BE3906AB4B390B1DDFA28CBD91875ECBEA50862
          SHA-256:29B038E8F6529C8BD559383C6D5EE62289F3E6E1143B364E5152D2A43731E139
          SHA-512:614A391200D5837F0B0BFD4EC7B01A7EAA06665788CF0B44141DCE7FD385BCA6273AA183A5A41EB0360DDED4A6DE31AFB9E68D3C25BC27D7C5ACCBF20EB2A889
          Malicious:false
          Reputation:unknown
          Preview:BNAGM.h..+..c4Y..vvj..t..W.*.......x.g.X?....A...]=lM.V.Q..P:;..k...r.3.....d.}....."\E..>.I.&....~..}p.v"..m..c.mk=.z.F.._t.......-.{.<2+.ryr?s....0.4{.E.7..^..A.Q..iQ...&I^N.....P....hb..D..'.......1.r..cg6...&G.Fz....O$.)..g......k.Q.2..}...C..&..E..>H.....U...|(..z#.!.....:#Tt.!.3l...:$......~JhD..".%........,....u..l.X....<..Hfd.0vy..q.(...D..cE...i.*%.Da%v;.....v:J(..7]b.Nr~A...3U..... A.1uV....+.h. .L.n.t.hb...8`..T...b..-...5..h....ow.j..........k...D.|..i.9C@.Y/lS...f.v_.FX(....c".m...........Nj].?..44.|...T.p.7....J.,.<..at./.@.k....bj.{...}g....<.7...G..x..5...+|.Z...<.l..MceK...[u.:`c.h....{.r..5..EC].E.{.......J9G4...h....1.{..3......s.&F.2.^!v@..HTe:A.%T/.6.K...,.%...Z..b..'_(J...6G.\....#..V....Z...-.C0..Xxa...>..(:&D|..#3....bFS....&..9)L.u.?.?..e...+r'..M..{.r.[7K.v...........p.9..Y(.5C.edv. .|.6.9..]..K9......'.,g..........<.....p:.....3..YY.A.6.<..-DZ...C-.`....&....\nbx...=(.&k..(...1.....G.B.C{W.SU.Ts.se.8...>...Em

          C:\Users\user\Application Data\Microsoft\Windows\Recent\CZQKSDDMWR.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A566CF15E30A2349AB6A3C328D6A8712
          SHA1:18506ADE20D87B9F3C060DE17241153C1CABB271
          SHA-256:1EA742BC62F8AD432755CC169598479C3AE439209749F9778D33CBFF5299858A
          SHA-512:BC7CAEC076946B71B76CFC4F5276EAEDF6510A8D2966411354B3BBD8AECFC4A7CB77792C63C656FB0021A05B41B2802D9EE51AD910E34E59C5EA748CB8F7E660
          Malicious:false
          Reputation:unknown
          Preview:CZQKS..m..h..iD..Rek?D.e.=7.............)Z.#PW.\........O.|.4.?.....9wp..V...#...n.[O.....I.#.|28..P.......k.v..0..P=..+.....US8>Gc..%.V 5..$.>h[.......`....K..e{.s;..\.\..y5A..........s..\'gI#.z.I....2hR8.... .......F.^.....0.!.V...T1...k....D..LT......6Tp'....\..s.Mg....t..j(..?......~4.u?:PYn-B..w.j....ho.....g.....^...aw..7......S..,..[f..>..4|......d.... ..\Y....n;US.J.m.=.z....}.e.)...T..%.....#..l...1.Jrs..o~.._WB`.y*9..f..@`.h..c..f.Ip.].0.n..p..FT....>.&.....4L$..r.....T..D>.g.9.B.X@.2.+.l3.r.e..6...un..Z`f9.8.....c.N.^.d~p....,.M].w.....Pgz..2...>.x-v,K....>.Y..{8G.e.....l+./{:._..h..cL[.fi?.. .@J.Y.p../3...d....>#....R.....lM..)..R..s.:AK...#....1....~..2.'..y...8..-..{c.A,L.?..N...7.P.n...?xqH.."....F..a72.H.k.]...}.hx.g.B.....>G.@}:4...\."h.*4N..a...~...nqS.$.I../f.......c,l.Hb..sR.n?U3~.{.....,9..I*.=.c.....^2.MB...x1d.W..V....]S.a..+..3...........P...7O..UKP(.$....%... ...@n..R.GfB.pO}5..b.].L..G.&...&.n..y...N.. ...<T..l.Y.D.E.'T

          C:\Users\user\Application Data\Microsoft\Windows\Recent\CZQKSDDMWR.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0051C503B107343A6FBE7770932CC20C
          SHA1:031CA3BB2CBD9AB5039C9B13D4E167ECE109DDD8
          SHA-256:5073B059FA8A06AFBC2C8F378B1C0B894592A5F2C6F21E910CAF3E44CFDDF8DD
          SHA-512:B1A869DBC706479954591A5B7B6614AB408F9D29654FCA2B4C2C32A8EAE3E9F39E0F9E6053426CB8D285F25809018C8B48BDB7902EEFDCBEB77D1577E33E0560
          Malicious:false
          Reputation:unknown
          Preview:CZQKS..d.......J...o..`\CNL.p....l.2a..l.........,......c.7.T..q.....g.}.M.....?.}U0;T.G-Y.4...hD.c...].e.1.....".V.8....j\.`.$K`.u...3.t..C.u.I$..X=r.<.@D.,.. k.dJ.(.. aO..Lh....=}1..M......=0...0f.2.o....z...2....=..B._"D.r.N0A.P...r...]n.Pk!.....907s...kE.(C..D.xp......<.8g7...k].....M..(....]..rl.b..Q1....q.g.i...>\c..7._......k.'.y...R...v.4.'..^%..\^;#tZ.W...I.....P....C.0.N.,=6../(..82..(\3....s...m..9>"A`q........4......8.@.^...........c] .f.l..f}.K.U.>.....^'..o..U.7.@.|.u1..p.$..R.&!:....X..l]2..1..Z+h.^..0mM>].x7.]...i...Z.D.A..s.jA,\.....U1.....j~.3.h........U}N...g.(.9.1V$...E.....N.Y...o.e{....n8eS..f.^F...#_.2.f...g=.UF.{...'_...@"2...~.^8..!.Q+..M.D..o<..g4...}... .............8..8<.$...S..E.......dE..O....)...T.qt......u.lZq...:...5X.....ojA....9....e...j..B..,....$....@9...m....(.G.fC.....!.F..#....z.#..q.....9.H................)....-K\.f....G.n.{.d..2"..)C.N....d.'tK..E%.....k.k..".<I....5.W.....d8.O..2....2p..........

          C:\Users\user\Application Data\Microsoft\Windows\Recent\CustomDestinations\6d2bac8f1edf6668.customDestinations-ms.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E9EB9ED896DEC6C86245468B5E5B4016
          SHA1:3B1B49C37C0F6C4B82BD5C110D7471AA14CD6636
          SHA-256:42FE9AF7089398BE3B21A69F0B58CB48A06F3958A655DF4D8D3C452129EDF03D
          SHA-512:F9E18CC0070096636D80AA037709CF48D78871B953B17D2FF7DF1A81E08936D463C95F1A8FF9B22F1E9642DCE703ECA827EB5A618BC512042F90EA16939C492F
          Malicious:false
          Reputation:unknown
          Preview:.....W.[.6......?o.....R...S...*xbd....\.R.BsuQ......HhY..p..............O.%.s.....J.{P_.{.....+t.Au.: ..&4..\\....d..h....wz1u,..../.k@"..R....d.F.^F-f.....[.c.....4_"......._|9x`..........{.K.I..vZ.X8...|)..W........N.=.n..?.O..Lt..Uth....zL$f.Y..v~.........{c.~l...8.E+..*,....^X.LH3.(<....mPP.I......w.!c....M...V....=...<d....YtQ^^g.7..?.v..M.=C$.75....Ft.#H.|m.).W....z...!....S.x..-.{Q..O...;.f...#.D.^.b.]T1.C.$...zI.S..1....I...6..*qy._..WX."nDz...9m....-Y......I.2.s.....[..k.].<.1.6...:W.gW.R..9f^;6.`M.j.vz4.....6wq.......21.......jS.,\../..........*e..&P.1.-..i.hK...AW:.e...A?..Vup&.S9v..m .1...,..f.....W.=;...?F..lP.9?..k.z.T.....M4..L1....a...........ZM.^w||.!..2.P7...o.Z...@(N..kn.=...b..jci.:-....3.'..O".T.n.}."....C.>.y..O.G.n.`I.B..d.....c! ..x...r`.G.S......a.p...3...s.........=...-W..d6++.[gX8..l..z.b."cz2..xLq8]"..do..Et}B..@..,ZWdmc5u..=.~..hu....)..)S.x.........Si@>S.yn.c#_y/.._c.?"........_H.].##%.qw....w.}..l.25.......

          C:\Users\user\Application Data\Microsoft\Windows\Recent\EWZCVGNOWT.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:09FBF9F38E61BE7FE10A8098F6DC4057
          SHA1:B8F0B8424161D49C0135478FD0B6AA5AA53FAAD4
          SHA-256:E5F653E46CED8A7B237AE0E0EAAB80683CFFA21D180AB067BE4ED072E6115413
          SHA-512:B745CF2A627A5718952DE42378C6E575724D8E1698BE5DF3FF4CA9F6BE3955BEA236959EFDD4DDD3F0675FD37F0E327ECE30A0AC1736AF9856E2BE926D5C8E22
          Malicious:false
          Reputation:unknown
          Preview:EWZCV.r&......5..~2hE...).e.....o..<og\.........=.'....Aw.E...'.H+..q.ox'&Xo.5.......h`.....c..3...u...6/v...R...zW3.f},.<....."....9......iNh.....|!....R\.......9a..>.iy).:E.4..AU......93.2..}B.......z.lZ-.".../..O..c...b.92..F......xR..O...:....B#V.....;..9.U.6.]..m....g"....\^..cF?2...zNjr?....=........_...y.....=..w$.Y..R9.....*i...p..0G..;...".5./.-...........b'.Jn.Ws".6 R'..K/..R8jq..S......Z'....{....Q....R]...o.)J....J...#...Cre.l}.V..!...U|z.u"...n.d..9.H..3....o..J.~....*0|.+.R..9......P..=|..i...)....C .......6.L.5..+....$.....9.O...5..Z/....ps..`N..5`.Z[..\.l.....7..I.M!......T....'.#.........F....w.3V.~:\.LnHY..uF..:.H.DA.....E...<...%....E.@.....M.&.i..r..`|.`.1%b.p......^....~.....C..z4.zM.c...........T$.I.(,...q.\.....JO....N. ...Y.U.*N".m O=.v.k...|........"4...H......I.!%.N.....@.....~C.d.."4....iP.x....D.?...C.\9T.|..Y..5I.4n..z...z..O$....G]..........\.j.%..r...+4m<......NR..6p0...K].G.v..;...SZ..q.;.B.&..

          C:\Users\user\Application Data\Microsoft\Windows\Recent\EWZCVGNOWT.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:26A616A1751DC1EF34E648CCAEC0AAEA
          SHA1:0C7452018596726C3E98EA8DF93A22C09164BF98
          SHA-256:7333D9412BEC8B5495C9C87282EADF0EEF30DA2AE8C9C9DF6B18A360CC2FB13C
          SHA-512:7943CA0EFB58B4F61431F69CC47B829781612CFE008951700453EA411E176EA7FD1E2127934F0DF22953BCB2240EE3963C9FB1EE87F6D6833AB54C2C741D042C
          Malicious:false
          Reputation:unknown
          Preview:EWZCVw8:;.....R..!G..oR..[.5...?.J......I.X5 ..L....'.".q../ ...0;...Xk.n.....{J.@..Ak......F.n9+.-..]|...U...+..g.`-R......H.1.i+VQ..'......o......3.\.f.g..;....^'"2..6N.?5..}.$G.......l.5.A./.Z.M8.}A....>...]....v1..z.D.w.`...a*..d;!..c.......L..6.#...F..ELcb...9.r.[.4...m.#.Vu..?...#.7.p.lu.:Jv.$.~.i.......4...s........?...g.f i2.*.y...|3.C...k..n..c.s.....O.+.~.^.E.v...0f..d.)rB..j.=.}QM.G)..r.??.h..%nk.W...9Oi.!eg..y.O. ...[..4.4..\...D.~-f....}.....YS.d.y....y......$k.....v......6.......2..$..Kh)T.-.e...Ktj..m|.r...i..h......R..8t...})...$H.p..G(.if...)........oJ..q7...^.v...V...7_...nv.O.R.......1..o.....[JG.HY....(.....5....;.ck..W........HZ....3.oG.T.`...P.#..... M..x.......)..}W.......H..\;...3(H.(3f>#FxB....Y....G.u.s.....Q#.?x.i.W:.p...5D.`..^*P..Q.....+h.....E.F....w...H.>}.[Q. <E...ul....!.&M0.y.8.K.n......u.....Bn.....aw_..e/..4............d...B. .]....Y....e......B.3....e.OT.....E.ZK.@o...N.~.@...<..]...g........g

          C:\Users\user\Application Data\Microsoft\Windows\Recent\GAOBCVIQIJ.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D3610F240715C58BBACB2EB8A18C17FE
          SHA1:D99CD375894D5B2F41668CC25B3FA3755607ADB5
          SHA-256:6A9FBF92406E475E87C1CD11A704AE7061EC40E47F7473676E07330B2388D360
          SHA-512:22C01B99ADFF39BFFF5D43E44D41E2F7C1199ED79C966434D2CCAE14B0B04BF2E07DE8C7CDD87EF9F2F799A10CF4D6D6077A593D970E443AA9EFD30F466554B8
          Malicious:false
          Reputation:unknown
          Preview:GAOBC.e.(gB..ql..c..vh6...W.....z..E.....".\<...-..!'...n.....6.bf.<...%.G.w.?]..(Jj....~.........V1'Q.hm.J..~....\..Q..Na.....%....L.3..8..K.S.........r.9.....".;...<.$1:.UG/.{.Q....#........R......D.F.l.A.'.Qiyt...q.h....7.......`...(..]..r...AtL....1].hd..-.'..m.......h12Y@.\.....aq......p~h9..`I...GK......M....*...H......Z).jT]....y..V. S........()C(.y/-..\w........?A.........t.a-.....'..>.Rl......U.".K......y..%.sF...).ff..MN.P.....Rm;..........[......54........|..l...#x...3..YP...2.[.%j...$z.).....{.Z..B.g..U~....b.-.I.)!..H.^N....*a.D.N9n.o..q..w..@.`....]lK,.,...B...2..'3V....T?.?..-N}..w8.D..u1j!...ih....72.Y..0.C...V.oX...t.........N...`.z..#.o_0..4..v.Q4...<..c...Q..U$9.4....c..............h....V..AgY.&i{K`......L@..;iO...."..%d.P.$z.,\..#... ..=.........`2|D......AS.Y.6..\N..X$...*s....5...8.....L .A.&H.....D..%....T...Z.U<.x.1D.._.;(.0D}..M.....4....k.`9V.......x..%O..$...z........6$]k5.Z..x...E..P....P#..W...TZ..!..=!8.

          C:\Users\user\Application Data\Microsoft\Windows\Recent\GAOBCVIQIJ.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A62904A71EB7DD147AE0FB624E13E294
          SHA1:7D8C64B8A74ABC271F12C05CE08140EFA00DA5FA
          SHA-256:E5425DFA96C22BBCE640A101D78A866B571E6DA21D3D9B5B555442F3EE0CE24D
          SHA-512:DDD5D0E4623C33B84F8964CC79368433E252F527E31FB9D0449D29B38C40F7F4A97E57F798D2ADB5D657AD16F4914409D1C3F356E37BACA0A296060CA33A2E53
          Malicious:false
          Reputation:unknown
          Preview:GAOBC.d...HU..6:......\.........y...N.f.....o/..h...O.{T.R.......N[%..>)d.L..A..r}..kG...cC....e...i#i.pJ..Z.......X...5.u...h.a..O...}.;...;L.\....s.....g..p..K.#G....B......V8..#...?..X..v...)v9r;.A...{.K.....8x...m..X.-.VK..Y.... ...r.V.`.-f..e.-.ja..)R.G_f.e.hR.T.<".i.....w|S@.=..E.>..b.tU.Q.<0".p.....G.Q...1...H.h]Sl...OI....0..O..u.......x....s.bV..W..q.6)6.. 1.R..Q.-LD.Y.K...L....p...c..........O._=..qeF......d[.iE.V+.%U#SR.%T.a.rp\..[.......X.).L..+;..QP.|._......@.i.....f........!=>A..K....C'.D.n5........t.\Y3..&..=.Z.o..C.....$M.QK..u#.,.A......._.7.>.n...q.iSC.>}...}Ox.>...`.|...N...F..T..@.@.m..h|w..d....eu.]..)5......|.8.s..m{..H...@R.......#..T.q?mt....rb.HZ@.w..x.YR...`....}.U,#W.....xvR..o.^...#).._..g/q.$7,u.sq..1. ..9.JVRh..$Zg..2.n...P..L.i...[.6@JN|yn.1....~j*L n...zS..o'.x_..6..~....9..h=.........-E..}.\.q].....,.F|w...mi....'.p....h.n.Z..3..].m...k&.ay.GZ...e..#.\%...P.....>].#.1......t.9.*h_9...............:t.......

          C:\Users\user\Application Data\Microsoft\Windows\Recent\HPWKBOGVWV.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F2CE12C87979BE4AA832F340F4255E76
          SHA1:55297EE227F0984DA29371B579F66A5E61A4D489
          SHA-256:E224FE6F7DE26FDAB43CBB5BED9043E2498EE8E7701944960A61EB5956C45482
          SHA-512:2BE2CCE1D4E6DF4E9C3CB70908DEC071975D141ADB8F1AC1AFC424EB960B8539FA5ED3690359E0E243572790675013779695EBB695FC8573D4AF656339923094
          Malicious:false
          Reputation:unknown
          Preview:HPWKBn.z....../.*..>M*y.........7.8.aV.b.....A.f.}.lrw.....r.......o.|pJ..d...j...#....^Nd@...Fi.........F...].[F.....Z.@./.........$.Ou.Z........[...3a.YP....~a6c.Yo.....:.y...W*..3.}...tb-......p.....6.P.fQ.L@...0.3T+i...P..C..M.G...+`Dn...X._.*#...>.b..d%...P...>{c....gT5G=S......sL.(E)..T...1.>.zX...G.Mcp........L.zq....F....q....bD..z..RO......>E....'.l=}....<7x..PlDB......E.5...<.P.4.".........S1.@iXk.>.F]..u,sFh.[.W.o...8%.&...+.P.....>K......G..N[.8.OD[.NSU3.1-.........E.x...........t...#b...z..+."hV.......z...^J.N^nla&.Y.N4..b.i.'...a..... ...b....Sb....`...L.J@.0y ..4....is.~7_......<.`..V....-....-6..v.u.s~)..yT/..y.RL..ut...}P..--.vo.....d53v:W. ..)m..7....N..E-..M.8C.DJR.CH........2wrz..+c.z.R.g.y..<.3S.9..."..K..k'.l8u;.....]<.1.K.....4.BB.t.9Rs.......z?.......sO].f.8.c....K.}*.M.*..%G.D.b..!....,..B.....;.).U.X[&P.>.s.c.}......c.......m....D..y....b2...].7..K.\o...Z}Nc)..(....8b...'...%{..6.FC....-h.N..\.......J.

          C:\Users\user\Application Data\Microsoft\Windows\Recent\IPKGELNTQY.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F9B4A02CAB66FCEE4D2F8F9E0A9D0181
          SHA1:1642FA4D22C3C7000E060509ED5682913B77830E
          SHA-256:8A359CF1C13F917911E3DA9EE7EEBEE90A181AAB01FCF2B0AA63BF4184311AD9
          SHA-512:E04BE68066BDC55A0560803956D0825693CA4201DDAD9CEA8C4BB9CE7FCDFC4356F55753723EF9F164B247C24840AC0220ED3EF03B1E364A73290615416195B6
          Malicious:false
          Reputation:unknown
          Preview:IPKGEF`.q1....zH.F......."c.JF+. S.O.s..*..%<....5cQ..S"...CE...-._.Y.r..:Xk...1.....Zc.|..U....'B.DJ....x.d.T);{.~.._..h...?D..v..!.<M.a...q....&....z......!..J@..T.....-.KD.G..`.d+.n...8..KQi"...mo_-..~`.b..i..+..b...t..q.GZK=.I.......2$..HMo./...Z...DB.rM.@O....[..h....%U.xw.*O...t4.H..'...}.E.|.Y....k\.....?.2...@.YU..u2jG.._f5.....T&RE8Y.....=4.Q...k..;.*........R{.......W{X.x....@.....a...)[...+.Mw[>.hjv$.......".....A_`...'F?9..0....,.p"..I.uB......._.E..0T...y.....1..4."..k.2.*qoC.QN.G.8.(...r.y..{..Q-.'..{...A.<E...<"...x.V.....g. 7".........bp.......^G_......@....8..4mNEvE.0..m....-t!.:..qv>$2.`N..W5.62...wP..q7....0N.ZU$K.H...O_.....TL....R.V.....)......?........!.7.j...,......|>mF...%.g........\#...R........99./_..ZQ=.E......U(@.....(Xi8.......ejd......#./..9..L.V.......T..eVPf...|....[.(Y...`.s.......+.X.&.e.Q.\,.6...2.A.f5w.Q7......._6..u..-.....\.J...&..E.....$e........d.%h....pX ..L|..y...qt....e....|c~.s...

          C:\Users\user\Application Data\Microsoft\Windows\Recent\IZMFBFKMEB.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:376A2244EED2B97910A166D460973873
          SHA1:BA840256887187551387AAFD2309B951007C4048
          SHA-256:9FE6898D4418BB330CB14AE05A707192B383E4E70FF22BA2B9265A56E2C9B14C
          SHA-512:1C438075926B670E35EEE5EB1C4C853ED4BE79F0FE8B4A4CF88DD5164690A8CB2D4C88D05E937B8FD696F51A07373068E028031F06E927577CABE65847B29D20
          Malicious:false
          Reputation:unknown
          Preview:IZMFB...o...%Oo..e...x3.3...ZT.......1...0...~..U....I....8..w.^x....s.!.5Z.D...B..'...~.A..<T.NV.c_.~...i.J.(.wE..l.....Z...+?{...GhY.W8.n...+4P!..f.+W.....g..v)IH...k>.....#.r+.........rh.f.....,...5yN|.8..!...{.`pq.$...r.y.r..j.U......i_4..wN..w..9wd4.h.{l]B.....U]|[..m.].....O;.!................a....{>..TaFw..T"g.W...C.....s......SM..~..(.}..L+..;.S.....v1.x+..".=.[...T.y..[y.P..!.`...Q.cz{.c.zS..GA..o9H.D....q...$.e.E...W...g.E. >..G.=U}......D..=M.7.n.....^...P..3.=.'G.!....i'h&...s$..j.y......]?.JQ..K.....9e.m....?..4."~9Y.5........n.P0......x...*)j.......GP.g.....ay.0~+..(.....j....).|Z!k<....Ni10.x........1:Q.d.h..u..1.T1..r:.Sb...l/?..G...M.8.j.*...78n`...C.{.::N.!.<....?.e....:.....t.,*...y.......6.f...D...'.5.3.?,.......}.#...D..y&>.d.....,.n3...h=.w..DI..x*bo..[j...8.\.+.N6...XW.j.......V..yv`{w.....Hy.2..rc.5...\.-iQ.@X.a$z......N9..;.(CA.Y........f.....lu..y0.5.O....pA.'.|}.W.Q'x....B.H.e.8<f.../N;[G....)......._.+..,.....&.=.

          C:\Users\user\Application Data\Microsoft\Windows\Recent\IZMFBFKMEB.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F99F93FE7173165DEE80636A4E1E71BB
          SHA1:2FD250AF428A4FE83979ECC93EF8E070E64BC015
          SHA-256:2AA3FA008CD4F6828E017C15590D5AE041DDE683BDE4804EF3E7282E2AF17FE3
          SHA-512:8A6266EB96E8CD9C0F80FCAB0F959DD9453BF913DAE601DDB61153C2682961194645CB5021153CC9B73CB4200B861CE7F0E8D4E5D6EE5FAE86D5B793BAB1B811
          Malicious:false
          Reputation:unknown
          Preview:IZMFB..SPo5HpU..A.q.4.....G...S.L..........g.}p.....i.a.....&.n....&.W....CT..%......,\..MhV..z.\.i0u...'....r........q..h.@8u...o..<*.g.A.V.D.s...N...e.._`-Sf.A...>Oo.Mm..@....U.`..M....y...VK..H..%OAP.t.'.y...9..orm...M...i..Y.T....yG.K.F...\.Y.........O.D/..Y..).../.3!...K.....`x.A..a.....~\...............5...E...~sf.U.:Q..aFS|jaec.t...w...s.c/...;!}Z&uyh1..n.....+,.N...e.P.#j&:.QfB...0:..J'...8p...j...<.z..j...X.a[.n...[.C..;gq...M...L........!..].}..u...e...-.D.[k...V.N....JD...e.;..{'Vz...wB.y;j......q..l..t....\.q0..#.../..q...g.`.Y~......{......>Q}5.9.z={+$A..{2..A{+.y..A....'..k.F..R.b..#y3.u....M.Q.vx..M..........z.~4......|........ko........7..$.J6.^F....b..........R3z.f......Uv...F...>x....LG.m.zyp$i^.....wc.Z.1_.=..w...zT.......3i..I...7..;[.d.._.3.W.M...?0..=.x.<.W.@..=....(s.~./v.@.v....d.w.......~O5.M.qC.J......,.U...F..^......E\...7g..\>^F...X}..%F/...a...v.{|....e.Fc..W.............9...$......}.ww.3x!.....u.a........T.}..

          C:\Users\user\Application Data\Microsoft\Windows\Recent\IZMFBFKMEB.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C50BC7E3879B27881363A5E25D1E32A4
          SHA1:493F03F144D3D3EF844F8FFA490E0F71F5EF0627
          SHA-256:32B70CFC89C3273EB9F8C39D2F6FA97B09E08DC786D942467E28CBECD8B945D9
          SHA-512:BACFA98F89A63DDD46E63DD24B12F2AA5020DBF93D56A043A98B49EBBD7A8EC75FFAB664266C4CCDB6741B0F47E7F6C77462BC08F0EEA22FF38900A87F0B076D
          Malicious:false
          Reputation:unknown
          Preview:IZMFB.T0..w...U..V.....h|.../,..U..P......BT.0.C..Y...@.=.q.....qa.]........b.q.....|.Q...>6/'v../..-...YH(.........e.9.?...S.i.C.#.l.~.. yw.\..%.w.......kr1.@.....~.O}........&_..#....J....:.4.7........A.j..tI.M...".U..d.T.....E..s.o4..!..o".......G#..z..xQ.=g.w*).~k.....jM......OW..&x@.%..........tOI5./.B...^....P.....f..?$........(1......s....@..m......3S.aF/.m.G.H ....=.j......x.(%.R.5.f.p.7..&1q&8..b.`...^C.>.MG.E.<'%,m3.%.......=o.I.\.....P..~$.>.}.WW........8.]..!o=..O..5.R;..m...#.j1.IGYwA.:........66.bb..w.9.cO.$..cn.Or.0.e.L.m.?....U.....U....T$g%H.G......v.y..(.g..M...9/...j.:.\.b...@.........<...c../.7d...........KI<BU..w...PA<.&.D .....].O<(.k...H.`...l_.Q<IO.Mc.?.C...s.v._1.._.8t.4..$.OO.w.=...Y..[..y...C..\.mqB.... ....5.iW..2t.Kw.f.E.s.d.jb.. .c...nq....K..d.....b...Y+_1...}....4.&O.J.......6.Q".VI.?U^oyt...J..]m.2.....>.........{....../Y.:Z..v.p.Cr/,..M.fcX.......).V9..k.d....y..vn;.GV.I4Z@. ...6-...E&.f.N..CS.

          C:\Users\user\Application Data\Microsoft\Windows\Recent\MNKQCGFJDG.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8F73FFE2352E577B88AB24EB53FB0302
          SHA1:EE6A53548E03814358D5A35B0497A6B85965BBAF
          SHA-256:EA986FA7FB138E089296C62833D0FF977529CA5A49930D558470C246F5102249
          SHA-512:3E9A9611068CF61F0B1C3FC2C0350CB37FE9D730CA5E53FF7BCEA1AD3D047C83EBE835BA82F39DA38319B64A4F586D16C4BCBE0A6A5904B08E96A85C8BB7120C
          Malicious:false
          Reputation:unknown
          Preview:MNKQC4:J7.aT.B%g....1..t^x.....6..Dh....5..;.3H.K.Z....&....Z<Gl..`......Z%..6R2.../. D%=.!2...*.8.x@..a.e...RV..."/E.Wt$..l<...|.{Xj......M.........G.......W.xf...5y.Q..U..{.3o......k..t..yX=Yf...'T..:.....X...O....w+..^..n#.4..u...s..6.&..?N..[..W3p..<...n.....D.....{..F.)i...{.hf..Cm.u...n....[[..>...)....f..1Z.q...r....2..M<.~^.......#o..<{. ...x...p=....2....>R.Z...i..z.g.qj.,.q|......d.c....]...m+.... ..Aw@...../.;.... ....$.9...D.N..@.#.#.A.?....=....5L.+.=..Y(......PO).,...<'........e....#k..Q.W~.H...=.)\...+.i......GS7.....c..j....QcR5o.7..^...88..('......bxD......K.O........W]['.zQ..T.s:z$...@...._.$d.87n.T)2J}.@.*$0$L.a$......h..!.h....g.r....<2hXT....1......#..u....Q@........eL.m8.(.v.o.$.........%..;S...VQ....?...".S.Y.._..`y..3Kb|..,.G^.s.KY...x......}...Bm..k..ho..+.......C..V...B..n.'+..$l.jD...h....=..F.J6.F...Fh..0......OY.Z....F.P.c.&...yFn.....P.1D).!.n.st.....s.+6.xe.k..B.6T.g.1.`...@T....A..+.;....A..Y\.....).

          C:\Users\user\Application Data\Microsoft\Windows\Recent\MXPXCVPDVN.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C13D003629013569BD063800474B29F4
          SHA1:0DD64B8D63E69364FB4D0C94E4AF55FDB0DFC3DC
          SHA-256:D4D2A8E5A9F41286D6C42E34E27E0969FDF2648A64AE62814CB9777E87C5CBAA
          SHA-512:E016613BE255AF04241F0084BE70828217D526CF414584CDE9E6E8D69AB591B82A86DF1A495DB91E2A445607C8759439E490B2101FE42C155E89BB86EA3A0A29
          Malicious:false
          Reputation:unknown
          Preview:MXPXCV..S....)K.5........LM_o..#.8NW.;k.H....A.K.._..a....y......K.!....-..F...A_"..f../4.cu.X_<.L-.~.h..F......+zJ..a.D......{...x...8....6wb.Vw.<. .B..kHP...D).d.,.uxN..Fp.....LQ.1.J....QmG........[4v<...J...?.......9..e..a...U_.A0..N..mp......2.....+.`.'..`..<h&~2.wn..1...[..i-_.....dS...f.K.(........r...D.1.......f.. n{..;...=....Hy....E.).0..Z.. .O...-...PZ......M.....v..4L3.<.W..k...1.y...g.]..E...U.r&..!%...(8..F@.S..G.A.(....@..\Zs.%.j.I....R9K...Q..;.7..)..N...A...UZM..I.._..y.:y...x.V...eL...*.Oz=..zk.....9+.\.........E.+L..c."(...._.../..M.V{2.....L0.G....+...+09...wQ5.o..r.....8.n..s..f{.U.Q...I..^L.~Pd..H..Q.<....@OS..o.rr..H.AU7....r..4.....T..c...4..>E_<.pa..V..==I...i....N...Y....R..q-....%..6.E..Ma....XF.....I......i.u.>......1.....O...."....{W...`.p......... t}.H..0.....<u....Q..z".5.H!s9..x....a._..U....x.~.......kr...*.q..........=.#....4.d.*.......TXQ..P...Y...2.O.yA.W.RVb..6.]-m.Z.B../....\.g.zM.A.]I..

          C:\Users\user\Application Data\Microsoft\Windows\Recent\MXPXCVPDVN.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A45749D8DDDD4E73916F2E044A288251
          SHA1:1F33481422A6EC7922E3BFB641BB7394C7A20174
          SHA-256:8EFC9DBD4E4E4BE3F98BDDCB710AEBCE3938D1342D4AF5AE8BADC6C21B802FBE
          SHA-512:C5DA0CB893494DDBE78C5B735847DC5B54BBDF647C6C3E27D572F5780FBF0B13EE36ABB12B59F197F9AFD3AAB26FD4EE1FBB5FD7BDBC17BFF0CE1B367F47D67C
          Malicious:false
          Reputation:unknown
          Preview:MXPXC.....,.i]J.R.cc|.B.CR..O........o..J..&.}v.............;%~.e.&L.......K.[.h........E.._.=..*..U....h...=.Q 9#.!....'p.........(..BwC.~.h..-A.p.a_n#.G..X..H9..sV_...=.t.u..,..A..../.I.E....+.%dX._G.7...{.g:..tJO.DQ..d..{:.yu.f#.T.[..Y.s...._K...TE....'*E?..Yw..L;R./...#.)<.;...<*.+Ut..3.B.D.Q.0...Ec.49...#.Z....R.>.....skHT...*...,J..v.".#[..'..-0..?.[.....{.&OX/.Ug....B;..!........"....&`....j...Gf#XA.v.9...U....~.....I.3..v..DS.rA?...v.&.+.....9....v.2........k..F......:...~.|..".v..P...8S.1.j{e.b...@.{.J.7."L2@G.w.....g.C.........-N...........q..}Q..........w>m...A.......N.S6:.6{..&k.4....uI.,a$t~t.[.!.@....N.u.6b....K..:..b.F..G.b..j.BP.=p..G.j.*...BjL.....t.-6.3=...Buk...Mj.]+..z....?fq{;M..!..[~d.. .TW..r`.2...lC..s.....5y....pb..QA!.v.\...F...c.........k..B...6.E@..w...N:.f%..jD.cj.D./1...T..KH..N.CA...z.V&.M.-....+.Y..........C............^syt....9.-*..OO.....p....K.....N......N.T..?67^".G.r....K@G.=..@... ."...`...R

          C:\Users\user\Application Data\Microsoft\Windows\Recent\NEBFQQYWPS.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5F053E6AD1B795FC0E73EB0AB46FC71F
          SHA1:33B608E9C45C98DEFB133346417B5543FA2EE08E
          SHA-256:591650F32276F75C66848D221CACC66990741E0C7491F0803148CF41996C5B76
          SHA-512:CF912939AD3C8CD996CD26453CC94B934C11391F0E87FB75C182CBC283B7060D24CA1CC4476115C283AC0A70A1DA607C85809C46BF939DF66E71B30D69C617B7
          Malicious:false
          Reputation:unknown
          Preview:NEBFQy.Eg..W.....X..LS..b.+W$.$...HQ+..).&....J+5]....B..0...*.....B..?*Lr.($.s."...k.l...'.]..n.\c.........l8.F..{^......}y.T..DD..T.y6woh..FAN.F.........Y7=d.i..6....Fr.]sI.Q+K.g..7......#.-..,{..z...h.....5.$..e....+....z.Ep.h...t:..G.....x...J..[c.z..Q..&b.I7D..'..v...1TlZ..%..L..n.O.4&..62.X...#.....n..h)Fo......&._p....(^.4.I.iV...o.....DvP}.Y...b.....K*....}..5[..6.E...4c.FA.....h...."._J4..]...E..x.<..$]...b....(1zx:..U#.+.d........^.9./....&G:8..>.(..,3!..:.4..V9.miiT..9..Zd.RUHn>........Suy.. ..J.i..(.v....P.Jxye.....>{J!z...{a|......\t.A#m.R`G......O....H.3....m_Z...Q.........A..'K...6..d.u.L...|...;.{"....!5.J.C6...S..4.%.'....B.;.HN*.....]i....ov.p.........Zlf*....>..'.a=<{...%.`..{.x...8'.....ou`a[I......S[...,P.s. .....m.[<.y...j.N...B..Q6SxEJ..O=..mx\W~....Ou..%.u...<Xr....59.O1./,...F...m.U......F...@.U..Z.3.Ca........=.+O.:....."T..oU."...*\..M}1/..w...kP.y.?I'......c.....^Y.....M+.":S^u....T..J_g..W...\..!..9+.cR.=1

          C:\Users\user\Application Data\Microsoft\Windows\Recent\NEBFQQYWPS.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:292E67215FEAE9C50D473D7B11967B8E
          SHA1:46D7A30C86E9520750D50E0A257DA96B0D8DD994
          SHA-256:FB43492747673D013799D819E2AED0D88E863B6150E1CFCC7E9C3CA1EB7B9AE2
          SHA-512:62920688A74AF0BBFB54807421BF119F0A296F54266EF0073710ACE7408D33B1EF9F33A96706403DA6C1E56C5CE570177C98FB53686172F6AFACCC8F60F88DC3
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ..@7f...$UP|.....k......:..3,.#..g.P.....|}.p.......t.....:..g......3..K#h(....[U.>.'w$..K..|V........5._../......*Fo..8.h]..K...qh(.:..s....TqY.l..@F..k.N....!b.S.3.%......07..4}M#^...dI8..2..Y....w..e.s..sW.+.......I.a.....l>.;.q.I.`......)|.......b[.S..%.cx....Y...j.....fY.c..12.]U1.E&8..}T.N.x..F. .Y..nM.%..C...Lh.U. .Z.].y!..Y.e...ZU..].%.J..;..R..N...$.A..33...lf.A....R..G...q....L..M.JBL...9..[....yV...*.|..d..w0.C..y.q.U.; [.G>g0..L....z......7..Q..Y...e...o..8wK.0Z.._iA=K....&.a.....A.T....7...Pp..z).]....N_`5...A.h.........WU/......O.'..P,I..=c.B.;n...!n.-..v.'.\...|..).....6_..[...Q....o......~G.d.5.x<4N.Y.o.".8*x.S....V..We.6G.t.9.b....NKre...D1....._.C3...i.U9.0}n.../.(....j.4a.......>..1...f.U..1.B.um.-..PSI?...;.k..?t...$Cr.....H.fi..SYv,{V.3.n..#b..A...;.0.......1}.O....(n..Z.]F.z..T|._5..d....sr.V..._y.8_/.4....5..*..q...].r,...Y.....Q.no..6`{..a.E.SH%.6.D\p.o|.*[.I..So.|OMU....^.Gs...A..O...)...O....c.(..8.a.ok=..U6..

          C:\Users\user\Application Data\Microsoft\Windows\Recent\NEBFQQYWPS.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F875203B534EAFE22926C6B6DCC69441
          SHA1:A8304904020E4A7895E869EAA161CDFF3F690600
          SHA-256:864AC89FC89443BF146BA70A2360045C00F6F4239D770C82F79C22A44F9800F8
          SHA-512:8F1EC4C4D212600F674FDEC7DA626F188E2766C3700ECFEB27B5C0ED5CF71063451FA7282881C7D6E6325778B781D591AABFA26EF1DFBE892FD164C53B8EE1DF
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ).XFDb.-?.!.+....O..5...z.H..M..=.RiA.T..u..O.........].w.y-.5@....D.)...P......v...-|.x...........K?..;..i.. ..G.p=hD..._.,&V....CK.h*...ab.z4.h..*Y....H.9.:.C>#3.3..H.......o....h.....uJ.....H.....v...M.w.+:........F...3o@.....|C,r...t..*o.d.sV[..BR...n..$<...l......^.$.5..}..T[......*.e%53..T......P_b...Mgp..bv.....7x..<I.LJk'..r..".Q!..r...5f.&.9Y..fNvU.c...h.z..^...8.......aW.}.tv....,.d.....y....nV.L....f.......S...%..+...CImH.?.>..\!.!.Y..b...c]/TSy.5..^..<.p .S.. ^7.......[P./.[o1..B...l...U...v...^u..e~.....R..V@.1!`...jCT.>...".|..m.>4X.^.;...dj.Z.b...W.a.?.}l....U...%....d..3......[^y..2...i.N0...[v<.x_a"........tG7.B.(=.D..-..>.Z[+j.e.K.x.x<..=.+..U.....@...>zH...I.<.l..R...[*n..P.....m...%./z..!8...ve.e........0..oW9..,.....rK..S..6jX\2....k..]S..)...."$...i.....D..v>....%...U..9iS{.p.@.:[....:.FJE.}e8.....Gi.........#.n.. ./......WF$.t.....]..0..,S..:....p3el...:....w.._.v...cn..1Z&b.~...|3.B.S..AU.Zd.oI.X..2&..y.G.

          C:\Users\user\Application Data\Microsoft\Windows\Recent\NVWZAPQSQL.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:386D6F021A8AC2A6EEDB8F75CFA22026
          SHA1:CA611AAA28D226E46253222BA5EF775B20024F18
          SHA-256:000C8744214F4FCEFEE6869C153BD9EBFF2E2D98BEEA0C85927B2F388A288A65
          SHA-512:432E41CE773A60E0DD7246B6A4FE8800D082D6E88E2D38221EF4521330C14BFA72027F244389CC1C31C2457DFB4CE0E1C1287062433749926FDBA493B9916EF3
          Malicious:false
          Reputation:unknown
          Preview:NVWZA..[...(..+S^n/.t'....&e.G.....c...0A.....G!.3PY..5..#....H.;6G...(.b.Rf:.+..0...y........sGc...@....7M. 1uh_.^..P7+..:`..v*}.?.....$...).N..$.1.M.r.P..$v..*V......6..{....C...)......a.%.8!..9.8+:...!p..N.s...^.kZ..(t>>....r+C5?...R.0.....F.L..H...<.>._7HV....L6......I5..h.e}..G!..|.Z!...<.u ^.:..BG.y6...v.$.G<.#! j!..4......3xeI.18..1.J...S..?....b..r.k.....}.."....V....X...R...HW.P......,...1.q(.?....Q>(U.-.......[....i...........]F'...3r.i....B..S.{.<....!.b..+I.m.il.....f:..|J.@......YT.......M.[.+.)..WH...qn..Y^..;.R.]......6,x.<..]..y.d...A.2..M!4|.<....B.....)2...!......J...'.+5+\{C...7Q....w"...PX.W..f..`j......._...W.t.=."3.G8..2".l.....|.}Q...O..3H.O'.8.........".;..6.S...(..go.n..}FJ........@>..>..:nl.....x...vc.....!.($..y.c......g.8...W...X...... ..N.&./..[.............;..^++../.xv...|..ag...?.!..{...2.. q7...E1n....N.f......B....LW6...........5 dy.d..bP.1.9...E._.g)...;K.}N..t)..s.^...C....gTR........*...<..F.2.

          C:\Users\user\Application Data\Microsoft\Windows\Recent\NVWZAPQSQL.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:09FD3460B116595515F84C8F092BA0FD
          SHA1:021147EEEC0444CA0955ABBA8ED9B92DC34CC8CF
          SHA-256:3C236752894ED299C515B1371F02FB3872B1B60F317C3135A19A371C61DF1C6E
          SHA-512:68C19664DA5993F8EEC3F12D820B161C7EC210BC261F18D70907D5B86A1011384972829234F8ACED6326EC7704CEFD1BCAABB8A5BFE3DD62C83D57F10A3AF616
          Malicious:false
          Reputation:unknown
          Preview:NVWZA..d..vt..wO..vY6!8.^...;....:....&CC..ls...i..'.7K..V...Y.7....ee.~.&@.eY..q ..f...Lzb?7....O@(...8h:...w7q..bd.y...g.,E:........8r....(.0...2.......z....iq9...N.j. L..I.c)A.EP....y.....O.D.p&.$=..|n.C.X1.[.<%....".{...0_<M.......=@..,..>..(U./$F.D.Oy....F.wK.....A#u..;.E..X.U..;<.`_F~.K.......V8...~.~...7.V......Y5...f).q.)Y.^....O.6..@y~=~X..8...&.)......,O..@.cI.....r.Z+=...4.=...m.3....R....5......k.J.8~...C...e....3.N_.uF..n_.W...\-........6...z3..x..Cb...A0.iG.......X..nI..4.;..8LU.4.-..2@]9E\L.'.s.4!.4....T......5.&J'.(.....",..{.(..h.Jb.g......p...}.W.:.Fbr!.L.y....4-.5.vt.ca..U...b..d...o..aW...x .'.L....R..D..O:.l.=3..+..K.... .&..S....bg.....e.XN...jd)6|.A...-..[....P...@.....zm.q..=E.......IX.=4X..9.5.....=.i..&hS5..OI.C..O.c.?_D..=...?..C..J.D..x?.'.....u.4..0O.......^.x.~._..q.....-......<q...d).]DG.r...!...V......d...E<..).H.=%..@.........#...*Z...=.....IJ...#T7....8...T`..^.$..`p..5..|+J.;H....s...`..cs.....[N. c...$

          C:\Users\user\Application Data\Microsoft\Windows\Recent\NVWZAPQSQL.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5911479DE802DF4F1EC5481E333A50EE
          SHA1:9840C454D5C0CA8E54EB3406F2D3839C40FC1CCB
          SHA-256:401BCEE5A43D13DF020BB80A87EE8FF1E6A9AE6D33CB4253BE9EB931FC7256BD
          SHA-512:0BE4BCBD099F2E9038B9E133E46B6E68487095215ADF0D426369C7B71852B5377B635BD750739193C129C5B842EBB45AA9460C67E1CB62B9985156ECEC18310F
          Malicious:false
          Reputation:unknown
          Preview:NVWZA.I..^...q...D1.Cz\-w.8:....F|.'A8_...JMIGB..=.d.!.0....F."..?...!W.tO(.O.z.n...E.lK...7....-.....;...IyYB.]......+...w25(JE.....a..V..;..}..w....:{Y|...e;.!?..U......-g...l....W.P..Z..Q.}....Hh<d~.<..S.. .R....K..'&.9...!}S.........ac...y[$$..>...".CA..9.....ti^./V:g...".)...t.7..l/<)...;HW-.u&...V..9.;.,..A..u...N.F!.,r....h.rn..qz..N.w..P.5S.....m...~...:3C....hD..Uly...]'..C..p......t;Y.HuP.p.....Z|...._.I..\.H.....<..40>mI.d..1x.p.?.g)..C.Tc....A.0..Y..h..+SU0Z....l...vl.....p..... ........g.+...S..W.{.b|..E.w.[U.K....1I.&........9.w..N...I.Q.*.....<P0?.g......Q..O..3h....5.(..4.u!.7..}g..`"6..?].t..v...5..g...q..f{..'.v..in.........S..b........B.=..3.c.?.....K.:2...e.ao..1.FD.V5.\8CU.o<c......;8..v./.p.....f.......Y.pQ.,..N.....t.c.B.a.}...\....Dk.M.,Y..1.;0........:g.g..%.. .38Ki.....M.w.<.3..@ZQz.R.ebffQ.............+;..hV.M...R.[~...{Gt&.._u..7..L.ztSL4uO7....l..;.J.......+..?...........{.Y#..).!.^?..pJJ.......jo..J

          C:\Users\user\Application Data\Microsoft\Windows\Recent\PWCCAWLGRE.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:559CB11296EAFEA9A11D5EF0B73474DF
          SHA1:B630D1E8C14C2F0386C4603D5E2FA4437C018CD6
          SHA-256:750EC809C9A37D71878EB04DD222A2586977802AAE2505E03F03C24A1A687B94
          SHA-512:9C158DC663607231C2263B77C23D447196B4FD4926D63E8A2E92B0387671493DFCEE5A03EFA2EDA412F45A37EEDC6FF76E207E35C67DB709470C8CB39F5527F6
          Malicious:false
          Reputation:unknown
          Preview:PWCCA.Q1.b..i..t...,D.q.....a.h\X.V..-......j#HL.....x!.:..U...v..y........-A:.......OM.y.....*.U^...>.T-....y.....n.`<.....A...J..f..X.4E".a...."Z...*..L......[.T...^=.kA.X.....M...w......(.#).O%P.H.n|..j..UvaN#?.....Y>.F.._..U..".c.<A...i=..<.=X.xp..j.-D..........h.........lp.[..M.U....JO.......(.A..I;...@I...v".!....'...../..N..G...,zq...Sf.)M. .Ut.@j.l(..V....T.H...=...o..&......]...d.B6.O.:... ....S.........../.V.s..Ni+J..P}...u.....y......l.':.3.M.D..T.....1.k.>D....H........+NM...s.$....I.Y..-.l..V.......L....-......".Sw..q.s...b.._..V..0.. w...I[O..dJt!.Lc.%24...qG.,..;....q.Bj..Q.i4.`s..../b.:...[..ay.p..V.L}.e.|......s...4.D.J#u...c....M.{..C.H.3/.'...T. .:..b.M.A..7.....y.-...'..C.O^^..;1]s......4...g.........Z.{"..."..~.N.J.~...2..K`.6.[c....i....6.9.CH.o|..%(|.7oN.G.Z~tc....;F.g..$KY....".gt.v.RV.....o.[SOG..>.........FB.....1ozi-.....iNE<....(.EE..b....t..l.9W...p......j...r`....D..jd&..u.3....._H...s.`*..7w..q{.

          C:\Users\user\Application Data\Microsoft\Windows\Recent\PWCCAWLGRE.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9EA6D8026220F580F6F285584644D1BC
          SHA1:DFB5020CC0AD0FF0F29C43CE4E5F1BD8952475D6
          SHA-256:B7D927BE5CC5B6CEC59CE818BC3D9C25AEBBBCC7A6241424945E7B387D3E1036
          SHA-512:5DFBD6BA681B6CD6286AB4F2ECED386302D6BCA4E25E5460CCF5E21E3457B57F8423FA037B335DD2823C4233CC4123EB47D076FA0462D575C5980D44753CD3AE
          Malicious:false
          Reputation:unknown
          Preview:PWCCA/..xu..=..@.et......,M.w.....[>.t U`?.*...E5.P..L.....F;2....m..B..6.A.L.......<......3U..!...........9.".B..b..K....44...........V...cL!/..sSs.!..u....^m'Yf.(.......9..{.Y&.L.)N....'n.~".H...R.K.....C#.|....7wG......F..u.g...k.8.{..E?R[...I.W.....'...m'X.2....I.A...*"v"K...u.%F....,.r^.x...g...h...x/....g....h..wy...z....l..J........;&.;.<....4.P...S~....BT..s..S>u.n.i..#.......+M..O.1..J..+u.".........8.aA.WD`q!.?]#...z.....Q..8.0c].R..t.....[..Hu'Q..p..7.5...yF-,.P9.......9z.D (0...^......].p..h.~_..Q.x.]"Z..#4.E..Sp.\u.u.H....j..|.Q.t.4...a.w...I+._...##.....rz.i3,2..""..8]...n&.GZ.......>.k..S.......t..B..^...#.....Z@..4L.e.Tn.?.:<.72.(.u%!$..`.~&.g.O.......T.A...`jIV......S.......9..6.....d....5.....O5u..]..6{..RT..bJ.y...k..6.7.....A2...IwQ...-.N.Mm.!..b..~.^$....8. ...^..F.3/....."..|.A.F.T...Q.r..G.P.y.*[..l.u..[..s..GI8.r^[..%....V~l/Op`.?o4.....:~ck.G.../.a...^2+^...7....ZKT...X........\U...FS$..p)O..*PD...b]]..k_......X5..3..

          C:\Users\user\Application Data\Microsoft\Windows\Recent\QFAPOWPAFG.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:50CC7E0435535B6EA1F32FDC5A31700C
          SHA1:5A9D50828C552F82FC2166C6A711F1AE23938EDC
          SHA-256:5BC2F536FCDA9615F92E259BB21C9BC65A7A4FE114B373F5FCA45287B8F391B6
          SHA-512:29616D71A9ED74F02601199D839F3EE8095B1CB17C7402417D387F7E4410B32425159C69B73FC787869BF9A8C65E59F0E25510AE787B6415BCDBE0AB93632ED1
          Malicious:false
          Reputation:unknown
          Preview:QFAPO..C[K.`...4..&.......r......*] ..!.8w..,I.@..&..{;\5....>#..........'6.Ya.j0A0...T..2..P.'...Q.l.a.C.@R..gN[~.l..u... .H.@.......t.X.x..4y8Bt....~.H....*[..r....}:[..l.r<..,.H1Lqw...\.t.e.Z...V.^,../...'..........Y..C$....9.x.j.......v.j."x..'.>zs..|:_.....<..)En.......-l4..~....F;m..9Q&>wOdg>..z.....[p...D.........T..a.q.<0L^(J.Ih...Y...$..Vzw....D...C.........q\......:.?%.*..p.D.Q......@.[..}.c....Z..l.D.<M.....s.&...X.%.L.g....3....T.....'i...(.|&...]YR.B==....j@....9..n.Y.[|........>.....[z....6.....~}..LU..}&...sxxS...Z>.;.#x.6......]....r.c.3d..\r.. ..g.m.7$_.x..B........w...0..."..(g..5.....).].N&.G...c.o.3;..U.Z..z.?.?....l&c.^.#..4',...{..*$. ..1.f...i@.;T......Z.#......Uj.QD....{.......<.>A.g#..Y,........i.<[.8.2.6#.HU|\.K%......c.......!-.]...>......{.".|.L....._;...*.{.......DnJ..5..!.QY..U..k...B:.d....G..D,....V...N...S....R.^.4[....Y>.&.1v...L......*.......;...'..k....#=b..j..|Y..6..56..T....._3>Ih..N._..J...T.......

          C:\Users\user\Application Data\Microsoft\Windows\Recent\QMJJVFJDVI.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C3FA9933D2A72EC578AA78AFA0A429C5
          SHA1:98957F3E690D6119A9D3B35804B786281F974156
          SHA-256:A202981AA7793496989382BFDBF765FF0CBE3BC77281F46F0B3C296AF6CD3BB6
          SHA-512:2CB35DD9964E2386DB9552F4B2D7209D0369E0C7686FAB80C9FE622DDD23D276488240A7833F9438766CC9D6BEE9E613AAED8BC6B182A79219DA4646BA775F77
          Malicious:false
          Reputation:unknown
          Preview:QMJJV.7$.....kw.k{M5....)_...LG.z..@+..^..M..<...+..P.g...'.....]y..._........DrB7..A....a1....g.p..Y.:.G'.#...fF@.a.y..#E....(.K..(..h.....~............}..Bd .0(w8...Ti....]....vI..g....9.....`k&r.Q......YF...|L...y..%.OS.D.2....1./..h..4.dR...|..R..F..V^.T.J\M....ZG......y .M..^|.J}......z.0..`..drJih..l.Ut.g...WI.......F.w.....>.}!.H7/F".|w.. ...L.'..u}.XEr&]|.6tR..G.%.^....r2..@....$....'..`T.Z.#.W...w.[....[....`'nz....).Z.,..R.)..L.).O./.......O.Qp..-.L.\4..8....|.~G..rJn...}.l..v].8..*.A..+r.Ij..\...A..M...I...x',F.....d..hSN.,n....B......{..L".4x.,..?...5.....y.{..pCE...E.B.......) #.i...3.#=..Uh..f..+.5.C....w...,..G.5HM...F"!.c.R...C.a.....S..%...n7......o.m.' .[g.pZ.()P...n...iQ.:..L..).I......`_. ...z.....z. ..c......pI..._..j..O.o..hT..w.>.)Zw.Y.z..^..{Id.u.\...27....<eX.s..s.KK...3.rB..B.}....@]..#6o`...#h.7MP.!.D.._...,9y.....M.i..O=..L.2..........D.....:/p.......~., .4d.Aq.9|.)r..Iu....r.t{y!m..kh.bP.>5/B...~..C.{IA.

          C:\Users\user\Application Data\Microsoft\Windows\Recent\QNCYCDFIJJ.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FCB52C6D3E0B8D6DE8E98D0062D7C7CB
          SHA1:E79AC5A84357E5A8B2B24BEA908F7ACD3FA627FD
          SHA-256:CE70810D0AEB533BC4E58135CA12948BE188429954035F60BE63758DF74E3A72
          SHA-512:EB871BCE4DBDAB8F8E3693071EFDEA5A64FD103600836CBBA0706431F9FB4A4B3293F7D9E4F730DD73448CC3F0BC66F2BD4FEBD1F23AE000D6ABE8EEC53AD0EA
          Malicious:false
          Reputation:unknown
          Preview:QNCYCE.GBw..C.p....@`.. ....JB.>.'........."f.{.. k.,..bX.....U........;..G..}....d}.....Q.jj.k..7M88..2=e.^;V....1....9..q.....#..;.........x..#@..._....(.+M{.K..."W.i.'..p..?.8.~.........._..V..e.;.o.w. .-.2.ew/K......*.L.o:Z.F.....K.....h.Q.&..C.....6....o-..Z.@s .........G.'.\.<.+u..f...I.w...:>(.R.,.^q.i`$....^.{.U.u....[/...4..}.<..\..L......}s..=t....# s....6q...U1P..ev.X.W...e<.]f."....._t}..Z.-...#B_...C...^..........Z...:b0......y:d2..BM...!.wh4.....Z..}..5..|eVo....U..sXmt..5...Z..Qr.:3UM..I.,S......."...<.6..aU.....v.j.J......@S.C..m..c.Qy|...|...Pa.X.{B../..,...ZR..e)...'E....Y.bf.49_P?........3)z.;..<..A;........8m:...j..M,.j.t...v...t..FQ....Co.6.Ap.k....(...........d.su...U+.1....lJ.....9.....[.....1t........'..(,..)....7...F.?C..Uo.7.C>K.......@..v.A.?.4%q.k.s..s.U...sZ...U...dl......N....~..PN...2..\u.....`|..\.Gz.-..E..H.....!u.N....s.d...>.1.H..[....,3.$}[#&:..s..@.....%O..4....T,a.[.....q]4..{...e..t$w...... =.%C

          C:\Users\user\Application Data\Microsoft\Windows\Recent\SFPUSAFIOL.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D92B3D4D166D349237966E8726F4B905
          SHA1:E203CBB3222D75AA30945145768F67B41BC437F8
          SHA-256:CB44BBB87682A2FCA6911A8D7A547E1630A4D160F2DC45A81DFC1934848C6B3D
          SHA-512:9DF87AA81766E039FF1B7AB9511FBD9ACBA5C58F5D5F497DE74C17D62832FD2F1E9C32FC1CCC85E092668DC8F321BF12CBDFACAC0A136CDBFF0A76F50C595E28
          Malicious:false
          Reputation:unknown
          Preview:SFPUSX......K.....(.~77-.f.U$s.w..X}`...3v....s.../..\_(.D.....O...V?.3U..$+.J...p.s..S......Nc......./.vu....@,V..gJ.P...!A.\.f.<.n.7N70..Oly"..z....p3>...J.b.~.+2[.. ..;.Nw...$.)p.3.~..f.....bM...-.S.\....sm.Ck......<2..^......X..;U.6F... {.9u..L.gdz.-.".....J.v#.d.^..5..cZv.hd.].5.'.b.po...-]tB.4D...C.2Fu.l.w7...*Y..6...6...Z..n,bm/.....(..."4..5.{..C...3..A. q..9.....;-l....1{=).....WN..'.N.ihb".B.v..\......-Ky..6...y....bK....&......9..r!.$.,..d@..J.'...;....Z..+..E$P.?...).._.......&..U..{q...'..l.!K....'S"i...0...Uxr...Z...Y;'...P..NGY..:<.^.........t.o9.my.wh.di.."..nu$..%....Y.95...5....\}....{J.6aHn.aN.Ru.g.l......T:..........a..3}b.RCM .ys.!:LQ...'.R....7.o...[...?..../.t.'/+.&$...7..T.m.7e1}f......QU/........0.P.Z!.k..fk..f.......Y...m......t..........,f-$...u.VX.4...?..8..4&..PV|.O%......S........W.d.'...G..L.-:.B...Q,.@9..f.P`..U...-...k.O~R..u....,.o...=.&&.....pZ;(.T.[......hB.;.7p.%V...{,J?..x.....Bh..C.>....H'*....

          C:\Users\user\Application Data\Microsoft\Windows\Recent\SFPUSAFIOL.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0CFFBD48A6344905E50462E3B0C4880F
          SHA1:EB265296922126550B78AF5A36EDC3C0C64A80F2
          SHA-256:396F2334D85E488B5CBEAB344833ED7BE6240FFD1B6C99DBC52E109675B1BF18
          SHA-512:140265CF16931CB54B9E9A1A7571CE3D828B2E3063DBF202FE3172189E29270467B07B938FCAD640BAF309B64B5C7C9299E83CA7E942AC97D83B9BE69A478989
          Malicious:false
          Reputation:unknown
          Preview:SFPUS..0.NR.U.."........ n..M....>2....N.....Sy.;.:aL.)m`O...]v2.....{.)....<......g....j.e.{.)n.h.ct?.v.....'.e5xh[...#I......SjB..5.ES...N.....2.....\]..7..(.2>}.(...2m......h.S...]N,...O.R.QG.H......<.....y..a...&,.jb.Q..y.i.fRK...C..z...~.b7.c.i.T'H}.X.9.t..<..v.u.U.p..f..O>.,N.J...,.bZh.Z...dv...X.4..R........ >+:S[}M&.$....|.E.4.\..i.2....2.y..A.IV.....K..T..I.<.=.y..`.....f..h.........&..j0m,.}.(.%ct.$#.JB........7.t.j." c..+...I....0.....\.I..vs}..]......j4.W2..x.....[ss.B..2.5..Y6.~.>..AJ....x.>..O......p3.........!|}].OF...R.U..9.. ...I._.....!......$_....f,Z`b...a.E'......H.).....}..P...s1........x.`.........9..`...`|......F..V.R$.Go=..|..<..R^.z...~..Y..y.d../.z.....o....._m...=nc*....A.I....t...5....c3..(*........&.|.e.s.,,.U..0..K.g ...#..H...H.%z|[...F.1.9...x~J....y............W.A..S.O.|9W.......^.Vk..b2u..[H0..`...Rx.gv(...+0.....".( |..s......'....uL.......a..I.O.<,.|.+..Z...t..`.0.....~IOZ..ur..5.`....

          C:\Users\user\Application Data\Microsoft\Windows\Recent\SQRKHNBNYN.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:79416E6283F9CAA991C44D3C14018E1F
          SHA1:0D5BEF35172909713BE3E3117795676B57890F40
          SHA-256:FD58413D7DFA9C0886C43CDA730A94C80D4AF673B50C570E607692B6760CF849
          SHA-512:341C72FCE6BD8F371212A94BDE881F01735158E30FE0B022E5694F067C0D75187368862BE5DB7EE292A1A117486F1224F87F906EEF6EBF46DC657CAF5EF67239
          Malicious:false
          Reputation:unknown
          Preview:SQRKH..I..@.w>......{ ..@~.{.5?B/.}....6".U..`.~fnb.A.0s..X..R..[.i5......d.;H'\.....~....T...(.]M.@.[l......E.Kl;FR..V.xE.._..1.....~..I.......<.._.I..o..o..#......$1.......CR3BCk....b^..........s.C.R..<.dra....-..cwC..~......j...-.....GP.e..88..{... .O..*@........h...l.Z9.Q..GM.......|.3.d*.}......n)...5h...4...}..sP!.......}..b....DZa...... .....*.L.YY...d........,s.?.8.;%....$.K}_......p....c..ve..%.<3).W..?..../.f.gA..p}.....u..?.;.d....{V.U0..F....w..{.a]..o.\....JF..5..A.[.G#a(+Z{u.&.7..k.,..Q.P9,..l.3<..L..b..Tk*..7.;....Y.j..J....=G>D.S4X.P.I.(&.?.i..k.....g..z..z$..\..jE..".../...>.....S...1.}..S~...j..>Z]........J.5.BEyW.F..~C..Ex..........9._SQ..ut;...B...|.. ...b\.Bg../..U..."...sU..(.N.N.!B9...0Jw..x.:...54.....(.t..H.}..S.J.....^.j'8.O}j.*.>.1..(..=P..~[.qN..B$X~.6.6f..&6>.,...T.N...}.#!.."i..$JK. u(...~I...0.?Y.3*.........||.T.v'.8.c...a..kz.)..I.J..U..5.6...3oN..c*.H.H.S.....w....=2Y...f...\f..P..^f.|...V1^.|.~........._8...

          C:\Users\user\Application Data\Microsoft\Windows\Recent\UCKFKZQOSO.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D62362ACD88148616683648843A08D42
          SHA1:BE04469593180B66E1754FBD7EA83A0B8AD29799
          SHA-256:381688D221B36948B73AC71F9DCA3FDF85E97AC1B6B55421EB1F8149CF4CE08D
          SHA-512:44492136E0DAC0A1C5F1847103A04216474362EB706B437ED5B23A04A205B71BD8BB7D8C034EB76F9B9FCCCE1D56612E7208014442B40C9E76873D3B408795C8
          Malicious:false
          Reputation:unknown
          Preview:UCKFK.u.R....sQ....x.....j......B...U2.Un!.<.$v.%..s...XSR....v....).D....{...m..oOL.....h..P.o..p=P..V.T...<7..54.p...^.or..A.....*.#..........P..R..z.r.......=...3@..j...r(...J.`y..........t\....g|6....._...|..8.S.[.1Q....j...s..#.............S..rM.(.]t..p".7'.r...[.k...L9.;..]..y(M...P..(.]..iq...Yc......]4..M...>.C.y....38J.2Q.<.KA..0~.P:.]..(...S,y......(..}........mgn.83.b.d|.i_].5r1G.... ...U...../...+.?J..ETC."|.s..p.).`.'.....U...).}...x+n..S..=.{......S{....?. G.4.S...c.....yw4.$..e.......8m.....B.$n.._......@./iNn.a9.Q....'Q.N.cn...c.j...}.Vi.....m.m.%PM...p..8I...SZ......_.7j.".mW..).s.s. .7......*]..U..M._F.o...@.a=0.o.#.....PX....!cq)..i...y.'..... &.L.$.n?$..<..0o.... ;z).t.w.Dl.-...d..b.%....t..k>....Y...M..gf.|.O...o.LOaP.U...4...~..r..s0....*.n.h.5.W....\0.4......U.U...S~.r.....]~L{q..[H.."....D..>b+{b.,h+Z....`o.t2..jf....j.>?..`T..P..bvNC...r.....W[....t..hj.Jr..\#B...T....K..._..h.....#.^.....I.|.....<..RX.

          C:\Users\user\Application Data\Microsoft\Windows\Recent\UOOJJOZIRH.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:26E240B119EC9335A3A89A2B3CE533C2
          SHA1:84EB19E3B9B7DDFD449F8165B6EC83E593AF2EA2
          SHA-256:55EFBED9E2CF225E06D363634BF8A367058078596A88F89DCF2912E044D1710B
          SHA-512:1BB9A9D0A9C2AE047E7790E5F2CE8292B93803BDBCBFD6C1DE1AF4F4456126E9E404845DD2C1F93DC311EFB1F107FDB0C23E82FB28B525B7769F3038FF47A96A
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ..%.Da.a..Amh.K..e.3......W.w...q...9......Dd..d....<...A...`...... [|.%..=.0z.Q..!...Z}..X.Fb.f.j.W.B......iE.H.....+w....+._.#K..(O.F5H9..5...+M..3<.K.]w.....^.U.6.ZJs.......5.nA.....*.z......i.8.a2..D.}.~.x<...3......u..3.&wsoP.R...n..5-.bn......=.^.1Y.oJ.x..<x<.H{.u..D..E.[.2.(....'.k.....].Q.n.C..7...#.gs.23..I...A.....A.....\....l....jv#.?....8mE..K;.yE.....EI..MS..OZ8>k.TD.D......8H........H.fcF..........~..".........]B. .....!.A.....xIv.n..'.|.q...+\:#.T....C...,..n.......{.z.....+...*F..A1........N...}Uw..A.(..C!..n.cr....kv>...<V....6...6.l|...U......'..ul,.6.bzv.....2.....*.......&R.....-....K...y|.3.85b..w.....*..%8(...v}6`.._..h.4%r.:N....:..1.."..3..F....i[.T_...$`...x0..u_..=...qa..0..S._.$.?I.....>...;..m.~L..{.......Q..N<..b.yjX.{.N....,.....%....a.#.5].%..Pw...OK.X..X?.Co.6].P....1lwy`o.4./-jL.....C.H/..^......> .y..:..u?X....P...b.Hj.....!..!#b.....W4.^N.|..L........M.[..B.H....&l!..?.F...{.(MW{...<2..q...Y.

          C:\Users\user\Application Data\Microsoft\Windows\Recent\UOOJJOZIRH.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:48E8376F93FA4B06D94A70AE87FBB1D9
          SHA1:6E38FE3693B8189B67288CF93094A190A7C91825
          SHA-256:E38012A1915591ADB12EFB4E5B12EB14CE7C86DDCBEBBEAEF265C9E208C2B25E
          SHA-512:F63EB086C0A4D75DEEAFC33CE2C89B6DC01CF60DC34E8EBA1BCA3E0D155FAE8C440B5D626A26EA88FBCAB1EC4E6C9145F5FBEAD820097C6A6B13BB8A332BF701
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ..5s_s.Z.Sb...xs36.v......H#uT.J..........#M....._X.'/.4.......PA'N%.@X...:....$.z.$..8."C>..,.....<9F...1n.2...T9+..}fz^.o=..G.Z...K..z.t.2.....Q....t.....%.?..l.*X..D.W9|k..f..Y=.5"@..b......8.Y<Z.."..e.Z"Y.B.8.!H>=..Jg|...l`.u(.?.\q.-O..f/.z....}..}.WNG@.j..5.v..v.3.2.2]?F.?.X..H1.Yp@...)...A.FVQ.e)..%...n....%..N%...h...--..G.GA.........y.'0.P...E.......Y.....|....y. ...#...V.`.L7..}...2x...........|..-.nx0G..q.....5..p.l3..P..l....'.py...GZ...v..L\.B...o-.....@..~......WO.(..OL....]].i.Oq/..N.....@F.Cj.Z..-. +5........E...&.'...v.7.SIa...s5ca.m..T...f.A).....#.L.4c...... ,1.l...)8U.w........:e....-.G..]-S..-N.}........s.k...1J...C..b=b.....K.>21....3#.y,.D...)..1.y..-....x...G....*..wC..7.l1.x...nI.K8..............t7.XE.G.bd-.cP.6........N....0.T..x.k./.g9..0.....'.....]q1Z?g.....l&.wX.Q./.Sw.h.d.~....l.e...VM@.}...&U.Q.....h.........Up..^..~....$i ..>..y.w...$jSx.~Q.~........t%....&^..%.......HJ.z..N....D..w.m0p]...D?5..

          C:\Users\user\Application Data\Microsoft\Windows\Recent\YYTXSGEDYK.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:926849324099FB25BEEA8B39A0D37CD8
          SHA1:B7A202B602F3126651D76292BBB289E4561C67B6
          SHA-256:D0589C16AB29A60A71E5279D810F2732D89B592C923D3DB903BE32943CF47D16
          SHA-512:58C0F29A806D3C9C01AE86BDE9FFEF5400C0B491FBA3528D9B94953F1A874EDD670CD2EAC91A90C0C43EBF676DC16A3B1B6594A0C432DB304AE5AE9A7984AEA0
          Malicious:false
          Reputation:unknown
          Preview:YYTXS;J.Dp.Y8.z.'..~...[.a.........~k..........G.."W..IWe.Z.......E5.[..8....m!X.YKT..8_...:..$V:...7..G..c.w$.....+5..gw.s2.....+W..7..............(5......>..=;..d..=.......w..~a.`..f0...{..G.}.Um...h......u}<.,t.6ZQ.l=g>A......G.{..A..n.....jF........(oW.\N.....0h., ......NM..E./.w<..~...-.7I....d.#....n&..%.....e|..f.....1U.t/.[_...;.*`..U.j}(K.S..D .$..;E...7.=D+[....P.2...Tc..M#,x..+..{w2..k....B..T8.9`..@.}+.N...ol.8.)({....2g.|.}..yL.|....u'.....N.....<!...F ..n..p..=.;....^/..^.nW:..1..?.E.qgXJ...../..>#..s.D...aJ5.2.K.].g`....Y.Z........4...*z#.......-..j.@..X|/.$...o...../z.{...1.,..>....E<.......ia7N.[.vw..'!.e..+...Y..P..D..!.".....^..p..P}....{...j-5..{..[...J5a.n.5"!.tH....+y.+....2..........9.>.I...;"......a.,...A<.Pmt].0.....?....=\9..N..h,?.K.n.....R..H.5.p.../...C......8......F).A.S&!.}...H.|.H.5p.V..R.Vt..k.0D.>...8 5...*.T.|..*..%zg..-..j.7.zKPg-8..d.`..'..K......m2.n...U..J){-AR..X.....3b#.......6^....Mk.

          C:\Users\user\Application Data\Microsoft\Windows\Recent\YYTXSGEDYK.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:88BE7185535C8698797468BBD52ECEB8
          SHA1:680612FB23AEE653C43FCAAEFC65D8A14EABF460
          SHA-256:B34B4FD5002902E4F4A53582596EDF856082377F6686846D31A68A444D74CFBF
          SHA-512:3261D7516C2E7A4023362CBE9F2245992A3703CC159C67FDFF9D93894F7E4FE229A0360944FF8F283215FE8BC093AD66915CD5E21B28CD2EE8F1EFA237B131C2
          Malicious:false
          Reputation:unknown
          Preview:YYTXS.BB....v.?.]..K...b......|./...>.q..(..P.....DkO...q.C....G.j.T.".C.t(.Z.....Z...&....P............c..[X..BhTG.A.C.$..3..'Z.}..)$vG/ov..@P..!Mg...w.j............~....\G ......5.....I+./M{..2w.....0.m...lb!..C..1Z.h.6.N....%.5#._y..._.l.H..k5..._'.4!..p..I''......n.c..(.8.w.j..Q.U.W....D.{..M..+").D..u..L...8....7&.W....R1.Hx....7Lf"[c..l4D.!Ad.c\..DR........{..;A..0.`.k...5.%i.;F.....*9M.....D.k....].<J|26.X.m...V......r..\.^t"b#......;.m.fk.@m0'...;."a...$.......8U.....\c..Gz..c....E..?....D0C".......E.V.-P|:..U...l#.R9...kA.&..G....[n...u3;.|.rM.\...</6#G..K[b..I..K....~...9......Z.....d........^.t.5U._.y.U..4..\.<Ou....yO..7.K.DD.....q.f.t..s.Z}..k....B.d.}...V.f.xy+ZO....}....[.d.%.^..z..8..W.......At..+.$..a...=.../.t...y.=.i.r.a.hE=..d..l..(.e...%..|........Wb`O.v...2V..c.L.w........7F.j..Lx.&aO.h.......M.~.c.{z..M..08.x......2.F.....%F.TY...R..Ry....oQ5QE.....b#.....l...V..g...1(.3...H....#ht.......w*S...9J...l.s@@....5.I

          C:\Users\user\Application Data\Microsoft\Windows\Recent\ZQIXMVQGAH.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5851F4138A5AF17DD2415139C527E85F
          SHA1:D1134302F221FFCDD452B9E958E6E568A15B7C4F
          SHA-256:4A099994CB6C73D888A954B49D754F4BEBA9AFF67B6B564A975CCA6115D68E1A
          SHA-512:2D43E03F4AB584D3483FE6EB89A532910B02F2A9AAEF4FA3776F56BB50D5C87BD46F2AE2271C0150CCDBF791E28D570486A28007830758443F67530E1BCBF4A9
          Malicious:false
          Reputation:unknown
          Preview:ZQIXM....I`.. .h...0..Y.....J:....)....*<E>.;f.[ya}.........!..Kf..Z:.9,.9r..V.v..._........[.aL.7$s..Q.9..o...G.F....=.\.%k*.....1.p&...4{..8g.)_..w......:un\.......u.."...LD.5T.`.QWL.f]~....t.j..\.e........;....IDJ1R}..W...0.1.v.uu..V`;..S"..N.z...R..._...0K.....6%B.m..~.,...y.:...~$0.,.v.....f.n..r.. ......z3..........#...n...b.S..$u._../Z..2..J...}.#."H.>~L...E.=..R.d..(:.......-..x.5.)'5.._...b;..J..5..Bri.2h..3U)...|.F.........W.~.6X..../...,...m...Y:+\.l#....3.9...D.BU..zQm...;.6+.V7".MX.4n-_....2a*.....P5.N..F..`YGv......Z<+.....5....Ep..........D...N".7.T..x.l+......)F....*...}H...-.K...h!........7..9|V..=..E.$..[MCGCO...c@.6.ww."l....*..J.rc..*Go*...U.B:...~@.>.hX3.J..J.B...N.]...9..=c.f.......9.0.......K..\....w.b...T...n....zI....[.B........39..j....<...N..)..qF.x......%.....cR.k.+ [..ra].v..\ ...Wj...2..a..e..(0...6L...G.,F@...2..qj;......sb4.omB..R....D....g@H..v......G)b....e._..Z..m.z..P6]Ad$.I. ....:..%..8-.F0gw.p.

          C:\Users\user\Application Data\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:JPEG image data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8199198367BFB8013E9CAA0F7C33FBE5
          SHA1:A6EA93F27A47A24D31E44A7EE26A62781A827DBB
          SHA-256:21112A37F67CABB394054DD5BF1BD633722762606EF6B9922225AED3B3834E30
          SHA-512:342E01E97819174A24CE28D3A262652F19874604C11A000C4E7BC2B2901BEF90CDE272649F4400B02F7671E6AD4CE913AAF3CD94839708B290672808F703CDB2
          Malicious:false
          Reputation:unknown
          Preview:......&....]Q0...n<I.J\I.n;f..;...U5..4......[+4F<o=.s...v....,..l.w.o.XC.\.......;.l.^G#._6d.r.F.., Uy..^...u../'....p...4X..z}iQ}....P.-. .3.*.\0.....1&.2xX..\b......<...L..8..p...u.8..fY.....\..m*eu.x.3....&G.....F.R9..=...G'.....;.4elV9.......{.-Um... .=.J......U...xF.G..H...............P...)#....{.N.v..B..7..M.}5e0eV....S.I.e.v..6WK....x.-.....V..%@..A.UY..]..N..9.p..@J..&.z\..._\..:fyt:....=....:...C=.^{..kA.3Z8.*o\....sj~.......(.PuS.....~#....e....90*..C.N...|.E..PF..P.2.4A....`..~.>.R|.t.....n...v.;.B.7c.Mb..j#.!...`..C....~.{K.s}u%.(...$.>.._ZdS.#R>o{o...2..M.~..T..rS./..-.. l...Y.0VSXD..$...m6....Wo)S-....z!.O..."Fd..,>...=.t...K...&..R..N.@. e{I.C./.h..6..e....!@....'r.}..k|...06X2<...9.o........;.........A..k...F.~.&...}ij....)j.h..T....+/.(..j.]....Q"..b.~.....sqY.Ns.. .1..ep...y../.0.^...~}.d.*...H.2..>"..H..[...\..q*.&6.:q..=......5.K...eu...c...})..s.....w9eH.. ...Q* ...r....Nd..gu. .3..@..A..9.Z..0....<..M..PW~4.._.

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\AlternateServices.txt.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:02496972096EA7348A1E2954EF4D5961
          SHA1:CD205CF6E6777DBAD8C1B0C3CCFA8E47EFAB6DEA
          SHA-256:B82FC1569E4C28B009FE17622934AF299FDA3E35BDEA6C5EE3D969741102EF54
          SHA-512:7A8D4E1271D08E9950F801819F52D83C29EEA0436FFE7A93929B7C39871FCA7DBEA08D4AD03C3220A498ED4DCD6A3E9858303C3DCA8F11715C4827F4C269CBFB
          Malicious:false
          Reputation:unknown
          Preview:https....1..E..._Y....../.A..N.}..%......)..}6^.{.dj.....+.4.J.\C..u'...6..q.E..}..M,...o)...K..]...2..h.`..R.:.......!..ss.T.89w...,.-R$?.R..........,sy"#....b.b..e.M.<..0..-..n.O<"A..+....v..D...OJt/.ed.=..E.Pa$DL...R.R.&H.JE...|vJ..+:.m............*:..._.,.......l...KN\.......X...S.Tp.N.3V.~..l....$..s.....X.ul'...4,...V........x|.x....K........at..n9.F..38.,..&/.D..BXE(@.Sr.o....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\ExperimentStoreData.json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:40D21E2FC63ABB2B2ECD631BF230C8BA
          SHA1:80020419A305F02436B3F1339FF566513BD79E7C
          SHA-256:6E096B541B9109172C57BE74657131D9C19E5EDC426043B607860BEEB3FDEEC7
          SHA-512:5E8FDEFC448C59B602252F9ADE23BADB730F396840F683A2B2CACE348FEA845915A4651987FD17832DF020903817B80B501EC1215CCBCBA5724D2BB0AAF2D855
          Malicious:false
          Reputation:unknown
          Preview:{"csv.....h....`@..a........d...u...br.GD\...(?.L%.....e.?5.).0....r.#....P{.8..._ryW......3X.x...~2..0%.@#5L......_.../.7......]...X*F...:...W...uVx...t;...W.a....bp..y....F+.............4kA..............)Z`#K.........3....*..gT..{^..|Z.Fj..H8...O..E0...y....$...`.n.<..cQ>..qWC.Z.@O#.3#,.$..4.f^.s..7...K..lC../...Z......o~....-..M...I5I............H.)..~L..0..5....q....m......$.1...4Jo...F...W8|.).!....`F.....hqf.$!...B-.....3..$..J.....F.xOyv.L)w+.e...+..d|'..t..@..B.e..(.......9v..n.M......u6l|-.?p.B.jB...?.....T.r...H....2.......k.k..<ep.l....".mN.......+.O.ny.......0.8M.}..!.....r.n..#.CIS..S.o..j..9.B~...o..U........f.."........*....jeb.P\?..(..,Z...v...V'.3..V.....9aRr._n..K....a..d..x.....7.a...6'........Y. .Q9.\.E.z&.....jJ.>e.-...l.7.WBm.z..]eE,8<2=..>...J......Z....I....q.m.1x..@..bTr.6e..:....l....t.~J8...i.4.#.}A\J...E.u..s....q......rF...<l6......nspD.F..s..6JV.u.j..../...(6..P..K...I......P.?vWz.T".~.._!.D.......).....T.<......o

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\SiteSecurityServiceState.txt.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:01EF81C7BA6B3A8B93ADA9A4BB8460A7
          SHA1:FAF337A739DC759FA9126FA9F99792239A15D639
          SHA-256:86DDDC5FB0197F4C980C62DBF16CF47CFFBB21B63E7F906F4A5493F253EFDAAB
          SHA-512:9C0328595BC0F9DD30ECDDE54F66E06D125FD8D6197B7F9C037E65E920FC55F98E33A7E1D54FCF20214B99D2C7900A28475EDC3FDF13216982165219EF01AD8F
          Malicious:false
          Reputation:unknown
          Preview:aus5.8..(..D.\mI...F..D....o._.[p...Y...Z......Y.......W.v^..9.+.;Q..J.3.yX...P..d1.N[j.'.B.EEt8.......MB...A..o..!Ub..R.<.."V...e.+..s...b#..?..".*......O...*.~..k.y.>...."o.8...+..~....._....5...=j.d...p8PK.|...O..b..M..........GCQq1..&L.....3t.Mr:Z.........&.....E....~..!.....Y. =...G.....0.MC..D...5.9.Ucq3V....H....S.....J....e1........,.uh.^m?.BL.*.R.}.j6...qi......y..9.f...TJ......e.P...X^@...z..~.......Sg~.;$.K.L....{....9[.R.cY...w?......yI^...s.43...=....+.............BF..F....?+Mw...pZ.9O...._(....@Ep.i.5Zf.C...O....$Z.&..^c.pg#.daft.k..9.G....!.>.$..=....f......^.....h...O.P=r.G".y..`.. .......l,W.yn.0.hH`F.77$.X..u..$..2N?T.B...|o.p.R:........2......G..uZ. .2W..."..mUA~...t...(.) 9I...<c...e.C..>...2.m~.X.X...e.=e..Qf9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\addonStartup.json.lz4.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:AA3326BE20F1D740C6C1DA77E61381EB
          SHA1:DBF71C280DA07DD84F1840439C4420E5DD8A20FB
          SHA-256:8AE31791B2474692B31193EF12769E2FB57EB3244C454FC65CACFE3DD2C54F9E
          SHA-512:BF5F499D344D596C5B16C5B65ECC52426E2F5A9E51B4DC8B3425C566632382189B02090AA56FDB921C601E4D4810833CEE8E93A435A7FBB2D289157FBAAE5F93
          Malicious:false
          Reputation:unknown
          Preview:mozLz.3Hx..}+.7J..B.fP8N"..>.......*..F.B.^1i.'....d.M.1:.m9..y..v....K`.F..u)...EAH@.+-....Z..Z..o.kH..in.....|)....#....:....#..I....W...@..p....S..(.-....4>KG.].:+q+......c..02^ml.....A.8>;.....u=?....Zk..fI....*.Y!I).....R.4^.\..=...Az.....%...7....@....Wt..6v..faa-..eT../..t=.!`.e}v...e...%<.F......v3.sp./[.K....f.Zd:....$8Ku..(vF....o..........O:>~..mj.6u..(....r.....J%0......@..|....|.U...u.G.L..,K.B...|.....2..<C..|."8....<O..sZ..c8......M.[@..?..:....l..4.:I.(d#.f2...3..G.m..[.J].[....>....e79....c....B.<m.)>o..:..9.t..\%<..:v.=-v`1.d.......r.aM.....M...I.K!eC.h*..99..u0.[oxM.?...;....e...[l).=..!..i..@..]......B./B`I.|.2..(.r..}<zdO:]..E.t.........K>.).....NSevrL.H....?.....iS.z...*.>...j.f..w..mX.SC..s.}.%......W;.9.M.....G.w....U.7.K........... O.......k.z..._FOEv..k((.....x.u...|.g.Z.u....k..."....?x..e.#...0..5....$p..=...R..=....f...P...../)..p..{~-.D....X(........q._......d..T.<[...?.w.s..s"...R..i..x.*h?.zL

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\addons.json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9E74EFC84476CBAA09EFFB3F8D193286
          SHA1:A4CB05AAB87ACD38AB240FBAB4E48016C0B5E9BF
          SHA-256:B7C606DF0DD10F5F534E5E8502C6CD50CC811B5E172D47633828585E0D3E3905
          SHA-512:9947A34CDB76325A79D90C8276E496EFA6116280624A562B68B1DE3D293C68D4754A2D22DEB4FD43D42CBBF34F91CB414B57990389CA41CF12E3E6D213EAF6AD
          Malicious:false
          Reputation:unknown
          Preview:{"sch...t_.l.]wy=@I@4..`.4 1..z..F..@...Q...3.h...{..Z....H.H...r.............;s]....u.8.J..9s.+t.n...K.(.kK...@*Rm.#.;Ct....3..^;..k{..;...`..Ld.M....n...S..o...mo..Ys.4......-.....l.I.'p..<.3......[..NW'.C.?......>?.....B0a.s...gk[+}.0N..ui..-.T.y..<:.n..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cert9.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6C76D872A304385C31522809332C5E1E
          SHA1:A581789F37ED5E69BAA2AF0F52A007F440770F78
          SHA-256:1EEB9B207942C20394C096092D3D77E85B47F187BA8735A197AEA6D01828BF2E
          SHA-512:F271999FB32AC89E15E49E89F30C819789403747E43F7CE8203588FDB5204F42FF440A3024D5D209E990F69DDD21921F094C855F8321806EC09C6B7D53214BD8
          Malicious:false
          Reputation:unknown
          Preview:SQLit.e.Y.U.l.Xr.;....q%..[.....6....r....yP.0..#....}....A.n...g..M.@.2.......\L....y..<M...... ..@_J`..y..|..c......' .8...G.9s}.....3Vy...wK(..(g4.J..}8+..`.;2^t.. .......a.X.>....B^.S..v...:...?...A..w&..3.dl...uM^....Z.m.^...@..-F#~b....]\..z.[!.r....d...*hP.a...wG.!.]t..H`..=J...i..Pxx&3...?........q.%.9.kb9..'f..;.<.'^.v].Z.t.....m.?..}q..VS.!4.4.]nS.....i*...A.w....ZW..j_Y...|......+....=..... ...8.%....p...3..v).@hO...T..Kixa.W....a.R....Z..:..Y...bT....-..&..,......?.L{ M.2.6...m...*M..dW.+.....Vq:Ha..G......._.....0.ZM.G2.nG...CU....R...sM...s.f.i...O.....0......P....H..$.. ....w[u...eV.8x..p..X...<RP...=y$-......`....x`..*(l<..%C....[x...=)..K....6?..;.+..a.#.c...`..a......m..|.X ...l..t`.!...m...{Z.."-H6...9`-Py.ZHp(.#.i.y4.E.../z.....{m..d......3..g.)*Z.;|.Z..Q...0.NU.=..7....N....k.bD.......}....e.......mF. ..F..2..G.."..;.6..V...T..p..+$.m.....I..PT}.|O..f....|..Q.....w;=.unL".\.q...HPx.{5e[..mn.O.........<Ug..;.F

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\containers.json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0BFB86C4C93CFE21C3E48D939C5E6B6E
          SHA1:5D53D60630E8C4330EE846706FBDF22476571EAC
          SHA-256:32716A9A9A25E70940F72E93F1D0BBB845831FD59CCB360D5F1B21894482C60E
          SHA-512:F950477D8470386BD663601692E8BEB93A684C73ADBCB36FC810180BDFCDB7EC26786960B5212CA5F70F269915901892764EFC4A5169D016232CD1758CA399DD
          Malicious:false
          Reputation:unknown
          Preview:{"ver......?....]......K.._].3*...!.......!V..].a..g..B..dZCUr.Xk..Ol.z....D..9...4.26..o7.S8+.....!5..)R tb.$eq9.za5.......FG...X.4Q..5L........7_...|...&:*..[..b."~...M.A....Y!.....Xk....vK.b.......W..$.`...V...F....C.........a....`.M....wi..048pb.~q.~g..k.>.9&<.\(}.....&z..'.y..E..P...s.c.bS.\........h....`IIR.`........<....s.K..e^...o6.]y.."..h.K......Hw.U...F..$........3LI.&......g.9.b.9....[.&.r.;..Q....f....O.G.-....HC....VC.xj. }glz(...o...tc.d.,...6..c.Z-.S....j.....h...mn...QU%.......v.........R.Bc..1.l.oT.HL.K<.l.6B.s...P.E..j.....j.!..w.IA....9". l.@S......-....RH-a.p.5...S...-. ......V|..%-.4Uw2....v?.r./..W.,.(.....4,.l.pe....X.....P-....I.>.....z^DU...-....Qg;..%......(N..).^..Y...../k....b\.....@E.....K.:.....)....][.%..M.5}-W"...Q.S..]~.."8,....mZ.........h1......}..".$...,.x..i.w.N.p\..Z........O.k......;..'7Z&.C..(\.D.TKRH..5!.2.VM..[....I.80..qh....5....-q.e...Q.....{[.....B...g.!lB...pJz.g..C...`..

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\content-prefs.sqlite.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:57A78D1D5EFAFEE590EEEF15699066E8
          SHA1:916CFDFE1BA3DA539E64CB8977D3AB4BC203A1C4
          SHA-256:93D853A99FA7AAEC45C196C32F4E30E133D4D199E572F699A41E8BB236C59E78
          SHA-512:1A0FDACE7C9732014D7814B44B58AAA12F4CDDE2D2860ACEA157207B408E73111EDFA3D28896732366D5FFF5878481AE10EE63E28CB9293D54C7F87A309A56D8
          Malicious:false
          Reputation:unknown
          Preview:SQLit?.f..V.!....p.$.*.....a.P..eB...]....Q.s.o..5a[....5...7...}..D`[.o...wc.2;N8.!.:%0..R.....o..|$7FC..*Y."..{|b....Y.........?.#wo.Vc$.$.m.|.*.o..F.t.Y..4d.v>/#[U....v..L%.....YD.Y.J.a.yeA-.#n..(..s.ziA.a..A.i!...R...I.*.).y>.8....\.*Z.....u&\.LT]..v....[..nV.Z...Z......^nl.`X.7DBa...~.:.^z.E.C.x.V,d.....J....+;...Ot8l..|...........#@...S.N..|1R.4H...J...z..0.:aA.E~.<{...Z........%0.h...N=Z......]...<..C.x.._3...r....}...a..E8{.......=..[%...4R.........X...J.....;\KqY.Z.s...=..Q.......#@'....h2......qh.......<z%s...i...r........v...m...m.j:..S..Ua...Z.A:..&.....t.hl.X.....z.@..p.....E.V.H.q.B..AI...-l..`..........b_.(..D..T.*_W......l...6..=.'S...1.%.X.*4..z...Si..3_"...\9-.u.......Q.....~.x._..kE..U.`...)*K..2...'.HrO4a*.4..@......wf=E...%.j..w.0ba[~?..%...(/.....>..W..........{...E.7k..Tj..2$.3...........z.S.e.'..../.MB).b.....'+G....#!..N-.R.%....E....B..rC_;..F...[h.g.O.......`P........}......r.....C..Gv.q...4...bH

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cookies.sqlite-shm.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B3FE8EEC01012F747A839ADA5B9113EC
          SHA1:BB63C78DB734E9B2338A8095E86E2A1C658A8200
          SHA-256:7DF15524A18E1EF1DB08155A8EBF5B566E3396B550F315E146CCD0FC69F9E110
          SHA-512:E14F748F07F4808ECFCE13407BDFF94C11BAA5C65A5DF86074C2FB1E76ABA17355583655180F1FE5AB07480DD0FFED633547A63A09595CCD0383D502F0522197
          Malicious:false
          Reputation:unknown
          Preview:..-........="\....n.Ly^....N.....?....)......l6.....p_-.;..T.~.Q{c..b..5<.g..w..}#.YY...#w..$.6....H..p.[.k.Hx..$!....}...v...6rEM)zVDKU.h..$..k^...!Q...z.........T.qg.,.0S._R.{.X.K...Z.......s....#.N..Z%~.0.f.8..CPrW.....F&.........A......A.w.QC,hD(x.-..S..b..V^.l!E.Jw.;.D......<j..U...F.oW.......%B.Fd..x...a.}8W..|.....~.......O....Y.?{..tb...3o^.tP>g:.R.@..k.........h._..C'.A..l.....I."&.q.M..c.W......KH..>..J...Ye...0..B{.{.+...<}z.e..n........L.).Q;...w.F&.z4U.`.n..._..!..ha..sX......r^..*TU\."......IQb...{\u?.^Q....cg.ws8.>.......l..d9.....oc.....l.L..p..#1.v...x..N...."..Pj...}.g..JV...4..z...B._.=..`.#......(....Y].....(..*E3$.?..0<Z_."...!8....,.!.#L8TyC...;..".9.u.....9_..EPk...XK.g.y9Se.;.^k..b.G..+bew......=...4......Vv.....w..._X.#.bw.Z...<,...5F..3.W..Za.L.GG{"u.....=..lN(..=......./...R..'.W.5.q...j8.q|1<@k.M.p;.Y}.n..x......9..I.20..p.6..~.~...=...........k.T...q.......|l.H.....y.D.....[|....8/6..#.8.....cl...W)F..N

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cookies.sqlite.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F0E516C58AEE44A92FC77C2ABF7765F6
          SHA1:D6B5F9D3044DD42D6B20631E448D2860A0DFA298
          SHA-256:3191A07EE42B4709E04C78F3E97FB6469A65F08D404BE775EF7851C653849A2F
          SHA-512:020544081107A1E0AD92EABD747D24B80E683349A260F06D40ED17B4C99431FDD4D6ED8246245F6D6299D87B744C237359A9DE30AB839F5550E37276C7FE758F
          Malicious:false
          Reputation:unknown
          Preview:SQLitN........[.l.f...+..7g(.......@E4[....3`.........A"C....>..#..vH.J.F$5.M..Cq:J.")...B.....P.W.#a.{....e..o./...>...\....Kj..$@:....k.1X.._.$....:.I~3i....g.........PT.(.O."...M..o...g.i~/...sxglIO...0wi.'...n...K../@t...s....i..}.E..v3........f'.......?..xrp<R..y....Y^.!.4.......J?".....l.We......<..*....L....e....T...,N.@...h}.Y..U.....=@.,..kUgL..d........6S.,.1}q.p.2H5.q+..N.G0!uk.~5..+..6d;."mq.M-m..A#....i.x?.r{y-...n.......].*....f.aPA..&...}.ZX.QM..VV..i.Oy...2.Cd..5U...&....T.k..........2.:....~0...U..w1,.5.c....t).... Q.w.GI..4.Tu9C.[......O..E>......C.J.|.f..Eq..n......T.cB..p.]w9...i..'.<.TG...r..T.Jmv&..ifdt....-.......t~..v. $.+_R.a.cx!....}J..C.s..+.h.J].M..u.4.TP.z.........4...@..(E).Q+.C......i.K.l...A..a..D..f.M..3B..........4o1..'2OV..........5.+...{+2?...........o.../......n.l.=.El+..Er......29s..]...TE......%.T.)..ll.:lI...gAU_N..l?......E.....m.I.......=_1 ...&q5.f,..1iX.(....g"...._..+..[y...../...

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\extension-preferences.json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:054176B1A15398DCA48BF040571403E0
          SHA1:2918D0F3E9E893F65BB82AA8A3F4A6541040424D
          SHA-256:8D79B16283E92E52A50ABC50A4838B4CE04CA0BB2318068223CEC91DED53E133
          SHA-512:417597AF9A96508294013A069B7B509F9DE230BAF9A92BB2380A455AEF3EC5681786BA05453AB1CCF8B219B8216A577F21F81D5B8B78CE2E1DE0913148005B78
          Malicious:false
          Reputation:unknown
          Preview:{"for...f.S.Ni..%qwb....T&3~r.}2dDf...~H.i.!P...+........i.uo.2v..S4q.1tw...P..L..w..M.l...G.`.AV....a.Y.b..X.7~[M.|N....f.7.....Rt....y*.G7..(*N...]Hy*...c.N.B0B.j.JrH..k'@..>r....p.][.X...7.*....Q.=..<....F.VV)....3.N.}.&.p..'s...".i...\H(.....?..3<..;.m.Z..t.....y.z.W.^..6L...j.j^...i.]-.p.s.M......Mh.s........7.(;..0..I..#.z....;.(.9Uc.d.h|Lp..b..rB...gNd.K/.0Z..t+.$k[h..&..f.u......!.k..p.?..I..[...3........c... C.E|........?...ou...........o.X....G.%...S....y.:.....d.!$.-......q.FC....U[?......#..\..m.tAN.B.^q......2.....3N...j/_....sG...6w.l.o.WiIN...ghH..N...W....4 =...!T...J..".W..s..3;...H......`..;..u..n...j...'U`.P.v.]>K.5d.).....K.....!..u.e.2....\....;........v4.Y....M...2....[.._..k....).#J..u..%.f..ya..M....y{...F.U.M....Z9.1e]Ls[.n.i.5..;..Em..K7.<W..r..m.....?y]x.y......j.#.d..U....@D@R.k..{..V...\Bmy.....X..32.....6.#...R.P.2.H...z..1...?..*...]......NWs...... .;..........;.6q.^.l...ezB.Z..P.Z..S?.4..A..=...K..I.......j*.

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\extensions.json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0949D007E65F083B45856BF9465FB97C
          SHA1:46F74B4800D205A3934BB20B9884E41F31F1B0D1
          SHA-256:E48D4DDB018121E9016C6768E3BEC596F2FCF25F64688C906FA58EF39535FD5C
          SHA-512:CEC699C21B70189DBA3923625745FACBFC0CE74A205131C7A26B725B9278048C2A9A0FA138665244DB91CFF3D440DAB9BD72F441B3111803533297BE40842763
          Malicious:false
          Reputation:unknown
          Preview:{"sch&..x.5y.F^.}....h...FI.5......%.........gyg,W....N..........R..Vc.....?.. ....68.............5..L.w.....@.?./&q.2.....@.j...r.;..g.v.......%....y.x......0...V.J..z.......a.y......#T....-OWH/.)g9G..P...$.d{I...5{C.i.DLL.S..3...9_.?....A.....E...*d*WQ.c*...9.aw.<.9...]u..Ua...g...."Pj.....~_V..v..F....e..,...B..f.Y.k...6^..L.1..w.t_.'..Bz..+.i..>E..$.C.......)4.$...,9;^.s...t.e.../..$.k.|j{.\..o.T....!../i...I.{...{{.n)....^.....vy.s.d,.fo.<:.:B.#..z..m.J..E..D...........m....3...~-...-r*..-5.Re...`.^.b.qW.q...k...SP.g.......ej.....[8.......1...Z.Idf0.s.@.w...Z..X.....{.r..-.Se.O....7s......@...'.4.../.$(.|..[.....m....2..z.PZ]..rP{...O.k.1>`.)...5.q?...M.1..D.\H.ty..s`.{.?6=........s.....0..x..%..=(.C....<....ht<.h..r^^......f..N..V|q.......WM../.C..P]F.."...a....H.....,D.z......U.A...t..Qk.u2.....9(3rh...Uh..Ddn..s..ES.TujCR./...`.?..W..>..y.............w.^.~%.$.p..!......>.....!Z..Q..t..4......{..X.,....,.B...^..vW.(.7r5.Y.^..G#.g..va..o-c...

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\favicons.sqlite-shm.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6F958EDEC98DBF076FF9A62158A7BD83
          SHA1:A91AA6A053633ABA1B1EB871A978E172DBF86BA7
          SHA-256:FD1535148574575058759AB94F56BD397F5030D4450569ED92399477DC8B5E0A
          SHA-512:5ADB784DC36AC794B58A68CF8C7E4CDA83B0F2433E47B1D5C6CABD52450F235078E60911CC17821D8561F4B590B58CDBFA8D21744C0FD1BCBF61FE2BBF39EFBD
          Malicious:false
          Reputation:unknown
          Preview:..-..#..... ...O.Eq.Y...lg.c.7L..p.(.L....S ..#G...)!........A..O..0^SV.r.\(..)<K.d2^@m&...../..B@...E1.-..n!.....g4.Y.z..d.j....W..k......*..}/.+G....b..V..a...}..O.t..u..O!.g...... ..|t=..C.v.x.DmL.O...i......_..P..v.,.S.C.....~.*1.d..... .S....x..M......y..U....8.....e=..v.(..|.v.u.(TVnb..?...t..x.m.*.JP?!....>..MV._.2.A.>...n....j....7.V.]...58.....?d..|...dF....^...g.u~.dE.A...(..Z...Hs.=.M......f....8"i......./...L....T=..+...{.V*....@+.=.C(...8./...#..@.....ZK4....."\....|.K.1t...w....3......}.Pz..DCh.Z.Y..+...."~.....#....%.u?#.....p..-.A@.N...p..t.2_...*.:..i|..V..3..f.I.Og9.[s...N..x.<p.....p3.....[3!.]T..n.0........r......e.v.rOfB}.,.P*.........>..uS9....K.V..uy\...c>qU2g..".J1...<.n.V.#..8._....p.]P..yA...p.......DZ.......T..cw....Z...Z...[......,.E9;..q.^...J......].?)kK..,-:..ty.-A.m.=9H&b..w _1G$.S.._.ma..o......D.k..7.yh!...|......ki.9~...t.......Zu.x...R\&........V..h_.........E8+..3.$.C?.r.._.m...d..V@.>.B......"1..E.

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\favicons.sqlite.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:18DC32C18912B27F07CAFBDCAC427884
          SHA1:9BBAA74DF9233D6E9E264D9320192B0D1A51BE22
          SHA-256:CCD95096FF1D4CD42953AC42C6003231D257A3C497E5DF1979276B651120E416
          SHA-512:9C530002B0F690ACEF192865704F0783E0C90CE53661F05FF590E1B2ACEAEF6ED1791AE695A4F603409EC37DA7715C34F882B15DA8ADC6AD2CE811EA0185301E
          Malicious:false
          Reputation:unknown
          Preview:SQLitp..S..9.@....qu.{*.......<..I.8..H........O*r/B"........p5$ ^.....V.h|.J.;*y.k....$....S6.,."..J.i.[...Z..CZ~TX....A....:.3.0.%H.|$...9.,.8w....c.P....e........Y\l..c+.h)..a.....7...0FPt.bf.l...);...d.:.....U.*...=wZ.%za..j..V_.P..=..........^`.w.....f...k..E-.M.X}....[....1V......".t...8...x...'NZ......KD.....T.....4E,..H....k..8^L..@ w.M2.W.......a ..p.....W..k..fp.....,MA..m..p....H.R:..C?..."V.%/d~....XQNB..{...j...........s%............51.<.,.3..{;(3.n.....7*.Z....`........J..........<diw...)p.IcH....E..A.\lO`.......F.k..Q.Y....=....D).~.+...]+...XR?.J.o3.P[}..v.~...._.0.$B.O.....U./...l..g.!N;`J.2..u..%"&`..pr.z...",..w.(..&.!...-...o..m......2V......WF.T.N)DN.. ...x.{....FYL.Cp..l......x>...mK...mh...C..X.._.......y.1..>>.I..U.....?m,.+RX].E`D....a...."..r4..#.=..N.....?......8..............g(..=%X.a~N....n...h.-..y..N..(....T.......#.....x*.......{...R.......d...3.=..p..5?4.k,.b.*`.t..qC.NFu..$.)........%Y.K.H...1)...."......$

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\handlers.json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F227847207EECFAC82DC7C1EDF25165B
          SHA1:F61995F47243726F87A136813673DCEE2EBFCF0E
          SHA-256:2080D0BCCCCB5245363FD6C28BBC6182FF29A3A69419B274F285D5B3909721BD
          SHA-512:D31AA4DE81715B253DCDCBE9DC3BAE354805639CDE4D2C4D2A8432752C3C81709C9C1F216E023E3241294A867A0FF1BA509B2777283980384B857D657B6BCC04
          Malicious:false
          Reputation:unknown
          Preview:{"defBd.C.T.5&....K.g./.....[{>p^c..x[b.Si.'V.)C.........#.....6.R...0.a.....Sy.z.9j6..(s....F.M.....G..5....N.\..&;M...~4.$.........vt.}......`...61......^.I.....0..G7k.c.:|...Qn... W.cy...t.N.....x|...e..X_.L~.....+......p[1..R<+.B..).M....G.c.0P.U.|..o$Y...L.U..E....ObCG.y_.......|]M....../.Fph.G.....[=..#Q..9....\...w.80.&......B..$.}...k....._<..`.R.....$..%&...gATK.{.....l...u.F..(..^b.r......^9...tW-0.\...wU.. ...|p....jZ....8~\"$.9.*.f.O.E.C.....Q..Ogy...[..|{..I0.mC.v...+...V...1.U..(.*..nT,9WV_&.,...G@..........A..Ri7.j..3....)..b..29kS/.b......@./.S.G.X.[PP.....T...3.....c....sX...UZ.%x...]]2..V9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\key4.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:02F222035A6B8DDC36AB2DF7BAF2F661
          SHA1:4B3411A4AC97B7E85DED13B67EFE64FB5259431B
          SHA-256:436947555B72AF74655B942D01FEADB7FA7BE3F24179D47473A1AC088718EA39
          SHA-512:EE73A8BB43489604BF66ED9EE61E6A9F705B3EFD4BAC4D9006D8E29D319B9F040EE65EFA791239E2227AACBDCA0B86F715942E63F6A5E816DABC24F56F22C69E
          Malicious:false
          Reputation:unknown
          Preview:SQLit..d.H..x...Ry..........+q......j+.....B.t.O..tX...7....]..A.V.~..S.5`.Ya..;..l...Ambc..hI0*..WFO.....b^.1.N.?..5.9..9.t.Ro..&)z....V...5....5..?|F.A+.C.7C..~..u.N.......A.Q.1...%E...`.......*6....r$<.\.....*.4x.Q.9._.m$.....a\y.L..Y].........5...R.b..q>.DK.>.2T..0z.......C...?.L.B7|.$.L......7..MF3.K..!..7..p..q^VB5,7.)...y...1..!....Io...c4=..v...x..~Ei.&W?Pvl......* .|.\.P~m..K7.MY.d...(e...j^.......0..#..r^Y\q.M_d......eS..Y.H`j.....s..m......p0.|...E.t.!{J.........S.s...S.j'.ysJ..........q..ka.^... ....h... q....v.~....(..$.cAn@.F.O..p.o.K_(...!..4..(_.F4h..b.q.+%m.t.z.....u...m.@..)N/.R.......G6..".=.i.Y.d.`...t'.&.....z.......S..8...&...%....y.U!..v......5...PFm....Sj..$.wj.$....p....].J.q..S..(.(.&.g.s...%X.p.`...6.v.3b.I_..Zm8.IZ.NK..\.......je.{V.v....K. ..D...y.#...u.<.......:..~..e....C.n.,ll.D..n.V.I{#..g..\..Mi.{...l....O^yv.Q<.&.O..s...I./V.....~-..}V4qt{....7.H.w[..a.YI.8lY...I.".A........7*...S.......E.....<.

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\permissions.sqlite.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C423BD5427171D83AC319BE6BDD4508F
          SHA1:2BC7227E5C06B163B84BDF6DA90CAAD59C52F152
          SHA-256:97C645C849E866964E375AFDDE561BAFF5BC8D5951609E4BA038CA62C9CA692B
          SHA-512:B14DCC02FD9D1625EC97F74826C02288A5D076BCA5854F6F95F5BBDD1A410E804FE27CAA45D34B0671616DC6705DD4659D32D4DB87F265655B4654A7DE705D53
          Malicious:false
          Reputation:unknown
          Preview:SQLit-...N.I...U.....Am8.5,.._xu.^..F..\6.S..^...(.{O..4j.. .~.W.y.x.A....CbL.O"C....B.].........f...!oj...O........Ls.-T..^ .V.....n.$.....c...U....)4.EQE..9.q..I..Dt..F...=.cl.5/.v....X..x...K...gO...df.n....P.o...=.k.._: khR.5.M..3......U..GkS."...8..37......Q...&..&..._iu[..'..8....N..l.?..G$....WcB.c.t..8V....a.T...g.s.X.O..C..ws.K.%....@>._....-.Z./6"..>L...!...u<.....EY.ccA..Vp.M..#.p...2...[.x.g...&.f.q%.c..c.W-A.t...@..c.n...e...E.xP.#..../.........co.\Q....+.'y...^..G.=.bB.....6\?..A.|=M)......]%s.Z.O'..........X'....RQ......<.<1N.8.KJ.$. .....%.D.......p.%......}n.U.db..V....!\...X.0.o..*mo.1yL.E.....I*\g..;lI.a..B.....Ua...h....h.......B......$..`.h.....8|..)..0...%.gzH!;...\..#.u.v.~F|......] ....<]....O..E..\..1...U....s..@.*.lo{..;l[.y|..............UQ&..H'yU.C..h{..<D_.v.....A.....b8..h{m....j*.&.(.D...w7Q..).......mZJW.iU.@(.H7.5.D?,.4+.!....*.GL.$m.....|...=..x....l.Pl.....Ds[.K.w.....2u......d..D[.m...o[.wy..E....Q..X

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\pkcs11.txt.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:430106DCE34B303D8671DB425526D89F
          SHA1:865841F4CB3F7F68C02E3CF3676ED656DA5FA557
          SHA-256:3C5F59CC9435D29F4A269FCFEB984EE21D5F133FAE2CD3ACF85DC74503CE890D
          SHA-512:D23DAEC0B0921F6FA3F5D9ADBE3315C4D6F9436013CFCB0F89AF1653ED5B3BF387A32869843B40E4693FC8AF09B28795FDA6606F5170C6C30DDAC48549581B4E
          Malicious:false
          Reputation:unknown
          Preview:libra..u.d....7.;U.]i...5..qS......b.../...xp....f!...d..W.|.,.......|.Pl., ..#Q>..nQ...=}..0f..80d...A,U.'..5...q..r.Us=._.X.......`.P+.F..._.q....&..w..Gb...1.....R.....:.....#...B.....0...q.3j..n..7.j..K...mF.7..4..J.v......Ct.s.r.2..4....X..*....y.jf7...&m.C.."....'4.$:rv{.5...."x.E..=b3.o3].&....5.{Bh./..ZO$.*%..Z.P......:.W..gB9...||....W...lu9j......k.].4]..O.Z.....Sa..[.d{2l...~.d...O....~...b.#.....u.~..k\P)vZ..a..Jb.W.X.}..Y.....er1K...nE....`....}.?.=Y.b....+V+i...9....^o+Rz...Zu.nb5.: <ZQ.bg.A..O.;.ZeZ..@...g.c10d.O.......*Q......V..T...l.rCC...V...8.\.:.w.0........<..T...Dhu....,..4...2.`.>..@.F.|...t^...O.....U.}v.S..n7.n8...34.\....y>...j..*v.`M........T.!.i.....`.Y.d...7.&1O.....IX.y&.....6.MB.iT.m/.@.4.Y....a..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\places.sqlite-shm.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:551B92D39B54169388C2E78F7DF7AA1A
          SHA1:CCCE8013B98BB81417D6D5016A8187BAAEC30827
          SHA-256:6D5EFA13DF57BEF68560857A993A2214CFBE137DC7499AE20F71D66C033B5722
          SHA-512:8EB7FC13C76EAF36B611808D158737BBB339762F53BEC880BE62F61429BDC05E270F706B6514C511C50C9C6F51DA3F1BE461F084E66BB93BBA6B17DA044E6768
          Malicious:false
          Reputation:unknown
          Preview:..-...i.y...?.HV%.OV...[#.P. o.....p3..)Y.Y..._..l|.0J\.&...Z..M.1..1..Y-Ul.P.."4..E.U.......i&...F......*...)......G]..%...(....:.".u..En-.:..3B=FL.A.p...8...ZG?..>.l..e...+.A...N,WZ..j..._..R..T..<R..e{..x.ZK..R..c.9...Wi.......o-...........j"..sFTC5...g.&.t.8.?...7.......A...JYL.g.....P.Q_....:...7..T.....N>*+.n6...y......A..0.p&.m..I.....-........K)Sg.......x3;.dR.u....J..-%.'..z>n..C..Y|..rt.....of.....-.d?..M|....r...u...k.....8.o..d.V..A...!6.....o+.Y.&....si)2...v..NkT..=.)`&.HJ.9..|9Qp."....z.\8Tk..".....z,.zc.... .Lcs...F..!.."'AP.Na....;+..&.=...<.d.V........3.B.7|Vf5s..C<s...W.).......Ws..z....5..1y|....}....l._..r.f...5.N...v.q^&"....e.......y!.?.B...0..K..Z..5.T............G.......O.$..\.........K.d<4..V.%.A<..b...W......<Xn......Q..K@....`....\(i.q.L..6.<...3..,..W...At..h.[.9.O.i.L|".lEf.K..]..\J.y..ydE.w.z9.(..t..*.G......1Tt......v<j....d...*....gL..&KUk47S....A.'.]......m.S.p#..<<_X#.....lx4.;.X....7.`....?.

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\places.sqlite.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D831AA2550862741E17650BF72342E45
          SHA1:0F27B5A83596E95DC2258F762493AABAADCA525B
          SHA-256:AD1BF6890102305B735F3320212F88F706EEBF84B32EE137EB839A2BE2D81880
          SHA-512:7743F970FB62272EF3634676A2A9FBCC3F5101C1E50EC6EF255BFC20A5D84A89ED49A389E695B0165506E49D10A2994FADC200C76F3E70DD6301E2F255231DE9
          Malicious:false
          Reputation:unknown
          Preview:SQLit...2q6.o.........:H.CLf9K..4_n.W..M..1....-..{...xMBK...I.%.!.../.F.0.......b........8.y.Wx......."g$...h.1.}...+..1..".k.5.f.k,U1..S..87#*.......(.?wJ.Py.2@z.}...VF".....;q...}a...L.79B.m..s."k....k..or.yo.M!/Q..3...7..1.....|F..PO..m.....y.X.......u.9.-jy!..=PO..`RF..M{h%..Bc.c.ib..<XsG!g.C..Y..z4*...CZ....y..X.xv.@4D.&.;3...H...,.D....Y@.6.....ol..d'..dix.=q..);..d....&..r*.s.v.=.5%...C..q....|.>c{.m...].<.\..s...c..j..H.......7....@...H`.."(..B.M..D........LI.o[..<..4.(.....z.......V.|.q.B.m...:H!r.W..]......d:.s..+M...M..@...N:.w....q.v%...]V./..X..u..-.&&#.)...t../Y.`.l.....C*..&.v..|.]A.A.O.@..r.s......r.]VY*..lW.>.}&.l..|{..q.8.(Q.)...B^..*.Q.... S..I0..U.O.@..`h.[..W...(..d...)..j$.y..o(.\_.H.#1..R...KS.~...+0....0_n..C!..Z......)xw.}0..X..A7+i...w0...R`....Jd.._...U......!..`.f...L..2.9.U.f..*..h[..&.......k1G....a.C2.....&.+E~.5p..M.....AV.6..Z.1...8.GR.F..c..7....U.%.|i.\x.:.1.yE..6...+..8..P..x.H..g..k..m.D....h.E.K7..q..s....lH

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\prefs.js.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B63E3CA080B3990CD72DB89962275637
          SHA1:48B42805B9C40825FFCD2897CFE5488D88FD00BB
          SHA-256:61B99747E8D06783C171D94989D834FB9E884FB9FA0DB96F459F24E1E9D693A1
          SHA-512:C6D710F0CE1319EE4B31B751DFE1F064F882AC8FC1992C32810AF4BBE4A55D284EA6465790C10EAEE1BFB295360FB8160ACD10EB2DDD89C860B3A223693DB102
          Malicious:false
          Reputation:unknown
          Preview:// MoR.*41W..K...v.V/0....../=.........O.]D.?...BX.G...t..E.+......4...}!....c.wY. ...N../M...`.....P.V.;._N...;.D>......../..f.yDL0s.........&K.r....Z6..K.O...n......|..n...5......+{.q.'`.[.M...=m.Sl....A&QP..".X....P.`l..LP...m..QI.~Z.%\.l..S.).Tt..F8.P.[..+..bFim.,....2.b..a....= .....c...h....K5....G... ..Dy.~I..f..s.....W......<!o.V~L.L.Y~...N...._:.>..~`J:.cX.$..e.....y.K..8XE.m.n...h...l..cY?.Oyc]....%..*h.9.A.^.W...44..v.....1........4f.)..&.m. i.$..>..E...o.~g$..X...g.6ieY.......q......7.....v.N.."..3.[..=.qc.d(.)...t..iP.I.25....)%.$5w\.D......O...1u..|...Qy..X.M..... .P.'.-..P...cW...k.2..5..A.R.T7....=$Ib....hM..XFKt.H..v.@......d..=.%.@....{NEZ..hv.)..;m..~...I.g44..e......L.#.~...Pk...>v..36..S.3Z...h...n.9.wkb...e...S=h>y.!x."......B2...(E..=.&E..A.s~d.."%.u...~....Y'..6.G.|z...3.}.?.E..t.-..o.8. ....d... G..$.J<=[....|9.S.GK..V...a.....OogN.x..,.o..YA...U.....E[...c.....7.l.l._!...&..._..g).U)YE..#3.......a9..'m...M.

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\protections.sqlite.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0F4489E206FC4A6600DC09CD9A292225
          SHA1:199E6E20F55C1C3D3F4FC202D33F88FE939F743F
          SHA-256:AC6ED966CB34B81C40A0E268F00C17AE6C111161A3D53CABFD5563C493A57EDB
          SHA-512:6AE4CF8BF13BCFB20E05EAE622EA1E33E1D326011F9036FC6C6D98C488BF9B2EE1BC74A564787DF96E88FC46397D5DFADA81974D7640903AA582B7FEB9CB9D0A
          Malicious:false
          Reputation:unknown
          Preview:SQLit.8..<..Lk^..r...l..P...2....a..P{.H..3..N...P....\M.Lc..!...;...D..aL.A..z.151......$~A.=Z......xJ.fE.u.>.] ....>.\..?.d..(......c.....-........h.y4..$........E..f.2..<+...8..i...M.......Z..c.8....P^V.,)..*_3.......f..>4[;w:W..76!..k$A,...:..C..9J..y..7...W.....h..._..\.<z0.....y....{.......:.....\..p..r.w..[m..~.Z........aM..S.i8.Jy.3..xO.\C....y..<^._P.d._.Q+N..f..L.p&.u...?......%.,......yk1.407!_.......WZO...7........5v-.j...t.6..x.....2.S....o|_.}A..(.Y...........I...P.....B...a....('F.%...U.0./.....=T....1..>.Mh.ljB...Nm.}..{..];]m-r...._.e.'.I.....P...T...V.....d..,..3G....M.5C.oR....M{q...H-.XK...t.i....Rcr.k.l.<..[t..}E.........V.tM.4.&.OB.N.'....-T.+.J.`.Y...#0e.......@.Qx..*.*..X.y.>Q/.U..W[.Ea.k<\,r$......0.8y.....01@Y-..+x...3R..Vx=....-M^[....3..&.3".1....`.....,7zk...&.%a.;.~....;.P<..V.8.q.z......U.c.%.4j#../bRX`m...pf...7V[.@i.j...R.I...Z.[.kS..........2.........1.kpS.B......b...V.lk.r..2....v.&.-.h.08...

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\search.json.mozlz4.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:98CBD11F41E244094DD282B7D9A231CA
          SHA1:1F3DCEBE1FDD12E5866EA1D5B60E1E37BA5122DD
          SHA-256:7BECF2427D7ADFA6A12EB3826983988B371D6FD23C7A9B385A38970EA14236DB
          SHA-512:255778C84B6F3D7F3905B20FAACA710ED878F1D2EB3BAA95137B39E13CC372CBD867A72B0A1CA7AAC5B46C1409D2349C28B885C0341E45CF3967BC059F0FE17F
          Malicious:false
          Reputation:unknown
          Preview:mozLz....G..,.!.}$O...r.%....D..Q..>...&....d......>.e.%-......kaE6z.........m7DO......G.u.pQm..l&-B..Y;..x..$...z...r(.@..$..TSNj....H..Q0.......q+..fq.z'..!..A.<.H...X=.|3....<..ja.....K.?.. ..BY....?E....U..mc...ea...o....../..E.&r...V.NC..=....!.iM.~.{..aDI5p]pT.O...3.`u..]..1".?)......p.....n=..e.\..S..B.&.G...~6.1J....B#q.^./).'}z.(.v.X.G.c.U1 .<[..0..rOW".I.h..l..G..80bl.s{...$.aO.7.E!zsU........].....<..^.;#....$.[Cx.aI...j..,q.l....W.,%).s...@..Z.i.(.=.L&..Dw6..s...d......|.i\....[...Xs.n..u..4H.....b4....S...fM..J....X3S.iu9#.s.'.vL..F.nP .ex#.....bB.F.].....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\sessionCheckpoints.json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:06EB57EF1A80D255EFB31D5A6C716F3C
          SHA1:544B9775967B4883677AC995C1FA67F9661CFC6A
          SHA-256:036494E7BC0AB597B075275496F747C37876885F13746DA072B021E4446A58E6
          SHA-512:1521D350F8FE47C7D3DB4206ED80C50A18B703115C2BA2316C67CCD6052267D25E86E11DEA64B1C2AEC6D256D764DF9F52B4BB835554ED9C15209B5377CB1C51
          Malicious:false
          Reputation:unknown
          Preview:{"pro'..W..9.*m...D...........mi.B.H.$p$.....0.p~.A....~..b...o...n3^......x....n4..M.].`......r..M.k].D.M..5X..bI%...H3.M....W.4~P.~LR..5z.'s.9....!d........... ...u ....}.^s...;.F..0...(2.t+...ar..).T.=......sr....Z.....*..y.v.A~.../..I+.+....wR.#.o$..Z.a4..j.Y.'p%\.T...g..N..g......yN..!...8+.W....9ljQ..!LF.....G.V{rB...A...#...n.^..?a@.7J...H...s..s...'....n>.&..E~.[..&.[p6.D.X..{."...q9.z...l.].Q..4...B@.Ld:.k7\.[g...k..0.YF.w..y.s3..N...9...p..........he....*.{."-.Z6...XB+a.e...?....J...G.4p]T....m9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\sessionstore.jsonlz4.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:45F89F5812C0842C338A4FD536F7E09C
          SHA1:0801E78942B2234DE6F23BDDAA7EBD1999A40894
          SHA-256:E32813E02FFBD127F559DBD92A26B765B7E25967D682CD0F687ABFF875F77A30
          SHA-512:C59920C2E760D0357A8C5A63E86DC722352711262C49B1A652AE13F127531CDE1334A81A749BB7EEF63F277FBEC6AC2DD060F15C13EB92CBD5061C02E08400F5
          Malicious:false
          Reputation:unknown
          Preview:mozLz...Y..".j{.}..w.oC.D.k&7*...?..P1a..t..U...HM...?^u..o.X..q.&....$."\..~L|;{..-.g.<m..."..P....~dJ.L=...;=aC..?>...O..$....3...lc@_).CyV5..iD...k.pM..RT..[...L^.7...2.D.@..hS.6x.hK/..PKMy..RQ(.Q@..SL.(.i|.....g..w...7.S...J."\.j...~2I..#..H.w...U....r...d.Ow.U...)..D.a2....J..$C.`.H .U....pl-8"Z.O..14.V.L.1U.;..%..fq.LA.C..H..O^..(z>3.:......~..:,.-.Mu'.K..}[.....g.,.....L.........R.1.vN.R..M....?.%U.$.m~-......c.~.6h.p.ax...........A.}......k.....z.~.Mw.Z!..=g......:p.........=$B.<.x..)...yWs._.V.r....)[.....j...kr....~A?.5I...A..h...#.....K....A~...=.\$.Q..2..Ta(..h...K=.&g`.w.sf..n.5...Z...:9.@bM.w.0.../...]i.t...k'.'A..6....?.;.%...8...\.....Fs..&....m....._.q0T.(3..?.t$q.9&5..XPI.pZ$f..8...,.>u.f.H.o......l....N.&.&.. .....k.Cx..#.C..ks.....|xaC.\qT..3..Mo...ZQb........W.c..".=..d..q..gD...qX..EC=.V.G.8|.......-.4.q...vK3.zqo..&...An.iMQ...........A.y.db....p/.A..>.j..4h..o.-...X.J.;XC].*f.....:9....i/M.6p"P0t.e..>>'b..'.<m.....

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\shield-preference-experiments.json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DD67E2BE7036D00DD790FCCAF2A80EB9
          SHA1:04F484C801A1A2EFC7606926EE77A1DA997B6BCF
          SHA-256:5E7B40B034C7555DC966A05BEFAB02264A115C6CA3473B15B5CC148C6C8F724F
          SHA-512:D6626BAED6C86510CE63AFBD09EF1B978F5DCBA7E844A4EA83F4C5F63A061DC425F68DC726389A457CDED66AEC3C976C5F887C77DA6D4740B1BFC81EF699D6B2
          Malicious:false
          Reputation:unknown
          Preview:{"expo|.=`@...^..~1...|...,6y.j%..*I.Y.L.fq.....[.ml!.aA......2F.....;.._..2.dd...........$..G....@...4."ca...-..aTY.X..-5....a...G....]..kecr.(..vP....<....?`.r#n..=@.,._E<.}.\.lUh.P$.^H.N..."w.#0J..&........f$s.$:r.y.>..P.e.....\...0.`.2o.s^..(......k#.....Za.69pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\storage.sqlite.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DB9060AAD0FC2D2060CD31C7C5E006B5
          SHA1:C2A7F47B58B1B300B3208039E5BD5F61E6030C2D
          SHA-256:856B0B3EA3D58FCB32F6CBC89C746F0228B3E06268031EAFC7F14678210DECEB
          SHA-512:41489FCA57DE06C0CA0C1C9B5EAD69B8B9C849A5537C4F2482353DE47856FCA2AFEA23299FB6700A92415CBC3D2A846D8B9A97EEEA2E2511D9910B9439A2EF56
          Malicious:false
          Reputation:unknown
          Preview:SQLit..WO...L/.....HE+.q..l........a..*R"_....I. .H.......\..;~..e5=k..V9...:|`1D....w..DL....s.?.ea..M..Uc...4.XG....NzC.C?.rB....+U'.[[...a.....=......s....K[X.gA.P."J.>.V.KI*~.[..ay..F9)Vt..k....M.....*......1.......3,..+8..B ...C.'."~1m7.Q.8.9..IL.....s......p...c"p.j~..&nK..DJ..hy..k.n...i....^s.(..}..c.....;(vm...b...ld.d]).^...Q..uB.K.N|.\...zK..O.md.z-t#...W..............|7..8..A.6I*dK....q...'ty$....W!...L.F...}..%j.0S;.q...N.....8g4q...@.......Qu....7E.b.K$..z:...T,.q..<..^..CS...|..q[....C.....9lX....x.7w\....`..r..~EMj.U..0.p.....#N}..*T7f........pM...p.IC..G+"........L..Y..3.i.:..x...........j... 3.*7.,&.!.Z1.Y.a++.A.nd.Q.....( ~..X.0j.. ...KQ..A.....E.`....j......9.~..WP.e..J..Z'C`2.@..4..$..u...n..6..n5s..:.H>.......r.x;;y}....]+.."B...\F...CHP.pV._.OD.;........~1.......P.....?.....~z..Oi.0D..L?.c........1.......5"..I.G..U..qo...W.H....r.Ba.Y.. .....OrH..N....?V..0...z.%.h}.c.....r...1..9h....;.M....t}.+.LV.~..T=-..p

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\targeting.snapshot.json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:688F35E3AE6B85C0BE6191052A376583
          SHA1:4E2BE2DBE5D1DDDD59227B00AA1CA14386878BC4
          SHA-256:EC1B733527E280F8BAC1679415DE0E031155E8A40C263452FAB88681F9C60F52
          SHA-512:18FD8354771A9E90C765D48C4E7DB6A46A806A8F2BBB4D2C1A954732DD24C4256310BD75B4DCDCF1088516F93894D1DB6C6B727D37511D59A1B7CF9FE7074590
          Malicious:false
          Reputation:unknown
          Preview:{"env.f...^.>..U..}.u.$.aR....B...IC.<9f....5.G.....Ip.....m.1&q.....V..i.E..A."..V..n...U....b.CE......x~.-...i}1...m.?d.8,..(?a_"..%..."......C> ...a...w.5.'..t..#E..~....L..+!;.T..J.1gi.;...s.Y.:...U.`.t..'.P...,..e..DV..\..w.C...$..S8..V....O...X..`....'....U#.%..g../&u|......G..J.6..6/.0.;C..("....2....Y.`r....L=%....w~....3.+..]`3........y..x.A.fMn...p..]`.`..|w6S:..v1.&......}<I....].n.#...B...J(....yy...9?......_../..6..Nt9...m3.Wu....=..fa@5.k>.....C..{2...T+.o...{..M.s.D.y~.....Qe....5.#.w...\Qo....\-@.A..+.y.".......1.4A.....b.-.Y...8....1Y...0.4Y.e0.}u..dw.h....k.R6>v..0......Xp.....HeE....T.N[.....'..T....#W....V4..\...>SP..-s......C@.C..........^RfG.o.....a..W.DP.q..W..D..;.B.S..Y..{.l...e.}7.*.F. ..yt..K3"C.m..^n'..s..m......[..`*M....|.c.;...#@.6~...X..X>.6...$s5....G.."a;._....o.bb....g..n.4=.x..Y.o........d.|...p...F..t...X4............-..e6.I..:=.G......s..T..Z.....z.xm.,{1...}0...k!...J....?...oK.(.....$.~....g.

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\times.json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E7EAA461517A84670B5893DEC0E08B8B
          SHA1:4C98CB49CB166FBD1164BC0C8A899CFE9132E492
          SHA-256:F4E7633E4F961AA3C55866766D2FEEADCABEC865127BDF000CC05EE1E1F35EA4
          SHA-512:1F25C5CD9B464D273EACAB8F1E37CA63C309A41C4B851BEE63E97ED2D92EDAC09F3DEB4E7D6BA811BA7772D9BE6D1C3590C08E959F55FF4C28B1FD522EF58427
          Malicious:false
          Reputation:unknown
          Preview:{"cre.$E....X.e<.~O...$6.+c..n@Q.0...,+...f.y+.jc.K.C..@w..SE.[/.e......+&...j.^..9|@<)q..|.3.$.._.N4.;.9..F...qw.|/'.{.n./c.0..R..L:P.-R....BU.o..*.y....H.t..0|4}XQ+|~G[.".......K.8...0..b.Q.D.?p..(ru..8M...C.8.......Uv>...O.....$..mq0u..Jd).....a.1U.tA...K..&..9w.....+Qa/..U.!..7...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\webappsstore.sqlite-shm.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3700BADC27E44758B3CBE986AF848EA7
          SHA1:EFEA3E495FF78E1D6C0E22790B979A85B613340E
          SHA-256:6B8AD7F66282852B750E78A700E4FF9EFF6A566293C33FEC7B17176540F748DF
          SHA-512:38F7A321DD64521EE04AD4E9DADD27973711F4AE6722444C3DC8AEB0834DAEB5BB1ABDC3C60A3AD00FC6ACC447055705E04410F0341322FBBAC522554E19F622
          Malicious:false
          Reputation:unknown
          Preview:..-......./.J..L&.R.M...e../=.....9.y.j.J.Y........@./..v....X..}...]....L.:.....2.N....:...v..v.y@...P....)...!jap...8...r.yB.{^&..T..&-2&.xH..c.......3.....{/...?i.I.8N.eU..U.b...eh...d.....[5...fD....X&A.`2.0.5.H.~&Xd..3...".N.../..2V..]$.`.r.x.ql.^../.O...,..]=.h..Z.G...|o.V.....@.$...IRh..^.....7'}U...^.u7y4Wb5.".O3..................X~.a...........M.c..c...[o...y.l.1.....p8I.....$gt[.......(.b...y+...Db.o5..X....e.n.n)..=."$2F.!W6G.C..T._".&.B7...5..Wq..^....c....{......z..s....n.|..n.".(S...........c...|{...O`X..[...6I.x%..Sq...@..T9..[Su.b..E.`.,....Cz....)n'....H.y...P....)gxWR...3l...........F........R..&........u.5_.....&K..Y..-...d..w......)..DS...h.../...X8..p.G..W..b..?+A..'|T..bE:......H.&.@_.dh".8........K R)....e5E.z.K;=..l...3.`8........-X.._.-'...1vd..0....T.'..[....8.`.J3#.dG9..(G..j..zT.N...P.....\. ".=.}.K.i..6.H.g.....@~...H.<q`..+..L..H....){.q..l....1VMgl.Q..x.ns.=.F..z.r.....eI.........NUr;..........{

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\8h0a78bs.default-release\webappsstore.sqlite.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:71AF248AFEC8603EA88BEAC8B6ECE3AD
          SHA1:4BE26CAACC187AABB17FCF88698648075A782EB1
          SHA-256:C5300CA15C328A2D58081F396218352FBB5744D58E72947B4B9C8E40B061D101
          SHA-512:1A82D0C6E22222FAA9F2428F6F5865C19D0C829582C1BC16640BF847CA5DC25657DED6C1438B9103EBDC2210EF0A3D8CD14FF6CFFCB3668565671924E839499D
          Malicious:false
          Reputation:unknown
          Preview:SQLit.vO.......U.|...lke#..<8m.2h..Uk..........1.CZ|)p...Z..(S...`....6[."|.........AY/..G.'..J.....Mi.|.L.+.o.../+@...nN...kn<.9X.....^@.4du..}..\[7......l..?....r?+.8......Q..w..#."%JI+..2A........7.2..A...J.l.Q..}.u.j..eI.e..|......}.`........x7.*TwD.+......K.{..\.I......X...5.0...X..t..@.9..*.......O).5..X....a..#+..?....{..:b-........L.DHv..+<...k..{..m.c.... ..n'.t..Tp....r..........IpQvx...o.TL60F.#....dl.#.GW....Y?...uylb^<......4..%..5H...g....@.....)...i..v.....=....)y..Rcv..Um.P].j.O.L....Z....H&.Z.A*F]...G...s...jr...+g...t'.J..G...:.Q>.... =PHXs?. ..)..........L.....'.O.p...&........u"S.4..:|..m..b.\..8.4.u.......$.n...@....b.\:kW.L32.@..n.8.I.....:U..on.?E....4...}..G.#.d.L..y[_Hz..S.YPG...<..O.>n..K..=w .4N......"~O&g..v....b.Fy.+n.mw.iU0.l.n?{1...`X.BV.$...7.q.}..QsI~..g....F..."...4.^....Z..T..Q...^O2..MF.H..ei...K.GQ..y.......Y...Pe.`.T.....T(.... No...-...J.a.W..70.....G...~...:c.hB=..]ZI'.....K%..Cn<.Y...}:

          C:\Users\user\Application Data\Mozilla\Firefox\Profiles\arvhxlpc.default\times.json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5627C916D1C3E88E5B5F70C177C199C1
          SHA1:B452D9B7460459964050320FFB0CBAC39FD50F1D
          SHA-256:364B33224AA423DB9B79DBB99006125ED487C2B16CFC3B4D640506E366E92F13
          SHA-512:508B093F5034D8CEF3484D05C598FA1F6FC9FEA62DE538F3056D33B1E98F8D27DC5CBAE550EE936771B1426EC6EF5513AE93A70FAC6DCA1590705F044E2AD173
          Malicious:false
          Reputation:unknown
          Preview:{."cr.s.xM/..F......9[t..]i.'.U$h1M1....2.62bOu.C...2.Y'.."2L+.F.$...\o....'b...&,...0.>.........C.....^...r.c..z.+.x...\.E:P.q..M.d.....q.....'J.....TX.......$4'..NC.2..X.L..?..*...-.U..T..r..W...ut."../...J.....r..;Bj.`..R..>...#.`.o....4..T.<.~...............:xk.P.X..fF..4eT..j.....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Desktop\BNAGMGSPLO.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8567550602381075
          Encrypted:false
          SSDEEP:
          MD5:4286F6E235BAAFBADD7B2965D74D8BA0
          SHA1:D6A48E2AC49ABE52B0ED66BAC4E6F1A2C0B3BABE
          SHA-256:FDBD719488A17AFE0C2374ACAC6B0F77F49A8F20E69C682FDF45BAC83FE263C1
          SHA-512:516D80AF5CCB7A1BBE5E620C8074599DD322DDEBE2DD843E95685448440115035C0E776958F21D68BE5FC325A956CF436EC8F54BE141CD558980D774A3A3FD2F
          Malicious:false
          Reputation:unknown
          Preview:BNAGM.@.....g.6...b'....w0X.).*+..v....]..:...>,~%..../.V...'+k.9m.wA....P.W.!.W?tXF.a..K.Ss..x.....?.aC.....T......Q..W._.7....L..xZ2.^.+.O{Y.9.../.}.F4.3U..D.....S^j._...x.r.'.Q. .,...Qj..k......L.z.. 9..p.....$L..i...;..S:......).q..{atbI...N?OD..[..2........nt...6...':i..ig..r7.n...!....6...../.r........c..".6.@c".}H`%zH<.T:....1aj..`..6....(.l.....L..(.-$.hY.2 l.6H40....R..p..Pj......y#......G...M.......y......z.g..e.D.z..a.e..p.e.J......b...h...>....}_]..?..f..rSr..T...B..F.+'...bdR.F..XK....%..cO....+..I.yu..K&..".(..%..g....5..>.....:7.-.fE`K.'.so......].....p.N~M.....H.M./>.S.F.eIY+v.:{+.Es..q.t.~...KM}.{..a~.."....W.<)d.x^.0...F.n..m..2j.{G...g:..(.o.2F........k...S..K....M.H.b.UL......P.../'..L..I.X.?.4..}}..-....(M.xZ.o...G:.+}).p\.#..Q.~...... ..;8....^.[.._W...[.+I.0..........f">*X..k.4..i....^p.................mL.e......O...}?...d...-J*j....6.A..r....Q./..kpr5.x.H..+..5.*.=...........m..I...,....(jU2..p...D.Y>{#..!.

          C:\Users\user\Desktop\BNAGMGSPLO.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4286F6E235BAAFBADD7B2965D74D8BA0
          SHA1:D6A48E2AC49ABE52B0ED66BAC4E6F1A2C0B3BABE
          SHA-256:FDBD719488A17AFE0C2374ACAC6B0F77F49A8F20E69C682FDF45BAC83FE263C1
          SHA-512:516D80AF5CCB7A1BBE5E620C8074599DD322DDEBE2DD843E95685448440115035C0E776958F21D68BE5FC325A956CF436EC8F54BE141CD558980D774A3A3FD2F
          Malicious:false
          Reputation:unknown
          Preview:BNAGM.@.....g.6...b'....w0X.).*+..v....]..:...>,~%..../.V...'+k.9m.wA....P.W.!.W?tXF.a..K.Ss..x.....?.aC.....T......Q..W._.7....L..xZ2.^.+.O{Y.9.../.}.F4.3U..D.....S^j._...x.r.'.Q. .,...Qj..k......L.z.. 9..p.....$L..i...;..S:......).q..{atbI...N?OD..[..2........nt...6...':i..ig..r7.n...!....6...../.r........c..".6.@c".}H`%zH<.T:....1aj..`..6....(.l.....L..(.-$.hY.2 l.6H40....R..p..Pj......y#......G...M.......y......z.g..e.D.z..a.e..p.e.J......b...h...>....}_]..?..f..rSr..T...B..F.+'...bdR.F..XK....%..cO....+..I.yu..K&..".(..%..g....5..>.....:7.-.fE`K.'.so......].....p.N~M.....H.M./>.S.F.eIY+v.:{+.Es..q.t.~...KM}.{..a~.."....W.<)d.x^.0...F.n..m..2j.{G...g:..(.o.2F........k...S..K....M.H.b.UL......P.../'..L..I.X.?.4..}}..-....(M.xZ.o...G:.+}).p\.#..Q.~...... ..;8....^.[.._W...[.+I.0..........f">*X..k.4..i....^p.................mL.e......O...}?...d...-J*j....6.A..r....Q./..kpr5.x.H..+..5.*.=...........m..I...,....(jU2..p...D.Y>{#..!.

          C:\Users\user\Desktop\GAOBCVIQIJ.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.820762386596114
          Encrypted:false
          SSDEEP:
          MD5:A3D002787982607F3D396C6D8D20C426
          SHA1:BCF07E6C0A8BBD2E97F43EB6BBEF2AE5BB693764
          SHA-256:087ADD413121CD486D87E9A7A6CD553B317B45A171E5113D2BDF4F215230FD86
          SHA-512:57DE1E0A11ED107191CF00C2B4B99249E548F8F3B0EC2E24D7A76142F5752F2683CC328A89D65C78EAF6924E467440E4D5C22BF3A89930F6DA57E3B93A721560
          Malicious:false
          Reputation:unknown
          Preview:GAOBCJ......LN.q.2..0.f...C.I......xH?~.A..Hc{.q.<...0o.....G4.......N|..C.SM/d....T.....!RM12u..*..9.h...G..ag..Le...M.6.i/.L.[M.79...r.6O...-."..r.3.`..}~C.......@..3.`.{i0#.CDTd"`.....f......b6W-..G.r...].`:.M.G.6....'j.st...l.qT....}....%...(v..>d.-...?....[.u...m`....=...6c..u..&.|.Z..?......., uI..|D..+/.....h.%.(.`hA.(..Ov.......~u.@.h..u....I...6..F...y..V.M.X..2cCh...QM<1.*..........;...g.?..._....hT.W:...W...x...}.'.......s.U..r.....Hd.......G(+.......IF...bbX.@...9....G.Bvd.=1....Ed....Pd..}..5.Ona....vT.p.B.a.2f ...P ...Q.G....!jB.>..Sy.6.9/#.e..G.k."....(>7..k...B......8.,N.G...,.....C.....Ux.<.y.o......t..@;...MU.I.....p...4.m'.:.5kG.IH]....,r...*...#P...................-S..3g..E0........g..I.<.5V..M.z...O\.5..g.....u......AE..t..?(W......W..|"-....K.5*G.$'..9....2....#......EWl.{.....s_z...;.?..01~3..A.S..i.....h..k...iA.4....8....W.[....ir#..q....=9.../...&\/...j..R1...H.,.........JS./s...n...M..U...l...{.AE.p..:

          C:\Users\user\Desktop\GAOBCVIQIJ.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A3D002787982607F3D396C6D8D20C426
          SHA1:BCF07E6C0A8BBD2E97F43EB6BBEF2AE5BB693764
          SHA-256:087ADD413121CD486D87E9A7A6CD553B317B45A171E5113D2BDF4F215230FD86
          SHA-512:57DE1E0A11ED107191CF00C2B4B99249E548F8F3B0EC2E24D7A76142F5752F2683CC328A89D65C78EAF6924E467440E4D5C22BF3A89930F6DA57E3B93A721560
          Malicious:false
          Reputation:unknown
          Preview:GAOBCJ......LN.q.2..0.f...C.I......xH?~.A..Hc{.q.<...0o.....G4.......N|..C.SM/d....T.....!RM12u..*..9.h...G..ag..Le...M.6.i/.L.[M.79...r.6O...-."..r.3.`..}~C.......@..3.`.{i0#.CDTd"`.....f......b6W-..G.r...].`:.M.G.6....'j.st...l.qT....}....%...(v..>d.-...?....[.u...m`....=...6c..u..&.|.Z..?......., uI..|D..+/.....h.%.(.`hA.(..Ov.......~u.@.h..u....I...6..F...y..V.M.X..2cCh...QM<1.*..........;...g.?..._....hT.W:...W...x...}.'.......s.U..r.....Hd.......G(+.......IF...bbX.@...9....G.Bvd.=1....Ed....Pd..}..5.Ona....vT.p.B.a.2f ...P ...Q.G....!jB.>..Sy.6.9/#.e..G.k."....(>7..k...B......8.,N.G...,.....C.....Ux.<.y.o......t..@;...MU.I.....p...4.m'.:.5kG.IH]....,r...*...#P...................-S..3g..E0........g..I.<.5V..M.z...O\.5..g.....u......AE..t..?(W......W..|"-....K.5*G.$'..9....2....#......EWl.{.....s_z...;.?..01~3..A.S..i.....h..k...iA.4....8....W.[....ir#..q....=9.../...&\/...j..R1...H.,.........JS./s...n...M..U...l...{.AE.p..:

          C:\Users\user\Desktop\IPKGELNTQY.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.857043397590862
          Encrypted:false
          SSDEEP:
          MD5:02080EC6317D6CBA06F6AA7271E8464E
          SHA1:56833AB5C960B799C0B35336B7CAAE195FD4CA06
          SHA-256:555FC888A00DC6F70DB46B24625F6A3E87546BC6BCE70B6ED13B573D4F632C5E
          SHA-512:A62E7330573EBDA316BB8257C4EF5C36D7FF76AE88C2618FA358277268A63FCF21226435517BA3458A9312505B4CE161D1D9B3A97CC46D73BAB3AF17E93C1C6A
          Malicious:false
          Reputation:unknown
          Preview:IPKGE.......Uq>.0....%].(.0....\b?L|I.N=..ql.gA..[^......J..l......{.&...%.=._6xG.........L.dw.#/..9.+.DU..G%......\.du.c.;.f1$.6...g..M.n.uq....mH.....k..2K..}..Q...V:....Z....s....;z..#..VK..]{.Y..% R.!.5...d.`U....`&.....ag!R.e.}"........H.Z.........6.o.|.B.......X...5.4..uU...x=.7ly.C..3DZ. "4.)...Z..<..?...7..5j.x..&59.8.m*S`i .))?^'...v......~.i.N.}...nB..a.f..~..@a.h]C+.wT..i..\{.)<. sk.Fz../.E9...\.....8ZA<.Fk...o.....l......x.".'._.M....f..$?.*ib...~.].......2]q.t.S.c{.Ot.^.N.q...}.2n.Sp.d.....G...^._..<.. E.B*.gG..O.E..K....B/......8v\....V.^.n!.d.va.2...){..f......z..../....%>...T..;#A;....(.p.&.G..+.....O..,.j....".(...l:...7T..R"N.m..M..|.5:...d.[.R.S....&...@N..M..N/<....9Y..[..}yy~j.F&...s...N....J./..{....~D.A../f..\.....Qh..zdZ/...^... w.g9.....n.6.).}.w.tO....u..p...a.M/?......}1..O.....Y..+....c..J..A.._..JU.O...x....P.w.;Or~[o.MG.'..eQmd@...e.../m..v...'.(<...2S...w.(8C..zC.fH...'g!..).t8Q.y.X...=.X..='.:.k..z.v4|...sj

          C:\Users\user\Desktop\IPKGELNTQY.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:02080EC6317D6CBA06F6AA7271E8464E
          SHA1:56833AB5C960B799C0B35336B7CAAE195FD4CA06
          SHA-256:555FC888A00DC6F70DB46B24625F6A3E87546BC6BCE70B6ED13B573D4F632C5E
          SHA-512:A62E7330573EBDA316BB8257C4EF5C36D7FF76AE88C2618FA358277268A63FCF21226435517BA3458A9312505B4CE161D1D9B3A97CC46D73BAB3AF17E93C1C6A
          Malicious:false
          Reputation:unknown
          Preview:IPKGE.......Uq>.0....%].(.0....\b?L|I.N=..ql.gA..[^......J..l......{.&...%.=._6xG.........L.dw.#/..9.+.DU..G%......\.du.c.;.f1$.6...g..M.n.uq....mH.....k..2K..}..Q...V:....Z....s....;z..#..VK..]{.Y..% R.!.5...d.`U....`&.....ag!R.e.}"........H.Z.........6.o.|.B.......X...5.4..uU...x=.7ly.C..3DZ. "4.)...Z..<..?...7..5j.x..&59.8.m*S`i .))?^'...v......~.i.N.}...nB..a.f..~..@a.h]C+.wT..i..\{.)<. sk.Fz../.E9...\.....8ZA<.Fk...o.....l......x.".'._.M....f..$?.*ib...~.].......2]q.t.S.c{.Ot.^.N.q...}.2n.Sp.d.....G...^._..<.. E.B*.gG..O.E..K....B/......8v\....V.^.n!.d.va.2...){..f......z..../....%>...T..;#A;....(.p.&.G..+.....O..,.j....".(...l:...7T..R"N.m..M..|.5:...d.[.R.S....&...@N..M..N/<....9Y..[..}yy~j.F&...s...N....J./..{....~D.A../f..\.....Qh..zdZ/...^... w.g9.....n.6.).}.w.tO....u..p...a.M/?......}1..O.....Y..+....c..J..A.._..JU.O...x....P.w.;Or~[o.MG.'..eQmd@...e.../m..v...'.(<...2S...w.(8C..zC.fH...'g!..).t8Q.y.X...=.X..='.:.k..z.v4|...sj

          C:\Users\user\Desktop\MXPXCVPDVN.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.86554598050258
          Encrypted:false
          SSDEEP:
          MD5:5E8135623E579072F0D80F67A2A37725
          SHA1:442D6EE5C0EC15E8737974B871EF514EAC320EE6
          SHA-256:34D02EF9E3DA4C0CE37D198644BB4A3E9BF6C37269BFD44D85C4BEE9AAB55076
          SHA-512:078915044433493DC1AE40E7763982A9E9E17308E197A3F05C0979CAA0C4ED7D97DCDB4B206CEC7FF464162BE75BA9AEA4B8682795DF8D1CA775CF68910E102A
          Malicious:false
          Reputation:unknown
          Preview:MXPXCR..Y........b..~"...J..\!y..c..K.`X..B..L.~.].....w..L..S..)....(..."..x.z...i\q.{N.Qw6...=.4#"/.(I.....a?f...u..&.+A.h..|p......x..p.C..y....B .....Z......:sTh...+?=.r...._].m......a.....cX]....v..1...B.#.].q...6..Rb..i...|...yPK...1r...>......1...B.O.K.......8.k.x./F..F............co.w./0n:......k.b;.'...u.z}......K..o/.Y.e4(...O<.1....#..s...060....F.X%.....W..../..;...XP:.l....T.!.>2....x..JU=.O...x.....o..{|.i6J?.J.p...g..T...CQ+..........^>..f>h2d.....2.$....a)s4..O...D....~.Zw3....S..}.........'..8.u.?....W.z.E{........W....zR...*p.`.u%..;.|us....hhSy...:..8.G...`uz../...PY...8..-..,.hg.9Oq...{.bo........f"'O.Ra.d.l..<S....s^...?x.FPj......2N..J.7?.|..B....Dd...d.?=.eI."c._.d.\{<..........E...F.Q.:.(9._m......IA&.Sa.XV.D........9:..#`....U...V^@.....1)...j...iqzC.^....?x..$.i..U.....z...v...n...{.3.....=xk.D....5..MR...$...J.qa.2...%....^.....v.M(....yh?..*z..KSA......Z......cfkm.B.5..tI....h...u=.../...R.../..N.:`

          C:\Users\user\Desktop\MXPXCVPDVN.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5E8135623E579072F0D80F67A2A37725
          SHA1:442D6EE5C0EC15E8737974B871EF514EAC320EE6
          SHA-256:34D02EF9E3DA4C0CE37D198644BB4A3E9BF6C37269BFD44D85C4BEE9AAB55076
          SHA-512:078915044433493DC1AE40E7763982A9E9E17308E197A3F05C0979CAA0C4ED7D97DCDB4B206CEC7FF464162BE75BA9AEA4B8682795DF8D1CA775CF68910E102A
          Malicious:false
          Reputation:unknown
          Preview:MXPXCR..Y........b..~"...J..\!y..c..K.`X..B..L.~.].....w..L..S..)....(..."..x.z...i\q.{N.Qw6...=.4#"/.(I.....a?f...u..&.+A.h..|p......x..p.C..y....B .....Z......:sTh...+?=.r...._].m......a.....cX]....v..1...B.#.].q...6..Rb..i...|...yPK...1r...>......1...B.O.K.......8.k.x./F..F............co.w./0n:......k.b;.'...u.z}......K..o/.Y.e4(...O<.1....#..s...060....F.X%.....W..../..;...XP:.l....T.!.>2....x..JU=.O...x.....o..{|.i6J?.J.p...g..T...CQ+..........^>..f>h2d.....2.$....a)s4..O...D....~.Zw3....S..}.........'..8.u.?....W.z.E{........W....zR...*p.`.u%..;.|us....hhSy...:..8.G...`uz../...PY...8..-..,.hg.9Oq...{.bo........f"'O.Ra.d.l..<S....s^...?x.FPj......2N..J.7?.|..B....Dd...d.?=.eI."c._.d.\{<..........E...F.Q.:.(9._m......IA&.Sa.XV.D........9:..#`....U...V^@.....1)...j...iqzC.^....?x..$.i..U.....z...v...n...{.3.....=xk.D....5..MR...$...J.qa.2...%....^.....v.M(....yh?..*z..KSA......Z......cfkm.B.5..tI....h...u=.../...R.../..N.:`

          C:\Users\user\Desktop\MXPXCVPDVN.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8510543964541935
          Encrypted:false
          SSDEEP:
          MD5:60D2AB00F31D93DA12D3B1EB48D58CE9
          SHA1:D8EC688BD1CEF94B1B4468F06DF6A18B1E98426A
          SHA-256:C5F3A48BCD21FBE07F86D7BD61C39F23102E030DF52DF4452D232E236D5AA45D
          SHA-512:834F03911D10C6F85E23D0BDB960ADA558A78556A6A461E8E91ADF15139BE002FA90FA5799F79DD5B5E06E87159E807FCD79CF5249DB83A343449A0778A9D05B
          Malicious:false
          Reputation:unknown
          Preview:MXPXC.[.......7..s.~...>..H9D....C...8..IY9.:.'z.....}.\...!..$.kJ=[uf&..l4R.Q...V.v..m&......T..q..o.D.....Z....G...\S:K......S..36.$07..P.hm..m.P..A&%_.#l.-...U.-.G..7.L;L.c.as..7+..:...<.^.r.$...$...4..WN=z..uR...h...R#.(..{\.}*6...d....[.....j...........]..\m.]=.E...N.q. .~*?5Q.^./S.l..~B.....m..h.V{....%.fU....l..@.&....T..uq..a..2....f.-...I..wu$..X...BL9......=x..t.8A.i2ylp......n!.D.........6_b/Q.w.DK.:A..5.6>....i4*J..U..U@4.f5..L:..[.Hmb...H.F.....=...bn...D..>..)H...e... .X)..@...F.-.9..q.0.....r./...O7<.s"?..x.'..7.3..U>..."I.k.l.,_..0F)i.It.!".v.8AY7GI.B...yL.yt....\...N..E..H2.8".p.x...@..A&..z.p...y..n.G...."G.np......P.l......I].k.......N.....1.......TnG.I6]./...m.......<..k..).......d.7....U.p.V.8Xv..x.....\.c.*....>.._D?.J.L..n...J.....n..=hf.d......d...#GH....|V.c..<..|n......$=...ct.#.....O_T}za.^2.|F.._..."..c_".)9...9......Jq..=._I...{...`.._..........a.W..9'm.#.......(........~l...N..DNW..cv.Uh..E.R..Zy.....q..'.4

          C:\Users\user\Desktop\MXPXCVPDVN.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:60D2AB00F31D93DA12D3B1EB48D58CE9
          SHA1:D8EC688BD1CEF94B1B4468F06DF6A18B1E98426A
          SHA-256:C5F3A48BCD21FBE07F86D7BD61C39F23102E030DF52DF4452D232E236D5AA45D
          SHA-512:834F03911D10C6F85E23D0BDB960ADA558A78556A6A461E8E91ADF15139BE002FA90FA5799F79DD5B5E06E87159E807FCD79CF5249DB83A343449A0778A9D05B
          Malicious:false
          Reputation:unknown
          Preview:MXPXC.[.......7..s.~...>..H9D....C...8..IY9.:.'z.....}.\...!..$.kJ=[uf&..l4R.Q...V.v..m&......T..q..o.D.....Z....G...\S:K......S..36.$07..P.hm..m.P..A&%_.#l.-...U.-.G..7.L;L.c.as..7+..:...<.^.r.$...$...4..WN=z..uR...h...R#.(..{\.}*6...d....[.....j...........]..\m.]=.E...N.q. .~*?5Q.^./S.l..~B.....m..h.V{....%.fU....l..@.&....T..uq..a..2....f.-...I..wu$..X...BL9......=x..t.8A.i2ylp......n!.D.........6_b/Q.w.DK.:A..5.6>....i4*J..U..U@4.f5..L:..[.Hmb...H.F.....=...bn...D..>..)H...e... .X)..@...F.-.9..q.0.....r./...O7<.s"?..x.'..7.3..U>..."I.k.l.,_..0F)i.It.!".v.8AY7GI.B...yL.yt....\...N..E..H2.8".p.x...@..A&..z.p...y..n.G...."G.np......P.l......I].k.......N.....1.......TnG.I6]./...m.......<..k..).......d.7....U.p.V.8Xv..x.....\.c.*....>.._D?.J.L..n...J.....n..=hf.d......d...#GH....|V.c..<..|n......$=...ct.#.....O_T}za.^2.|F.._..."..c_".)9...9......Jq..=._I...{...`.._..........a.W..9'm.#.......(........~l...N..DNW..cv.Uh..E.R..Zy.....q..'.4

          C:\Users\user\Desktop\MXPXCVPDVN\BNAGMGSPLO.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.858575116415853
          Encrypted:false
          SSDEEP:
          MD5:1B4197E722CF9F2C174AE3031C0A2E29
          SHA1:1E19BD728C42925C7DEAFE9BF70B79BE089C29C2
          SHA-256:30E0874B099D20D2EC9A9FD2CD3B2AFAE5710794D7305FF684E0BF4952155AA4
          SHA-512:FBBD16A4C680BE3D414EA55F15059F3719B3C8F0B62E2CFD8A86C1E308C4DA896560BE1F7084F7ED1CAC92836B50F108083F54F850E41D6B16EA5097645744C9
          Malicious:false
          Reputation:unknown
          Preview:BNAGM....&.l..C.m.....H..P..1>.U<.0.#......X...s\.I].d.7.`.[..Y .'.....p8..v.)...%.{..p.m.d.._a.H.j......+#.6GS0....B...v...i...V..WL....<..d.N..W..x.EN....ke..*../Z.Hd?[O%..'F.'oa.*y........ 9).$......(j/..+^6.....'....l.....)....I...V.!S.....!|k.l+............`.%|u...#.2.Vr...\.tB.V.......'.S%/Z.i.H.....J._.tQf....> .....$MNWJ.@MANi..5..f.`...R....wJD..?.C..n.....I..zH.....L..hA\v..Q..3.l.......X_?.E..0.k.tOV......|4....(.}.[...L..?....?Tx.Y..&n......9F..."..g....*m.@s.......n.'....I..B....i....=S...j..N....E..i...i+U....^..m....m.T...v..N.s.L.../.m6iW.X....Y.#q=.<`.b.f....../......K.=_...FI.KN...ZW-U.....Y.....T...vE.yE......`....!..j..NL0B|#..L.M...>.A.-@..>Q..J.p1.}.~.HS,....K..4.+j.....:2*...L..@._...@?.3..W....e......ylR._.B1>...F...].h`...QS...O..$..wV.h(.....(....-.v......Au...X. `..Y.uy$S....+,.Rb5.3.5...1..D`(.8.*.T.1...Xr.EA..8.j.dI...G{..b.A..*.=...dE..j;..(..........v._.D.$...Jo^..,nF.0.m=..x....V.<a.............6."[.....

          C:\Users\user\Desktop\MXPXCVPDVN\BNAGMGSPLO.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1B4197E722CF9F2C174AE3031C0A2E29
          SHA1:1E19BD728C42925C7DEAFE9BF70B79BE089C29C2
          SHA-256:30E0874B099D20D2EC9A9FD2CD3B2AFAE5710794D7305FF684E0BF4952155AA4
          SHA-512:FBBD16A4C680BE3D414EA55F15059F3719B3C8F0B62E2CFD8A86C1E308C4DA896560BE1F7084F7ED1CAC92836B50F108083F54F850E41D6B16EA5097645744C9
          Malicious:false
          Reputation:unknown
          Preview:BNAGM....&.l..C.m.....H..P..1>.U<.0.#......X...s\.I].d.7.`.[..Y .'.....p8..v.)...%.{..p.m.d.._a.H.j......+#.6GS0....B...v...i...V..WL....<..d.N..W..x.EN....ke..*../Z.Hd?[O%..'F.'oa.*y........ 9).$......(j/..+^6.....'....l.....)....I...V.!S.....!|k.l+............`.%|u...#.2.Vr...\.tB.V.......'.S%/Z.i.H.....J._.tQf....> .....$MNWJ.@MANi..5..f.`...R....wJD..?.C..n.....I..zH.....L..hA\v..Q..3.l.......X_?.E..0.k.tOV......|4....(.}.[...L..?....?Tx.Y..&n......9F..."..g....*m.@s.......n.'....I..B....i....=S...j..N....E..i...i+U....^..m....m.T...v..N.s.L.../.m6iW.X....Y.#q=.<`.b.f....../......K.=_...FI.KN...ZW-U.....Y.....T...vE.yE......`....!..j..NL0B|#..L.M...>.A.-@..>Q..J.p1.}.~.HS,....K..4.+j.....:2*...L..@._...@?.3..W....e......ylR._.B1>...F...].h`...QS...O..$..wV.h(.....(....-.v......Au...X. `..Y.uy$S....+,.Rb5.3.5...1..D`(.8.*.T.1...Xr.EA..8.j.dI...G{..b.A..*.=...dE..j;..(..........v._.D.$...Jo^..,nF.0.m=..x....V.<a.............6."[.....

          C:\Users\user\Desktop\MXPXCVPDVN\GAOBCVIQIJ.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.854290132996455
          Encrypted:false
          SSDEEP:
          MD5:98CBD5B07511B05B9D987A943241E31E
          SHA1:AB676A382EA303FE45E2E5087ABD413AA77E914C
          SHA-256:17A9C220C053CA20DAA840E0BAF3B942DCE87A83C4EEAD571CC1ACEDC442095E
          SHA-512:01A626D5A30E852D0F49CC4071025D4B37DA1C36728F51C0D16B92DFBBA82EE1B1EA58FB03984063DAD6D7DAC4332F033A2C56BBEAF213B9626DFCD208B1E1CA
          Malicious:false
          Reputation:unknown
          Preview:GAOBC..]-..j.i.a......H.e7l4...h._...E#.......H.q........9../.J....=}...o\?..L..7....4...Ay.....U..........W.S.,7.~c....!..<.w.3.m(Z.?....{_.......Um...G........x..`-...\*..w_..a._.E@g....d......PP.c.N#i...(U....#..\...M....c.l.tE.E.s..yNl...#Izq.?....../t.D.m......qeK.Q... ,..|J>b..?sc@...xf\.|...(*....`.....R<.2..Y....H.K....R...M=D`.......K/....~f...F\ .u....P....#G.. .{..|.#.t-...}7.....x@.......(x0U.]....a./.d.#....Zb.}....p..M...g.......E'.E.(.......L.yi.t....q.z....m..f.*J........K.fa.../"...z._p...>......7H.oY....]..FQ.C....">?..yZ..&u...H.-.;......k...f.n.J....g....H..1_.n.V.....I..w4h@P.]..)&}...."..}A.bY.k..v.@.g.@f#0j%..[.Z..cd....;]..G..<....Nuv.0mS...v...E.c..9@..iu.......b....?.......Bg..NH....HZY"j.\..f....`..v....zcu...7s.v....M7..<.C..vd... a.>CxVZx.%/..iq.-FE.w.#......]o=...`5"..\7...v%9=..W.......W{V..v>...\.#.Ql....$.y2-.zNWXc.>'H4..>.Dm..8..>..~....E...v.F....N..........eF`..#d..b.S. B1.Tt...$.....M.hW..

          C:\Users\user\Desktop\MXPXCVPDVN\GAOBCVIQIJ.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:98CBD5B07511B05B9D987A943241E31E
          SHA1:AB676A382EA303FE45E2E5087ABD413AA77E914C
          SHA-256:17A9C220C053CA20DAA840E0BAF3B942DCE87A83C4EEAD571CC1ACEDC442095E
          SHA-512:01A626D5A30E852D0F49CC4071025D4B37DA1C36728F51C0D16B92DFBBA82EE1B1EA58FB03984063DAD6D7DAC4332F033A2C56BBEAF213B9626DFCD208B1E1CA
          Malicious:false
          Reputation:unknown
          Preview:GAOBC..]-..j.i.a......H.e7l4...h._...E#.......H.q........9../.J....=}...o\?..L..7....4...Ay.....U..........W.S.,7.~c....!..<.w.3.m(Z.?....{_.......Um...G........x..`-...\*..w_..a._.E@g....d......PP.c.N#i...(U....#..\...M....c.l.tE.E.s..yNl...#Izq.?....../t.D.m......qeK.Q... ,..|J>b..?sc@...xf\.|...(*....`.....R<.2..Y....H.K....R...M=D`.......K/....~f...F\ .u....P....#G.. .{..|.#.t-...}7.....x@.......(x0U.]....a./.d.#....Zb.}....p..M...g.......E'.E.(.......L.yi.t....q.z....m..f.*J........K.fa.../"...z._p...>......7H.oY....]..FQ.C....">?..yZ..&u...H.-.;......k...f.n.J....g....H..1_.n.V.....I..w4h@P.]..)&}...."..}A.bY.k..v.@.g.@f#0j%..[.Z..cd....;]..G..<....Nuv.0mS...v...E.c..9@..iu.......b....?.......Bg..NH....HZY"j.\..f....`..v....zcu...7s.v....M7..<.C..vd... a.>CxVZx.%/..iq.-FE.w.#......]o=...`5"..\7...v%9=..W.......W{V..v>...\.#.Ql....$.y2-.zNWXc.>'H4..>.Dm..8..>..~....E...v.F....N..........eF`..#d..b.S. B1.Tt...$.....M.hW..

          C:\Users\user\Desktop\MXPXCVPDVN\MXPXCVPDVN.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8683216439842765
          Encrypted:false
          SSDEEP:
          MD5:040C5A3E4F308034AE84B06EB2A20EFC
          SHA1:BE1257D2AE0ED5E93674753B20E4FB0BA095EA68
          SHA-256:EE99EE37ECB803161155FED6BBB319A51ED90D8F7DD2B8027603F36ACFD44719
          SHA-512:494C947911766CF8CFA1DBAC11B3E49B71C3643FDF24F04C9244B8239CF55919F0FE9583CC98902C91EECFB32E46728053D2872DF8495B047977816466FEEDAB
          Malicious:false
          Reputation:unknown
          Preview:MXPXC9..J..ly..z.9..8G..~K#B..Z..Qp...j.).............)Z.....\.Ve.(..}..Wg2c..8.r..,.;:...D..9.~..!....P..I6.....u...........{}e..[1.P.^....o+...~...KG.v.-..e..h.0].a.&..O..!4....2..E....^.*..x9.....u.F...........?.d...H.v.q=.k...H...v...%.....F.!9...e.em......pX)......+.E.p!......]...\...."5W.!.....<..+../...+.Ob....A.B....l..5%C.`.w....i.,..'...'..=c.T...&..Z..L.6.......M..R...R.&...".'.b ...C....J.....A%..)d..yl..#....s..B.....CWh.......%......7......PBa..?}eRH.+:........A.\.......z|..^.......(~8..4.m.........U....~W2!..?....l..|...`.M#AW.w."?...MG.'A..9.a.:D..>..#.D".c.G..A..[....one....M..S...1.....YB...."5#.=....Vu.G..Q...~.Q.A.S-..Yl..e.gp.F.H......t..7.V..b.........{..\.... {...yv.zQo6^.i.h[..A..............QS..;P....8.i.nM..]....f.....l......0..sG..........#.......a....h>.E2....& ..D.H.~?.xA..H..].R..D...Q.aeQ+...$..=...8).~.......0=..U.5.aHp.d$...._...L..h].............<..*....lF...[m..................].K...0......P:;W...2....Z

          C:\Users\user\Desktop\MXPXCVPDVN\MXPXCVPDVN.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:040C5A3E4F308034AE84B06EB2A20EFC
          SHA1:BE1257D2AE0ED5E93674753B20E4FB0BA095EA68
          SHA-256:EE99EE37ECB803161155FED6BBB319A51ED90D8F7DD2B8027603F36ACFD44719
          SHA-512:494C947911766CF8CFA1DBAC11B3E49B71C3643FDF24F04C9244B8239CF55919F0FE9583CC98902C91EECFB32E46728053D2872DF8495B047977816466FEEDAB
          Malicious:false
          Reputation:unknown
          Preview:MXPXC9..J..ly..z.9..8G..~K#B..Z..Qp...j.).............)Z.....\.Ve.(..}..Wg2c..8.r..,.;:...D..9.~..!....P..I6.....u...........{}e..[1.P.^....o+...~...KG.v.-..e..h.0].a.&..O..!4....2..E....^.*..x9.....u.F...........?.d...H.v.q=.k...H...v...%.....F.!9...e.em......pX)......+.E.p!......]...\...."5W.!.....<..+../...+.Ob....A.B....l..5%C.`.w....i.,..'...'..=c.T...&..Z..L.6.......M..R...R.&...".'.b ...C....J.....A%..)d..yl..#....s..B.....CWh.......%......7......PBa..?}eRH.+:........A.\.......z|..^.......(~8..4.m.........U....~W2!..?....l..|...`.M#AW.w."?...MG.'A..9.a.:D..>..#.D".c.G..A..[....one....M..S...1.....YB...."5#.=....Vu.G..Q...~.Q.A.S-..Yl..e.gp.F.H......t..7.V..b.........{..\.... {...yv.zQo6^.i.h[..A..............QS..;P....8.i.nM..]....f.....l......0..sG..........#.......a....h>.E2....& ..D.H.~?.xA..H..].R..D...Q.aeQ+...$..=...8).~.......0=..U.5.aHp.d$...._...L..h].............<..*....lF...[m..................].K...0......P:;W...2....Z

          C:\Users\user\Desktop\MXPXCVPDVN\NEBFQQYWPS.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.853048708006641
          Encrypted:false
          SSDEEP:
          MD5:4DAB2170A306DD998DFAF669787BFF7F
          SHA1:BD0B72B58B44900F0D0E89A179F8CCC87FF80BEC
          SHA-256:A48881EAC2E4E5AD8C5C8549EA8029A9816493B8179DFDD0F6B0B9721388058E
          SHA-512:5C222877ABEA61D461DBEB3A00196A1CC6FE182C10E565D8535F4DF12EC3603A22BBE65993DFA0E1DBD5D2BAB553952D3240BAD0F7F4E7AF3DAD4425041F0006
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ..).......}S....%.>.....Pq...H....w...Z..2.4...%...T...9..g...bq.D...}..Tn.,.)bJ../%.*...H.f.#..V..A+2k.8.]M:.k...7.4Sv...J.Wp....G"....._4.:&.HnO.9.Fn.H..2.d.KQ.-.|..j..p.......[.U'x.H.l.r~....6...".+.......0..c..$.< m....O..'...7......2.A.e.{.a.....W........KM<.(..j.rN4GA..Ks.g....Dr ...X..W...K72...r..p.7a?9.>g........fr..<...N#.f..R....fp.>f..}./P.V....P...,!.8..b.....`...1.w..TRY.{...h\..r.a...s........rI.D0...s..J..}...\.q..\k.f>.pL..{.X.u..B..U.....f..=g.I...+..........".X..y@n.(|#!|LfF..d&..o$W'....]..c..KsLj....k ......ol..W.P...g.F.....Jz.....A........_.DO.].....nVr...mNm..l"Lw.~M..>.3...8.xL.=..4C....nE..h.. ...............OU..j`C..ru.....u.X..n..St.q.S.W....PD.....SWD..a......k.}...o..K./..Z.........&..@........J0...]...4.w......................x..2.M...]..T..A=...t>A..u[^....j.......M..g....g.k.EA..xr1i41....g......*.`5.."..W..I..R.......O)...ErAk.z.#O...Y<b_..)G.....:2.v....rSS.n.u...i.v.2....!.U..^.4...C

          C:\Users\user\Desktop\MXPXCVPDVN\NEBFQQYWPS.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4DAB2170A306DD998DFAF669787BFF7F
          SHA1:BD0B72B58B44900F0D0E89A179F8CCC87FF80BEC
          SHA-256:A48881EAC2E4E5AD8C5C8549EA8029A9816493B8179DFDD0F6B0B9721388058E
          SHA-512:5C222877ABEA61D461DBEB3A00196A1CC6FE182C10E565D8535F4DF12EC3603A22BBE65993DFA0E1DBD5D2BAB553952D3240BAD0F7F4E7AF3DAD4425041F0006
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ..).......}S....%.>.....Pq...H....w...Z..2.4...%...T...9..g...bq.D...}..Tn.,.)bJ../%.*...H.f.#..V..A+2k.8.]M:.k...7.4Sv...J.Wp....G"....._4.:&.HnO.9.Fn.H..2.d.KQ.-.|..j..p.......[.U'x.H.l.r~....6...".+.......0..c..$.< m....O..'...7......2.A.e.{.a.....W........KM<.(..j.rN4GA..Ks.g....Dr ...X..W...K72...r..p.7a?9.>g........fr..<...N#.f..R....fp.>f..}./P.V....P...,!.8..b.....`...1.w..TRY.{...h\..r.a...s........rI.D0...s..J..}...\.q..\k.f>.pL..{.X.u..B..U.....f..=g.I...+..........".X..y@n.(|#!|LfF..d&..o$W'....]..c..KsLj....k ......ol..W.P...g.F.....Jz.....A........_.DO.].....nVr...mNm..l"Lw.~M..>.3...8.xL.=..4C....nE..h.. ...............OU..j`C..ru.....u.X..n..St.q.S.W....PD.....SWD..a......k.}...o..K./..Z.........&..@........J0...]...4.w......................x..2.M...]..T..A=...t>A..u[^....j.......M..g....g.k.EA..xr1i41....g......*.`5.."..W..I..R.......O)...ErAk.z.#O...Y<b_..)G.....:2.v....rSS.n.u...i.v.2....!.U..^.4...C

          C:\Users\user\Desktop\MXPXCVPDVN\NVWZAPQSQL.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.848551203760534
          Encrypted:false
          SSDEEP:
          MD5:599A3F71E791410822BF185255A0BFF9
          SHA1:363C536D20E3F7D02D4B9B50C1F9A5D6377AA1DE
          SHA-256:C5C132E04A6E72F5CDE46DCE87CD4E89E4482571E0D6E93DC836B48A169EF40E
          SHA-512:D16D7B0570AE1948CE553FFF3D2E2273F7F5F06541D281C939DCACCDACE85168A3A94D692385675D3ACEC957145EB9A029040C8198B560A86E3AE3349798FDF3
          Malicious:false
          Reputation:unknown
          Preview:NVWZA.P..|z..!..t..5....WL^...$P9.b.cY...s.+.).d.17:......H.'.Z).J.n.9.}..T..G.>r!\.p.._....]..q...G?....Xt.4@8..U.O.5.9......k.3....!. ..O-.O.O....q.HO...`.At,..Y.....;...u}.T.n.J._G<V.*....kHw..3.J1<U......Z.L&......OC..r7B.H$.d.gG.................P....n....U........a.....!,..*./...m.....02La(.v.+d.8..-K..e2~..H..n.n.y0....b]7...._.qGhg...-.Xq4?.z@..F"-.).P.>.>g.4....A.;..2l[..-.6Q.D...%........aM....R...$g.x.Ff%.r..>..D.... -.......xq..578"....E....r..'...r,...{l........).U....Yb..*.Eai..H.NX.Y...I..3..|...u...nb.....M.u...5B..f...t {Lc..5]C....-......A.o..)..7..a..I....~kp....%.....G...M...WH.X..}.{../07.c....n...].....vT.-j.mY.`....*Ju.W.kb.U<|....(.9..5..D...1+g.4.')..!....{.(.4.6....Lb.......te..'..o..w*...}SQa)RE....:.Hv....i....W..k.v.t..2T..7.B#9.V...~..S.Hk.n..XO.59.....U..(....d...cD_.S.....j...iA...Bc..Ou>.A.O ..L{..../.B....W.oY/..w../k.X.C...!..86.j.{.{.&%.x.\.a=.k..D.q....(p.....n..4M{K.....#..^.\...=|O...

          C:\Users\user\Desktop\MXPXCVPDVN\NVWZAPQSQL.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:599A3F71E791410822BF185255A0BFF9
          SHA1:363C536D20E3F7D02D4B9B50C1F9A5D6377AA1DE
          SHA-256:C5C132E04A6E72F5CDE46DCE87CD4E89E4482571E0D6E93DC836B48A169EF40E
          SHA-512:D16D7B0570AE1948CE553FFF3D2E2273F7F5F06541D281C939DCACCDACE85168A3A94D692385675D3ACEC957145EB9A029040C8198B560A86E3AE3349798FDF3
          Malicious:false
          Reputation:unknown
          Preview:NVWZA.P..|z..!..t..5....WL^...$P9.b.cY...s.+.).d.17:......H.'.Z).J.n.9.}..T..G.>r!\.p.._....]..q...G?....Xt.4@8..U.O.5.9......k.3....!. ..O-.O.O....q.HO...`.At,..Y.....;...u}.T.n.J._G<V.*....kHw..3.J1<U......Z.L&......OC..r7B.H$.d.gG.................P....n....U........a.....!,..*./...m.....02La(.v.+d.8..-K..e2~..H..n.n.y0....b]7...._.qGhg...-.Xq4?.z@..F"-.).P.>.>g.4....A.;..2l[..-.6Q.D...%........aM....R...$g.x.Ff%.r..>..D.... -.......xq..578"....E....r..'...r,...{l........).U....Yb..*.Eai..H.NX.Y...I..3..|...u...nb.....M.u...5B..f...t {Lc..5]C....-......A.o..)..7..a..I....~kp....%.....G...M...WH.X..}.{../07.c....n...].....vT.-j.mY.`....*Ju.W.kb.U<|....(.9..5..D...1+g.4.')..!....{.(.4.6....Lb.......te..'..o..w*...}SQa)RE....:.Hv....i....W..k.v.t..2T..7.B#9.V...~..S.Hk.n..XO.59.....U..(....d...cD_.S.....j...iA...Bc..Ou>.A.O ..L{..../.B....W.oY/..w../k.X.C...!..86.j.{.{.&%.x.\.a=.k..D.q....(p.....n..4M{K.....#..^.\...=|O...

          C:\Users\user\Desktop\MXPXCVPDVN\PWCCAWLGRE.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.837406362060183
          Encrypted:false
          SSDEEP:
          MD5:EF3CF76CE9F3E3D971ACBCE9E57AFB6A
          SHA1:26A2181427405F941F2E29EB1EF65CF681FED4A3
          SHA-256:9DC59902A23DE58BAF9725AFAE18BE86C887ECAD339CCBD8BCC723E486F4A86C
          SHA-512:1E046C9974005B7B528F2D92F0DCE1CDAD8165A70B71F4EB374B70E1B4CAB73710414888B8295EC27CFD97CFFE33BA30A33BB4677E90E5D2896DEDEB36B7E8C4
          Malicious:false
          Reputation:unknown
          Preview:PWCCA......\_...-$H0+...r....A..<0.E.....5W.......D.T.~...O.f.P...=L./.0q..M..Uq9.w..bR .......}....\...d.ot..K'.E.r2.4c../g.h..p....x....:..+FL.Lz....#.W.cP......Z.......'@..T*..[......#!....".v.gz)C......Gf.k...Ui..="..Y'..".....O...G..]Sl7.F..#......vZ...J.A:f.A.^._..[A.VoLG.I...{"..=....D..gb.ZO.^.....Sjb.d..|!.z....<P.Wo ;.$...2k.~n....$w!..o~x......6... '..C)..F'/..8.[."~.........`..o.G3.I.a.."......y.'.B.`..Q.Z.U{g..&M'..V#L.@.XY3.G<...\5I.].- .......l.Uf....P.(....o?1c._U..L~...........d.........qz&.]....."........%.p..3..G.....Bk_w..w.....7.@A......:...k..n...r.axwE...2../.#.g.w-..J.".|..z.A..m.?...Tu..sJ......5.2..~zaP.X.D.>..V..PxV....h....x.../2.;.(....n.[.....p.J~74...G..X....e.:....._y... q8....Z.0M..z..Qi..".......*H.#l.N5.,p.z.qE.N.d@..d.B..Rm....P.d..IF./.]h.....F.g,'....X..Z..\...|..6w.~#...=*..-.G..k..w..........{(|Q.g..cZBS:..!.b....d./<.1.........8....bZ..8..OA(... .9....W.C............@A.T`..*Zm....2...k~..s....q..

          C:\Users\user\Desktop\MXPXCVPDVN\PWCCAWLGRE.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:EF3CF76CE9F3E3D971ACBCE9E57AFB6A
          SHA1:26A2181427405F941F2E29EB1EF65CF681FED4A3
          SHA-256:9DC59902A23DE58BAF9725AFAE18BE86C887ECAD339CCBD8BCC723E486F4A86C
          SHA-512:1E046C9974005B7B528F2D92F0DCE1CDAD8165A70B71F4EB374B70E1B4CAB73710414888B8295EC27CFD97CFFE33BA30A33BB4677E90E5D2896DEDEB36B7E8C4
          Malicious:false
          Reputation:unknown
          Preview:PWCCA......\_...-$H0+...r....A..<0.E.....5W.......D.T.~...O.f.P...=L./.0q..M..Uq9.w..bR .......}....\...d.ot..K'.E.r2.4c../g.h..p....x....:..+FL.Lz....#.W.cP......Z.......'@..T*..[......#!....".v.gz)C......Gf.k...Ui..="..Y'..".....O...G..]Sl7.F..#......vZ...J.A:f.A.^._..[A.VoLG.I...{"..=....D..gb.ZO.^.....Sjb.d..|!.z....<P.Wo ;.$...2k.~n....$w!..o~x......6... '..C)..F'/..8.[."~.........`..o.G3.I.a.."......y.'.B.`..Q.Z.U{g..&M'..V#L.@.XY3.G<...\5I.].- .......l.Uf....P.(....o?1c._U..L~...........d.........qz&.]....."........%.p..3..G.....Bk_w..w.....7.@A......:...k..n...r.axwE...2../.#.g.w-..J.".|..z.A..m.?...Tu..sJ......5.2..~zaP.X.D.>..V..PxV....h....x.../2.;.(....n.[.....p.J~74...G..X....e.:....._y... q8....Z.0M..z..Qi..".......*H.#l.N5.,p.z.qE.N.d@..d.B..Rm....P.d..IF./.]h.....F.g,'....X..Z..\...|..6w.~#...=*..-.G..k..w..........{(|Q.g..cZBS:..!.b....d./<.1.........8....bZ..8..OA(... .9....W.C............@A.T`..*Zm....2...k~..s....q..

          C:\Users\user\Desktop\NEBFQQYWPS.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8398457045779315
          Encrypted:false
          SSDEEP:
          MD5:75E70DAD9AE37CC479FA0D522E4121BD
          SHA1:17817D2BBAF2899B093AF3F0C333FBB368799C6C
          SHA-256:D08D0CF626BA7E4064F2E08512BD897DD663A5E67C670961892E33EB63A0E8B5
          SHA-512:96B4BACA778077D426CA3D9C433A15378562728A58F58C635888931E69D13587D79FC53795386FC62558381B6FBCAD7A04623EEE873F7FFD804B96465B86A9B9
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ..q......<...mX.2.}w..A.2S..(.Z...Y0....%w.>..`..3.Y..T.%..>'....{..(!...Tr..t...e.v8....Jf..D@..qb..%.q..jE...#...C.&.).vA....U........o..... .\....s@.M@..n.7E.Gx..}2 ...p...M.S....0....n#...K...(j.\1fJ.H..-...4.z3LCE.z.B...<.sV.f.i9Ppp../T.I...!.p.... ..p...?cm.G7..x..-........!.4..m..9...M^g.w..x...l."Q.8..^4.....N629C!VDv.PnU..Dp....Dh+.E.!We....g..(...W..hZ.....|i.n....6.*..)...:..Q...a.2.}.f.+.....#..k....7.ZMz..3n..Q...C2A.}..U....C..^...:..hW..`....00^,c.I......u......LU.3N.4<O.L...5..=P.HV.B.V..|...^.< ....q...#..._.*.' ....Rgg1.+Z.T.....>....<uY.3.A^.m.OA.. l.8%Z..8g...v...H..m..Ru. #.|.A.P... ................v..Aq...t.p.;TS.K.M..SIqq.%E.R.8......\...d.v..!...]..r.-z...L.\|.t&..Q..Q...o~Y...V....0.... . oM..QEo6~n..v..G`.....|?.......Z......}..9...\&?...w......./..y..s.5C.=.......)..Ka...*.. ..q[%v...Qa.wk..Y.@....y....9/..@Dph..q.p............C.z.bUJ....Y.....!`.....v;b.....e...Sw...E..;..A..i.4.3tE>.7a...Eb.......+...../.....

          C:\Users\user\Desktop\NEBFQQYWPS.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:75E70DAD9AE37CC479FA0D522E4121BD
          SHA1:17817D2BBAF2899B093AF3F0C333FBB368799C6C
          SHA-256:D08D0CF626BA7E4064F2E08512BD897DD663A5E67C670961892E33EB63A0E8B5
          SHA-512:96B4BACA778077D426CA3D9C433A15378562728A58F58C635888931E69D13587D79FC53795386FC62558381B6FBCAD7A04623EEE873F7FFD804B96465B86A9B9
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ..q......<...mX.2.}w..A.2S..(.Z...Y0....%w.>..`..3.Y..T.%..>'....{..(!...Tr..t...e.v8....Jf..D@..qb..%.q..jE...#...C.&.).vA....U........o..... .\....s@.M@..n.7E.Gx..}2 ...p...M.S....0....n#...K...(j.\1fJ.H..-...4.z3LCE.z.B...<.sV.f.i9Ppp../T.I...!.p.... ..p...?cm.G7..x..-........!.4..m..9...M^g.w..x...l."Q.8..^4.....N629C!VDv.PnU..Dp....Dh+.E.!We....g..(...W..hZ.....|i.n....6.*..)...:..Q...a.2.}.f.+.....#..k....7.ZMz..3n..Q...C2A.}..U....C..^...:..hW..`....00^,c.I......u......LU.3N.4<O.L...5..=P.HV.B.V..|...^.< ....q...#..._.*.' ....Rgg1.+Z.T.....>....<uY.3.A^.m.OA.. l.8%Z..8g...v...H..m..Ru. #.|.A.P... ................v..Aq...t.p.;TS.K.M..SIqq.%E.R.8......\...d.v..!...]..r.-z...L.\|.t&..Q..Q...o~Y...V....0.... . oM..QEo6~n..v..G`.....|?.......Z......}..9...\&?...w......./..y..s.5C.=.......)..Ka...*.. ..q[%v...Qa.wk..Y.@....y....9/..@Dph..q.p............C.z.bUJ....Y.....!`.....v;b.....e...Sw...E..;..A..i.4.3tE>.7a...Eb.......+...../.....

          C:\Users\user\Desktop\NEBFQQYWPS.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8640587469971965
          Encrypted:false
          SSDEEP:
          MD5:908740A00C25FA2E364DD4925EF4EAE6
          SHA1:75A90E6EC30725685AFFC527433C24A8BCEA2909
          SHA-256:16C42A02D4665FEDCF8D468C27228B62D525D321DF0C0286AD740158F3BE1E91
          SHA-512:5DE3563253311DB34ADE8F2CC55B073EF59259B1159765B02B851FE36E3146250C4B228751D5114AC97DCB148054E32F9E28FC91719D82051CAACC270D37D9D0
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ..**st.....!........&.K..(w._.b.A~f...DtaB\..R4.x......r...m....et.3t......HS...#ZE.a..|....u.P..m.......}x.....w.........{._.j.t`G$....T.I...,.....<....B3.."]......B...N]C.x..U.Rr`.u..y.......J@....)......>].1..&..}Z.-G.n..C... L....2I.k?.....F.0DZ.6S.{[[..7..7....e..N.......eH.$..I...s.n#..}..i.....@.....vw..6...Q./r.4.6).s.6.x,..8...`....D..*#9.&...\..|(]....1...N..].1..vAB ~d.3..w7..@..r.\X.0}1.5!6.?..R...]iC..Y.bz....S~h+.K9u. ..XL.M\Qb%..{e....]....5.W%m9.r.#F.jJ...t...M..It.B.7RL..@O2...c.A=.".......`...D....k4.......c@..#Z..uk7.R6q.d.1..P./.....8..TUo..}..;3..x.....L...#.m.5.I....W.......}..7lY...I.s...2h..n3.b....P...~.J...P...l....;....`$..<.#..p.?.o4.-.BZ..Ki&.C.....I..b.....J.S...s.D:1...@.80..u...*.l..p.>..M2..fR..i.]I,..$..a.._p...u*...}.R....=tkMe.....6:..&..a...1.7...E.[.....N<...5uT.0Ghz.......f./.&..|!.t...=B.V....A.....:....I.r.^Y{........D.,....h...*.;./.;(.%....).kVr.)G}1yN..6.F....W..N...|.P|

          C:\Users\user\Desktop\NEBFQQYWPS.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:908740A00C25FA2E364DD4925EF4EAE6
          SHA1:75A90E6EC30725685AFFC527433C24A8BCEA2909
          SHA-256:16C42A02D4665FEDCF8D468C27228B62D525D321DF0C0286AD740158F3BE1E91
          SHA-512:5DE3563253311DB34ADE8F2CC55B073EF59259B1159765B02B851FE36E3146250C4B228751D5114AC97DCB148054E32F9E28FC91719D82051CAACC270D37D9D0
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ..**st.....!........&.K..(w._.b.A~f...DtaB\..R4.x......r...m....et.3t......HS...#ZE.a..|....u.P..m.......}x.....w.........{._.j.t`G$....T.I...,.....<....B3.."]......B...N]C.x..U.Rr`.u..y.......J@....)......>].1..&..}Z.-G.n..C... L....2I.k?.....F.0DZ.6S.{[[..7..7....e..N.......eH.$..I...s.n#..}..i.....@.....vw..6...Q./r.4.6).s.6.x,..8...`....D..*#9.&...\..|(]....1...N..].1..vAB ~d.3..w7..@..r.\X.0}1.5!6.?..R...]iC..Y.bz....S~h+.K9u. ..XL.M\Qb%..{e....]....5.W%m9.r.#F.jJ...t...M..It.B.7RL..@O2...c.A=.".......`...D....k4.......c@..#Z..uk7.R6q.d.1..P./.....8..TUo..}..;3..x.....L...#.m.5.I....W.......}..7lY...I.s...2h..n3.b....P...~.J...P...l....;....`$..<.#..p.?.o4.-.BZ..Ki&.C.....I..b.....J.S...s.D:1...@.80..u...*.l..p.>..M2..fR..i.]I,..$..a.._p...u*...}.R....=tkMe.....6:..&..a...1.7...E.[.....N<...5uT.0Ghz.......f./.&..|!.t...=B.V....A.....:....I.r.^Y{........D.,....h...*.;./.;(.%....).kVr.)G}1yN..6.F....W..N...|.P|

          C:\Users\user\Desktop\NEBFQQYWPS.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8619923502572435
          Encrypted:false
          SSDEEP:
          MD5:8B636DDBA8AAAF4496DD8C8099ABA25E
          SHA1:7D4B27366264D436F7E16614C7693DF9D2373C77
          SHA-256:D3D7CA626626E6A877B62569D0C7D71B6E07CBA4EF5E7C950B5B3EEF25D7C2B6
          SHA-512:1C75C4511F03E61FD0239FFDA8286ECB926A2B4B57D2E3F1308E67D4E530941F1785A89E88C1DC04C8D6F2369BD3A9F1A2A22CFB5A6C18E12FA21AACBC529569
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ.z.....U...W..b?.6B.J\5.....A.....{FR.o../+........C.U.....-_'.O...:....k.y.9P.>czVr..\.....J.....^...8U./.W.A....'..4gj.S..3.l.\&......}AM.... .~L..Ig..Q..]`.N=k.......t..~....H..L...hvQ.".Y.jb.O..b..e.uq..U....y-.`..5B.O5..X.V'.r>.W.6.V...Tp.p(. .......... ...!...u...-3.yY.v`...98C.... ..Rp...z...R.`.....b..^.++....V.......95....].^........W...0.n...m..s.KR.]J....C.MZ.\..[.OeBY&.|1.5,&...?.Qt8...a9T.Uh..<.#1h2..3.|~..nA.$.....@.....@C....KpA.)Q.:.....[.;I.zh...+*.....^-...g.......L....M..g7.}....JP.Q.=.*..'...]..I..u..Dr.G...M..&......._.7WG..7l..p.....,.*.....+....2t8...5.'I-|.5.b...:.f...>..&d....*...\L4%..<.5..Ow.....S...1.......X.$......l..R.=,".. ....`Xv..%...0.......D1'....H.G|n~.x.zS...&.I._....NQ`@|.}...Rb.&....u..n.......`....V.*..S@QKI.!.....l..?......S.!..y..8...y..Y...}.o..,gn.\...........u.....f..]..5.joc.LW.\.R. ..G.MT'....;..#..S..?.....M..q..@..M..|.....QAi:.`(`...OB!....O.6........*.....<F%.....1.........1....b.U.w.(X.<

          C:\Users\user\Desktop\NEBFQQYWPS.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8B636DDBA8AAAF4496DD8C8099ABA25E
          SHA1:7D4B27366264D436F7E16614C7693DF9D2373C77
          SHA-256:D3D7CA626626E6A877B62569D0C7D71B6E07CBA4EF5E7C950B5B3EEF25D7C2B6
          SHA-512:1C75C4511F03E61FD0239FFDA8286ECB926A2B4B57D2E3F1308E67D4E530941F1785A89E88C1DC04C8D6F2369BD3A9F1A2A22CFB5A6C18E12FA21AACBC529569
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ.z.....U...W..b?.6B.J\5.....A.....{FR.o../+........C.U.....-_'.O...:....k.y.9P.>czVr..\.....J.....^...8U./.W.A....'..4gj.S..3.l.\&......}AM.... .~L..Ig..Q..]`.N=k.......t..~....H..L...hvQ.".Y.jb.O..b..e.uq..U....y-.`..5B.O5..X.V'.r>.W.6.V...Tp.p(. .......... ...!...u...-3.yY.v`...98C.... ..Rp...z...R.`.....b..^.++....V.......95....].^........W...0.n...m..s.KR.]J....C.MZ.\..[.OeBY&.|1.5,&...?.Qt8...a9T.Uh..<.#1h2..3.|~..nA.$.....@.....@C....KpA.)Q.:.....[.;I.zh...+*.....^-...g.......L....M..g7.}....JP.Q.=.*..'...]..I..u..Dr.G...M..&......._.7WG..7l..p.....,.*.....+....2t8...5.'I-|.5.b...:.f...>..&d....*...\L4%..<.5..Ow.....S...1.......X.$......l..R.=,".. ....`Xv..%...0.......D1'....H.G|n~.x.zS...&.I._....NQ`@|.}...Rb.&....u..n.......`....V.*..S@QKI.!.....l..?......S.!..y..8...y..Y...}.o..,gn.\...........u.....f..]..5.joc.LW.\.R. ..G.MT'....;..#..S..?.....M..q..@..M..|.....QAi:.`(`...OB!....O.6........*.....<F%.....1.........1....b.U.w.(X.<

          C:\Users\user\Desktop\NVWZAPQSQL.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.865946545049136
          Encrypted:false
          SSDEEP:
          MD5:F236263FFFE989EEF3BB1429C34C150A
          SHA1:66071474B3DCA7D4BDAB2CE51A6B79245BE1180F
          SHA-256:E1313D7836F02F3B2B2F19486A7233DEE69882A51C81A340D907AE4647FB3C0D
          SHA-512:05CCEDA1008C068C0D30B86CDAA81AE08C35437392A071DA74E5ADB379A7C8425D57EBA3C2B8A68BBBE1253A72C17CB3E0DC4502F6E1A79CB6219582990C3DDB
          Malicious:false
          Reputation:unknown
          Preview:NVWZA.)..Q..h.:..bBH.c.6.nV.5..P*..}Bh+.{.....J}......48A_..........A...NGWu ..$N.v.N.3...L*..d..V....Y....$.QA.L.....e...@.*..F. ....&`....['.z[.|.....G....qv.cq;..r.e..#.VAnH.J....?\.R..TA..]5....G....Z......s..:.ap1....Z...N....#......8.'u.I..{o.n.Q.cQ%Df.g..C.j..G..;..:)..%..7....{./..]u. .=.F>z...t.....F..G...YHRK.)...=.1....o.g.-.o>q.....X.........k.8.1..goj...p....^..i.T...R....ZMX..../.D..)`1E..u.+..1B.!.Cz.m..r..\P....|*.#.P(E........"z.5...V...w"..[.._W............+...Vd{rY\...t.F.['....z......lS..g..?......|T}v...e..-..u/..i{<....'.Bf.c...6m(g..n|.q.;7X..r.... ..>.J.w.. by:....D.~.\~.]...u...Z.5d..#[..r......{!..W..kC~...r.v..N*H.HV.......M......:... a.v.P3g....._........R:;G...<..&.D....D-[...<...J.?4........^..5.7I.f)..s7...K.-!...TzD.@.kb;)V~NAd......9...r.f...".j..}..0^#.5jNB....dm..>.v...`,.....5....R.......G.HY.rP..A.o.]...q.f.....;..j..B..h....Q.`..!U....J.~.k9}".T..@.]......I.....g..u....5...5..73.v./..7.7Q.o.<..P.....

          C:\Users\user\Desktop\NVWZAPQSQL.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F236263FFFE989EEF3BB1429C34C150A
          SHA1:66071474B3DCA7D4BDAB2CE51A6B79245BE1180F
          SHA-256:E1313D7836F02F3B2B2F19486A7233DEE69882A51C81A340D907AE4647FB3C0D
          SHA-512:05CCEDA1008C068C0D30B86CDAA81AE08C35437392A071DA74E5ADB379A7C8425D57EBA3C2B8A68BBBE1253A72C17CB3E0DC4502F6E1A79CB6219582990C3DDB
          Malicious:false
          Reputation:unknown
          Preview:NVWZA.)..Q..h.:..bBH.c.6.nV.5..P*..}Bh+.{.....J}......48A_..........A...NGWu ..$N.v.N.3...L*..d..V....Y....$.QA.L.....e...@.*..F. ....&`....['.z[.|.....G....qv.cq;..r.e..#.VAnH.J....?\.R..TA..]5....G....Z......s..:.ap1....Z...N....#......8.'u.I..{o.n.Q.cQ%Df.g..C.j..G..;..:)..%..7....{./..]u. .=.F>z...t.....F..G...YHRK.)...=.1....o.g.-.o>q.....X.........k.8.1..goj...p....^..i.T...R....ZMX..../.D..)`1E..u.+..1B.!.Cz.m..r..\P....|*.#.P(E........"z.5...V...w"..[.._W............+...Vd{rY\...t.F.['....z......lS..g..?......|T}v...e..-..u/..i{<....'.Bf.c...6m(g..n|.q.;7X..r.... ..>.J.w.. by:....D.~.\~.]...u...Z.5d..#[..r......{!..W..kC~...r.v..N*H.HV.......M......:... a.v.P3g....._........R:;G...<..&.D....D-[...<...J.?4........^..5.7I.f)..s7...K.-!...TzD.@.kb;)V~NAd......9...r.f...".j..}..0^#.5jNB....dm..>.v...`,.....5....R.......G.HY.rP..A.o.]...q.f.....;..j..B..h....Q.`..!U....J.~.k9}".T..@.]......I.....g..u....5...5..73.v./..7.7Q.o.<..P.....

          C:\Users\user\Desktop\PWCCAWLGRE.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.831709296466858
          Encrypted:false
          SSDEEP:
          MD5:09030CB295ACBC5A5B4D77B577366E49
          SHA1:96D4679A929CDFB8496799326FD19D76A0BFC12C
          SHA-256:523ABCC4E2CECACF9CF07D1A21D340DEBF1C5D36BA7D4B66902CE8AF3ABD465D
          SHA-512:28521FB4CA8ED7D128CD5A7575DDB1F3AA53B93D88C725148B86FFCB165099AD2E2820D4DD62CFD04E9A4DEFF655DF7947A76C9258DD58C1A34B3E6EE4688321
          Malicious:false
          Reputation:unknown
          Preview:PWCCA..!v.I..-.;....j...b..][.Vi..k.....AAL...t...r=..Fg{..^/M...N.6vo...k.(....t....Pt.....L.].....g.<.C.i`m......=)..LA..P.g\>..rm......\....Nn....0c.X.....e.NA.%D.:.zHX\g..-z.|.d#n..~..oM.x...&..|SE....ikv).B...;.X\...qLF.....G....p{...&.]pF.f.Y.A}.......!2a.".A.Y..|f.0LB..L.qf.q.*M\HaF.pO..;. .M\).P.........[.N..dB...f............|..8..E_....2..f.8....y..*0}j.dN.8...lu...i@.<z.>.S....a....v....y.C....95W.&..6'6eL...... ..D..HI...)A{<....VC*4.q.d.y..D.6....`..J....gr..Z..Z.......:v..L6.)s.7.G...7y..........m6.y>...]p...r._....{~........D4....l.f......V.....k....o.y.......@^Np0Nz>.ci..Q`.K...wr.Q....?.....Nj...../...^..q..c.....4...1../.3..u./...5)..+...._./...*....}......r.O.`4*0^....C..../dA...E..@`2..sG..j..P,....U...t..^5..KLPW..C,..[v.Y2.....).P...m$...7..w.. .j.....vp.....q..7.8...q5..,..>.....2..=...1J.3.../.$f-..........R.t.......@....a.....tmH^.).H.Mc.p4..K..2.."<.....V..y...!+.N...\....I.5.\...f..Y..Jt.k.c.+.e.t......

          C:\Users\user\Desktop\PWCCAWLGRE.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:09030CB295ACBC5A5B4D77B577366E49
          SHA1:96D4679A929CDFB8496799326FD19D76A0BFC12C
          SHA-256:523ABCC4E2CECACF9CF07D1A21D340DEBF1C5D36BA7D4B66902CE8AF3ABD465D
          SHA-512:28521FB4CA8ED7D128CD5A7575DDB1F3AA53B93D88C725148B86FFCB165099AD2E2820D4DD62CFD04E9A4DEFF655DF7947A76C9258DD58C1A34B3E6EE4688321
          Malicious:false
          Reputation:unknown
          Preview:PWCCA..!v.I..-.;....j...b..][.Vi..k.....AAL...t...r=..Fg{..^/M...N.6vo...k.(....t....Pt.....L.].....g.<.C.i`m......=)..LA..P.g\>..rm......\....Nn....0c.X.....e.NA.%D.:.zHX\g..-z.|.d#n..~..oM.x...&..|SE....ikv).B...;.X\...qLF.....G....p{...&.]pF.f.Y.A}.......!2a.".A.Y..|f.0LB..L.qf.q.*M\HaF.pO..;. .M\).P.........[.N..dB...f............|..8..E_....2..f.8....y..*0}j.dN.8...lu...i@.<z.>.S....a....v....y.C....95W.&..6'6eL...... ..D..HI...)A{<....VC*4.q.d.y..D.6....`..J....gr..Z..Z.......:v..L6.)s.7.G...7y..........m6.y>...]p...r._....{~........D4....l.f......V.....k....o.y.......@^Np0Nz>.ci..Q`.K...wr.Q....?.....Nj...../...^..q..c.....4...1../.3..u./...5)..+...._./...*....}......r.O.`4*0^....C..../dA...E..@`2..sG..j..P,....U...t..^5..KLPW..C,..[v.Y2.....).P...m$...7..w.. .j.....vp.....q..7.8...q5..,..>.....2..=...1J.3.../.$f-..........R.t.......@....a.....tmH^.).H.Mc.p4..K..2.."<.....V..y...!+.N...\....I.5.\...f..Y..Jt.k.c.+.e.t......

          C:\Users\user\Desktop\PWCCAWLGRE.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.855632163333937
          Encrypted:false
          SSDEEP:
          MD5:83EB21EDCBD626B22B0DBE05993BA522
          SHA1:C8B72F89D5DBEE0EB5EE3F125F1CFFEDD899B974
          SHA-256:D7CD54A7406EB2C139F6739EF94400344F2F5718D4901BAAE3C93EDF0B1AC4F2
          SHA-512:58B1EC01339E12A7B47D5D389AD01B6FBC1CF9FE83C6E04B940DD5193DD3D4D958A39817500595CC60C1436214AF1E42C8FD30C905002783470263F161422942
          Malicious:false
          Reputation:unknown
          Preview:PWCCA.2.k ..c.l.k..>.Y..+.+_......T.6F].2?...Sb.w.,@lQ.um.P........{q..K*e?...3..k.Z..HcC>....B~1..y.y.4......~d..n......."...j.=..{..jmb@..A%Tj.......x..!:+....D.z..vry.E..C.)....Z......] ..B.....g........"..\^..........A..%..j.W.7\.PS}..J..J....x../h......w......./Wl`.._......m~y.f.g...n|..~.H..u.m.s.A..L.Wp.t.P3....9..e>i....{..J.T.y..Y.f..........I:Pg..d|v...+..C....@...O.....b.>..8.|.y..~_:.PR.V.7...3.b.Z.x.A..$.>K{.I..N.{.....7.E.:......<X.....]..m.m.....{.b...o..SEzu.gRL.A...C........."..I......}jz^..j.T.u...S[L.....H..|u......=......).IM...t)u..d......4......m...t..j.....#/.+ch.w/~KRP._-.7`._.isi...........).~...uL.....&.+2.e..].;12F.B.......8.Q...[..&Q....A...~k...wq3.$.]%..o..<.0.`...d3...V.. ......#..@..X.#......Ikg....p....9+Ib....Bk..lq.T..`..h8.<#..P.V....$8.:...)..?.@..s~RE....nU..E.<.g..P..y.l(...L...Z".....E.x...G...+.F.c.PcHc.....hdy.)....TJ....>..D.7O@...."....?(.&.....x$.2/........ ..<H..7R .Wr...K0fh..U.?.......`]Q.

          C:\Users\user\Desktop\PWCCAWLGRE.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:83EB21EDCBD626B22B0DBE05993BA522
          SHA1:C8B72F89D5DBEE0EB5EE3F125F1CFFEDD899B974
          SHA-256:D7CD54A7406EB2C139F6739EF94400344F2F5718D4901BAAE3C93EDF0B1AC4F2
          SHA-512:58B1EC01339E12A7B47D5D389AD01B6FBC1CF9FE83C6E04B940DD5193DD3D4D958A39817500595CC60C1436214AF1E42C8FD30C905002783470263F161422942
          Malicious:false
          Reputation:unknown
          Preview:PWCCA.2.k ..c.l.k..>.Y..+.+_......T.6F].2?...Sb.w.,@lQ.um.P........{q..K*e?...3..k.Z..HcC>....B~1..y.y.4......~d..n......."...j.=..{..jmb@..A%Tj.......x..!:+....D.z..vry.E..C.)....Z......] ..B.....g........"..\^..........A..%..j.W.7\.PS}..J..J....x../h......w......./Wl`.._......m~y.f.g...n|..~.H..u.m.s.A..L.Wp.t.P3....9..e>i....{..J.T.y..Y.f..........I:Pg..d|v...+..C....@...O.....b.>..8.|.y..~_:.PR.V.7...3.b.Z.x.A..$.>K{.I..N.{.....7.E.:......<X.....]..m.m.....{.b...o..SEzu.gRL.A...C........."..I......}jz^..j.T.u...S[L.....H..|u......=......).IM...t)u..d......4......m...t..j.....#/.+ch.w/~KRP._-.7`._.isi...........).~...uL.....&.+2.e..].;12F.B.......8.Q...[..&Q....A...~k...wq3.$.]%..o..<.0.`...d3...V.. ......#..@..X.#......Ikg....p....9+Ib....Bk..lq.T..`..h8.<#..P.V....$8.:...)..?.@..s~RE....nU..E.<.g..P..y.l(...L...Z".....E.x...G...+.F.c.PcHc.....hdy.)....TJ....>..D.7O@...."....?(.&.....x$.2/........ ..<H..7R .Wr...K0fh..U.?.......`]Q.

          C:\Users\user\Desktop\QNCYCDFIJJ.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.847144492696784
          Encrypted:false
          SSDEEP:
          MD5:E5F49D6FDE1B729C1EE72F4BC7705431
          SHA1:82FAD03CFE60D78BE3F4F2E6814313F991546ECC
          SHA-256:E83D45BADFC36F3A3F8064C3CA8F3D543F7FAB0C951A0D219C17ECB6E586C12E
          SHA-512:BB51DBE25DEFA3C39547C8FFA37015095E72DCF4F01526E521FFFD1968BF0C782A32467ED020754FAF29CB33C39655C1F0F87EA85A606679A8902CDB32F8B041
          Malicious:false
          Reputation:unknown
          Preview:QNCYC]...|#........A.Q...a......-.4.3...J...c...C...9S...q;..fc4O.0...K.q........`.9..aW.M.....*X......!p3.}...(*..f...O.....s.m,.{...d.p.$...V.BeKS. +.'.%..@u...../$rY....T_.N.j.9..P.8a.!.i.......D........E...&(K.....v.t......o.d."..8..v.p.ZB...iW...U..s....4^9..3....4.3d?o<.]..yOv..a..il.=..H..iE...e.u#\..:...!....B.{..PHw,..g.;..kY..Q..D..@.....1,.......k....[$..c..d...q..(_..A.F...z.....(..T9.5....~|...r.{...../...`.....W....#s.. Z.....T.wc...j.H`...S.*.?J|g.9..8.B.....7^/..q.lW..;{".....8j2:.$.=J.(....L...]..U.>...1C....G9X...*.B..gJ..u6.-1.....*i..S.dm..1..>R.F|..T.5....x.\.C,=...l.#.c.Ig-.x..1... .... .m......'M...v.......%.3..'.Y..-..........,..{...0AaoGM..bz.\H..X...;..u...j..~... ..T.....\.Q.....o.......Z..#...}...X~....t.6....Ty..a..N@.Y5.sJ..l...n....$q!0...,-.-m..6.:....M.ZZ.T.OY<.1.0.R..`z|b.........O.b..o.C,.3E...0&c.1^W.@..N..X+~NV......L.YZ].'h....!....1S....X..,.x.*.A.c[.Mf.`..:.Z.+h.N..\9.RE.A.4tJ{F.........3zM.,"5.[Q.:.T.

          C:\Users\user\Desktop\QNCYCDFIJJ.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E5F49D6FDE1B729C1EE72F4BC7705431
          SHA1:82FAD03CFE60D78BE3F4F2E6814313F991546ECC
          SHA-256:E83D45BADFC36F3A3F8064C3CA8F3D543F7FAB0C951A0D219C17ECB6E586C12E
          SHA-512:BB51DBE25DEFA3C39547C8FFA37015095E72DCF4F01526E521FFFD1968BF0C782A32467ED020754FAF29CB33C39655C1F0F87EA85A606679A8902CDB32F8B041
          Malicious:false
          Reputation:unknown
          Preview:QNCYC]...|#........A.Q...a......-.4.3...J...c...C...9S...q;..fc4O.0...K.q........`.9..aW.M.....*X......!p3.}...(*..f...O.....s.m,.{...d.p.$...V.BeKS. +.'.%..@u...../$rY....T_.N.j.9..P.8a.!.i.......D........E...&(K.....v.t......o.d."..8..v.p.ZB...iW...U..s....4^9..3....4.3d?o<.]..yOv..a..il.=..H..iE...e.u#\..:...!....B.{..PHw,..g.;..kY..Q..D..@.....1,.......k....[$..c..d...q..(_..A.F...z.....(..T9.5....~|...r.{...../...`.....W....#s.. Z.....T.wc...j.H`...S.*.?J|g.9..8.B.....7^/..q.lW..;{".....8j2:.$.=J.(....L...]..U.>...1C....G9X...*.B..gJ..u6.-1.....*i..S.dm..1..>R.F|..T.5....x.\.C,=...l.#.c.Ig-.x..1... .... .m......'M...v.......%.3..'.Y..-..........,..{...0AaoGM..bz.\H..X...;..u...j..~... ..T.....\.Q.....o.......Z..#...}...X~....t.6....Ty..a..N@.Y5.sJ..l...n....$q!0...,-.-m..6.:....M.ZZ.T.OY<.1.0.R..`z|b.........O.b..o.C,.3E...0&c.1^W.@..N..X+~NV......L.YZ].'h....!....1S....X..,.x.*.A.c[.Mf.`..:.Z.+h.N..\9.RE.A.4tJ{F.........3zM.,"5.[Q.:.T.

          C:\Users\user\Desktop\SFPUSAFIOL.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.861081837347762
          Encrypted:false
          SSDEEP:
          MD5:5922D629F00C4A85B40DE0EC2E5B93B1
          SHA1:E5D38C0CDD7BF697C6CAA1F8E59078F53AD46A6E
          SHA-256:5A76B7EF6ABF2007F051F74FB2CFBB5B17FC7AE5DA4FBB296988F182AA9F146F
          SHA-512:71A489396F46252478572C3900CF18498152C5CE857C45945F4D9A341A075DAA24130E119C48F0C20DF759880A05367F6BAB25227CD7BC61C7396A483EE5B502
          Malicious:false
          Reputation:unknown
          Preview:SFPUS...`j./l.7.Nx..X,/....E..'.."....1.}......c.s[3...\BU.....A..Q$..7.|b...R....j2.<.,..EC-qHqn>.9x.....D.n.z...C.U.]X.F@?.3.6.5)0...&../0...w.S..Q.......z.l.g...........0(C.D.!......j.....o...%..~b.X/\..7..1<.......].].P..E_2#3..N|...?x.Rz.......j..R).+...."...........A=......j..%I)i.pq:kv..mo.>..s...<.{......,1......^.B...#~.B.).v...H.H...*.0=.3}... "l...^......B..:...L.+......G....m....v$...t...7.m'W..y......V..[.`..k.........wG:F\T:%)$^..8!J.9..!oW/#0....o@fYZ.......^.y~.o.2.-r.at.N ......s..1........fE..}L...f...?-w.ZZL..<.......W..~......Fd...;.EK[`.......pD*...zX%QBp.:..z.p..M.j&.3..<.{l..Y2..\.h.._T.]..6..@H......P..y5.n:........F.mB.H...Q.O..vC:tq.t.$.Y....4..4.#.].5..."....*.F/>;....-.O.[T...}f.c.]1..|.f,........`.o.......Y.M.8....*..f......!..n..3....H....I9.....Gp...f(...q.......W..i.....Y.......j{.yA..d=..p.e.....V.._....u.W76......."...t...j.;.s9v.g.Kg...!B9.g(.zw.S H..1.pc.. .9.z..r......../.:..g[..95

          C:\Users\user\Desktop\SFPUSAFIOL.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5922D629F00C4A85B40DE0EC2E5B93B1
          SHA1:E5D38C0CDD7BF697C6CAA1F8E59078F53AD46A6E
          SHA-256:5A76B7EF6ABF2007F051F74FB2CFBB5B17FC7AE5DA4FBB296988F182AA9F146F
          SHA-512:71A489396F46252478572C3900CF18498152C5CE857C45945F4D9A341A075DAA24130E119C48F0C20DF759880A05367F6BAB25227CD7BC61C7396A483EE5B502
          Malicious:false
          Reputation:unknown
          Preview:SFPUS...`j./l.7.Nx..X,/....E..'.."....1.}......c.s[3...\BU.....A..Q$..7.|b...R....j2.<.,..EC-qHqn>.9x.....D.n.z...C.U.]X.F@?.3.6.5)0...&../0...w.S..Q.......z.l.g...........0(C.D.!......j.....o...%..~b.X/\..7..1<.......].].P..E_2#3..N|...?x.Rz.......j..R).+...."...........A=......j..%I)i.pq:kv..mo.>..s...<.{......,1......^.B...#~.B.).v...H.H...*.0=.3}... "l...^......B..:...L.+......G....m....v$...t...7.m'W..y......V..[.`..k.........wG:F\T:%)$^..8!J.9..!oW/#0....o@fYZ.......^.y~.o.2.-r.at.N ......s..1........fE..}L...f...?-w.ZZL..<.......W..~......Fd...;.EK[`.......pD*...zX%QBp.:..z.p..M.j&.3..<.{l..Y2..\.h.._T.]..6..@H......P..y5.n:........F.mB.H...Q.O..vC:tq.t.$.Y....4..4.#.].5..."....*.F/>;....-.O.[T...}f.c.]1..|.f,........`.o.......Y.M.8....*..f......!..n..3....H....I9.....Gp...f(...q.......W..i.....Y.......j{.yA..d=..p.e.....V.._....u.W76......."...t...j.;.s9v.g.Kg...!B9.g(.zw.S H..1.pc.. .9.z..r......../.:..g[..95

          C:\Users\user\Desktop\SFPUSAFIOL.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.810473815317674
          Encrypted:false
          SSDEEP:
          MD5:D9C17FC55A3D2949CF4600F934BED917
          SHA1:9385B9E43E0A749517108A4A663FFE313DCC9582
          SHA-256:D37CF4F2FE50A188D81FB43AD603209DE254D7185131FAC0EDD892BABD069DCD
          SHA-512:77A9C88131C0BC2223628AF9ABA40E18B4DA831A46D0E7268238F3EADFE17578FF4ADA79073B575F8CF2B12270EDCC98667BBBE0C1A92ACED8F15CE632E1FBCB
          Malicious:false
          Reputation:unknown
          Preview:SFPUS.CL.@.W..U5.J..7...m...?...|.l.1..?..Sm.|P0..OtG@.2.` m]...P.>p....Q`..<..e....J(D..2..3...&c..%w...m.6)C....S.._.}.G....2'`...D.n.#...Y"...v.{/...mZ..1.|.P.l.\`.Z.&.&..7)...%2d..R.. ...`.a.....`.....r....T3.U).@_..........Kf.}LYsV.qY..._.eR....+uw.-L.j.~ ...i....|....2.Q8....*.).+..."..o...j.}a..w.....P.)-...y.....J...Rm..Z&k..\E..aoBF~.Q...WN...^..c........}3.T._...Kk}.c)......y...G.\..d...^)g....N..#.P.u.e..`2C......F./_-.4-$6.&..0[S.1...bq3..h.x7tX&......".O...W.b..K...K....\.k...f..f.......bA......}..m.~.u..Y..Y.h3...u.L@."....V`.,../.m5.M).~H..u.3.a..lt3.Nl.^.g8.I..A.../...F@......=.T.t.fl....PZ.D..=...y....9.....\.'AM...$.w}.Bq.i.{..Q.Z.%=...&.569G....^)<VS.0H....x.k...R9J....r...VkoO...f...P..k....@.Y^.;n.S...V..4....8. ....J...y0G@16...sB;T..%.L.e.+.^|..xu1..s..._&l..M...9. .2.....{.E........u.X.'...q.....y(xo.}..v...}xA..........8.....d^_....(...A....I.93.N-.W=...0L.5.p&|..#..3.}..^.wGN..1.|..m...M....2.!.Bs......{.G...

          C:\Users\user\Desktop\SFPUSAFIOL.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D9C17FC55A3D2949CF4600F934BED917
          SHA1:9385B9E43E0A749517108A4A663FFE313DCC9582
          SHA-256:D37CF4F2FE50A188D81FB43AD603209DE254D7185131FAC0EDD892BABD069DCD
          SHA-512:77A9C88131C0BC2223628AF9ABA40E18B4DA831A46D0E7268238F3EADFE17578FF4ADA79073B575F8CF2B12270EDCC98667BBBE0C1A92ACED8F15CE632E1FBCB
          Malicious:false
          Reputation:unknown
          Preview:SFPUS.CL.@.W..U5.J..7...m...?...|.l.1..?..Sm.|P0..OtG@.2.` m]...P.>p....Q`..<..e....J(D..2..3...&c..%w...m.6)C....S.._.}.G....2'`...D.n.#...Y"...v.{/...mZ..1.|.P.l.\`.Z.&.&..7)...%2d..R.. ...`.a.....`.....r....T3.U).@_..........Kf.}LYsV.qY..._.eR....+uw.-L.j.~ ...i....|....2.Q8....*.).+..."..o...j.}a..w.....P.)-...y.....J...Rm..Z&k..\E..aoBF~.Q...WN...^..c........}3.T._...Kk}.c)......y...G.\..d...^)g....N..#.P.u.e..`2C......F./_-.4-$6.&..0[S.1...bq3..h.x7tX&......".O...W.b..K...K....\.k...f..f.......bA......}..m.~.u..Y..Y.h3...u.L@."....V`.,../.m5.M).~H..u.3.a..lt3.Nl.^.g8.I..A.../...F@......=.T.t.fl....PZ.D..=...y....9.....\.'AM...$.w}.Bq.i.{..Q.Z.%=...&.569G....^)<VS.0H....x.k...R9J....r...VkoO...f...P..k....@.Y^.;n.S...V..4....8. ....J...y0G@16...sB;T..%.L.e.+.^|..xu1..s..._&l..M...9. .2.....{.E........u.X.'...q.....y(xo.}..v...}xA..........8.....d^_....(...A....I.93.N-.W=...0L.5.p&|..#..3.}..^.wGN..1.|..m...M....2.!.Bs......{.G...

          C:\Users\user\Desktop\SQRKHNBNYN.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.84941852468026
          Encrypted:false
          SSDEEP:
          MD5:4B4D767DB8A2DB8E696D5CD7A57CAECA
          SHA1:86D0EB3012573933FDD47B3E10D20EB13940B173
          SHA-256:1B7F24AD6FBA66833AB6564AE1EE8799CC7BA602BA62C31327FC6AC9B6F4A771
          SHA-512:0C6BDA04385A78804946A8A87DDED4AC4690F0DA64BF798618BBB2CFB52C274DFC548BEB1E796A7998722055FB1F67101F54203D288FAC15C64FDED2AF6F44DF
          Malicious:false
          Reputation:unknown
          Preview:SQRKH4 kr..%F#Xx=9.R......&.<\.JuFO.._..X.G.,"nI..8.]m..........zD.... .QKLz.&*.......9....../.b.....$g...w.U.3..[..#=DS.k...._..%.z..%........[!.....[.P..y.&......l...e;....%..M..K..o..$..m'....................%.$.{p..-..-t-aW.f.1r.?T...kcE....&D..p.N0..W..bZ....u$S3....4qT.3."H.".W.}u.e.x.'..-tt.......vY..?.E.C......|.$.....+.>..Yr.KQ._...8....4..K.gh..w.......&~.. `....bF0..Un..|.....{....SW.:0A).,...4QG..}+.+:.,!./}F.$._o~.ah..=..o.G.6R.K#...s.3.}..UU.U.Q..\.GX..;.2./.".q.i...c.9^:.V..I...[...4..%{6M..N..|Le?7..E4^C...0Q....3.G...I.8I..v`.`F...|..2...p...T...w....b@7B.7o......W.N}wf..&5x.o.......hY'.......!.'.hp.p....i..>..LW...QH"....._..!3....?,0....-/x7.......f.o...........q.Vn..z.?....T(-...Ie......2.VA.G@..._......w....O.xT.....q.ogk.........:w..<0.kg..5%.X.....&.o!C..4.TqF.t.I.....c\g...b".........5..2.;....2...s...I....J..ca......q.d..fU .....?X..Q.@=?......Zn....O0.gG...(....K.Hl.^....}I.o..e..Dc.\...S4'.K..:...=5...[.}..

          C:\Users\user\Desktop\SQRKHNBNYN.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4B4D767DB8A2DB8E696D5CD7A57CAECA
          SHA1:86D0EB3012573933FDD47B3E10D20EB13940B173
          SHA-256:1B7F24AD6FBA66833AB6564AE1EE8799CC7BA602BA62C31327FC6AC9B6F4A771
          SHA-512:0C6BDA04385A78804946A8A87DDED4AC4690F0DA64BF798618BBB2CFB52C274DFC548BEB1E796A7998722055FB1F67101F54203D288FAC15C64FDED2AF6F44DF
          Malicious:false
          Reputation:unknown
          Preview:SQRKH4 kr..%F#Xx=9.R......&.<\.JuFO.._..X.G.,"nI..8.]m..........zD.... .QKLz.&*.......9....../.b.....$g...w.U.3..[..#=DS.k...._..%.z..%........[!.....[.P..y.&......l...e;....%..M..K..o..$..m'....................%.$.{p..-..-t-aW.f.1r.?T...kcE....&D..p.N0..W..bZ....u$S3....4qT.3."H.".W.}u.e.x.'..-tt.......vY..?.E.C......|.$.....+.>..Yr.KQ._...8....4..K.gh..w.......&~.. `....bF0..Un..|.....{....SW.:0A).,...4QG..}+.+:.,!./}F.$._o~.ah..=..o.G.6R.K#...s.3.}..UU.U.Q..\.GX..;.2./.".q.i...c.9^:.V..I...[...4..%{6M..N..|Le?7..E4^C...0Q....3.G...I.8I..v`.`F...|..2...p...T...w....b@7B.7o......W.N}wf..&5x.o.......hY'.......!.'.hp.p....i..>..LW...QH"....._..!3....?,0....-/x7.......f.o...........q.Vn..z.?....T(-...Ie......2.VA.G@..._......w....O.xT.....q.ogk.........:w..<0.kg..5%.X.....&.o!C..4.TqF.t.I.....c\g...b".........5..2.;....2...s...I....J..ca......q.d..fU .....?X..Q.@=?......Zn....O0.gG...(....K.Hl.^....}I.o..e..Dc.\...S4'.K..:...=5...[.}..

          C:\Users\user\Desktop\SQRKHNBNYN\IPKGELNTQY.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.839686381474778
          Encrypted:false
          SSDEEP:
          MD5:856A63A07A6EC39549E4A246514A0EF8
          SHA1:C997CFF280591CD21329D02D04820D23C17A9A9E
          SHA-256:376AE075126800F741F274CF49EE4A517D5DB7928CE7FFF1DB7A168169EB5784
          SHA-512:B9B34C024A8ED4015A166DBCEDD77604C2043E80A6EEAD79B0CC9F11A1364708B5A861E9B9A637CBF8ABF29CE31FFD49F4329D9F54138FDEFDCED7D7CFD37324
          Malicious:true
          Reputation:unknown
          Preview:IPKGE..1.0h;4...UD4.7n.-..c....R..y^jA.h.l.}./is./p ...zf>&&k.Y..A.~.f.T.d".`..._d.U.....(....n...I%...2fZ..B......1...7.8.....2...K9.UE/...'.q.B{.[......WlX&!1..X.7K.O~RDR ...L.;.../.....8...im....uW!._Y.Z...t.D*z...V ...:......e{../4..Pug.Sa..$5...[.G.P.;;..T.{.5m.....6.t+;...rji.#.~Q7yk*i....HO....].{.....c..|..s.u&h7.0M{~.(! e..t.g.....`..e.i...t..`....*.,.9..... ....e...1....t........$.).._{*m..?.[...Qa.;..@...1W.-Mo.Y....W4...Y=.^.....e....e.i.R.7..b.$...&..`p...*|.^c.P.V\..u"xA.O$..=="T...X.:.y,z.fML.......|.$...........$8~`..6@..8...V.5i.=.I4.u.....$".b..W_..5V7....H..H..0....L.t@...2.2...3.J.V..?5...-..q..=I.y."..o.]4.!...D9p.......I..I.......s......@7..d...N!...[.e..R.......J)S..x...bt..@.C+....K.r../o/.~c......TR...{....|......l...9"{..#...Q\|L...2..........)...C..A.)......8:B.......".83.E.q..'"......R.i.}..I.S...4..*;zi[R..)b.=#..<>_.....0.X....[.).m.o..9..G..\.....G.z......G..@.../Q..0yo.[$......D.pS....j.&.....u..R.@v

          C:\Users\user\Desktop\SQRKHNBNYN\IPKGELNTQY.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:856A63A07A6EC39549E4A246514A0EF8
          SHA1:C997CFF280591CD21329D02D04820D23C17A9A9E
          SHA-256:376AE075126800F741F274CF49EE4A517D5DB7928CE7FFF1DB7A168169EB5784
          SHA-512:B9B34C024A8ED4015A166DBCEDD77604C2043E80A6EEAD79B0CC9F11A1364708B5A861E9B9A637CBF8ABF29CE31FFD49F4329D9F54138FDEFDCED7D7CFD37324
          Malicious:false
          Reputation:unknown
          Preview:IPKGE..1.0h;4...UD4.7n.-..c....R..y^jA.h.l.}./is./p ...zf>&&k.Y..A.~.f.T.d".`..._d.U.....(....n...I%...2fZ..B......1...7.8.....2...K9.UE/...'.q.B{.[......WlX&!1..X.7K.O~RDR ...L.;.../.....8...im....uW!._Y.Z...t.D*z...V ...:......e{../4..Pug.Sa..$5...[.G.P.;;..T.{.5m.....6.t+;...rji.#.~Q7yk*i....HO....].{.....c..|..s.u&h7.0M{~.(! e..t.g.....`..e.i...t..`....*.,.9..... ....e...1....t........$.).._{*m..?.[...Qa.;..@...1W.-Mo.Y....W4...Y=.^.....e....e.i.R.7..b.$...&..`p...*|.^c.P.V\..u"xA.O$..=="T...X.:.y,z.fML.......|.$...........$8~`..6@..8...V.5i.=.I4.u.....$".b..W_..5V7....H..H..0....L.t@...2.2...3.J.V..?5...-..q..=I.y."..o.]4.!...D9p.......I..I.......s......@7..d...N!...[.e..R.......J)S..x...bt..@.C+....K.r../o/.~c......TR...{....|......l...9"{..#...Q\|L...2..........)...C..A.)......8:B.......".83.E.q..'"......R.i.}..I.S...4..*;zi[R..)b.=#..<>_.....0.X....[.).m.o..9..G..\.....G.z......G..@.../Q..0yo.[$......D.pS....j.&.....u..R.@v

          C:\Users\user\Desktop\SQRKHNBNYN\MXPXCVPDVN.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8436580651765455
          Encrypted:false
          SSDEEP:
          MD5:A6838348223EEBB9BB0F44E134169DDC
          SHA1:1564708D4DA5926BE12031723975585312E1DF97
          SHA-256:EE97EBF13A575C388803AB610F9C2ECF949625DE278BA1AC6DB4A815FDA62BF4
          SHA-512:659F1D7F2B185390A41A0CEA78649CA5AAEC286183A5D15B1328D21F7D7EC276559F9A1D8C96BADEA728D726CEF75E631E60DBF84BEA8C4C4A48575390B7D0CE
          Malicious:false
          Reputation:unknown
          Preview:MXPXC.."....JE...6..nc._..|.3.'l. ]..i...6.q..H...P..c.rT.0..?....E.C......Co.sc.V$0?...Z,......s..s......fj....W.D........E.N.u.l........`.".D.....>......^j.-..O.7ju. .....<B..........p`..Q..cH..1...1.M/..X@....:y.../..to$...&..=...3.^MAA.]..c=O.DV.U"..D.r.B\...]m._..o$.dH.a..Ax4....;.a:.#......x.~...QrIrRe.1.......#.B=t.=._..+g.E..ku.-!.....[)......,b_r..N..D.....c....I.t.d-...~... Es7...Y]`.b.i..=..]...-.H...1.........?..%2~$C.....X.u.!j,..j.L......Z...i>|..........nB........w....A....G..>..t..$../....zy...f.....1.......+..m.W....1.[.-].9.Z/....s..."....#.'P...<a.E.p.i.. .h......:R..#.S.2.A......E^+/.n.u...b.Lw...Y...C&.j.4.`?Dxd...1...z...>.X....2..<.......).....q"<.......^j.L3e.A.=[.f_@.0..VJs..v.qV.5..|..h.e.....M...%...U(.rU...Q.1{.)3D!......Z.p.......#....Toq...4.....,..^@SC.>...U.f.\.l...;...3&>&.g. N6..ewPD.C.@..B=..zd._".Z{4)S.*..X..8p.|....8t....t.^....o..[..t......?.Z...z9..>......b../Q",=$.....F.D.N3....1....m...#..9.30.n...L:.S........(;B.

          C:\Users\user\Desktop\SQRKHNBNYN\MXPXCVPDVN.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A6838348223EEBB9BB0F44E134169DDC
          SHA1:1564708D4DA5926BE12031723975585312E1DF97
          SHA-256:EE97EBF13A575C388803AB610F9C2ECF949625DE278BA1AC6DB4A815FDA62BF4
          SHA-512:659F1D7F2B185390A41A0CEA78649CA5AAEC286183A5D15B1328D21F7D7EC276559F9A1D8C96BADEA728D726CEF75E631E60DBF84BEA8C4C4A48575390B7D0CE
          Malicious:false
          Reputation:unknown
          Preview:MXPXC.."....JE...6..nc._..|.3.'l. ]..i...6.q..H...P..c.rT.0..?....E.C......Co.sc.V$0?...Z,......s..s......fj....W.D........E.N.u.l........`.".D.....>......^j.-..O.7ju. .....<B..........p`..Q..cH..1...1.M/..X@....:y.../..to$...&..=...3.^MAA.]..c=O.DV.U"..D.r.B\...]m._..o$.dH.a..Ax4....;.a:.#......x.~...QrIrRe.1.......#.B=t.=._..+g.E..ku.-!.....[)......,b_r..N..D.....c....I.t.d-...~... Es7...Y]`.b.i..=..]...-.H...1.........?..%2~$C.....X.u.!j,..j.L......Z...i>|..........nB........w....A....G..>..t..$../....zy...f.....1.......+..m.W....1.[.-].9.Z/....s..."....#.'P...<a.E.p.i.. .h......:R..#.S.2.A......E^+/.n.u...b.Lw...Y...C&.j.4.`?Dxd...1...z...>.X....2..<.......).....q"<.......^j.L3e.A.=[.f_@.0..VJs..v.qV.5..|..h.e.....M...%...U(.rU...Q.1{.)3D!......Z.p.......#....Toq...4.....,..^@SC.>...U.f.\.l...;...3&>&.g. N6..ewPD.C.@..B=..zd._".Z{4)S.*..X..8p.|....8t....t.^....o..[..t......?.Z...z9..>......b../Q",=$.....F.D.N3....1....m...#..9.30.n...L:.S........(;B.

          C:\Users\user\Desktop\SQRKHNBNYN\NEBFQQYWPS.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.833995498291506
          Encrypted:false
          SSDEEP:
          MD5:DC1AA5B16D79630AC74859D37DED1C02
          SHA1:D0F4D514A11230930227831C008FD0ED80B215B3
          SHA-256:B2D978547914830828BB6B7419E2BC9BBC73E4143E0FC49B595867C6C8DCCF0E
          SHA-512:A9FA7844FE3B83DB81CA7FAE7CA1EE5D672F30DBD02073CCBEFCF5483A20F06EB761359FA95BB0171ACA779283FF9D74F0BA318D4407897204A58C6E2AC40EFB
          Malicious:true
          Reputation:unknown
          Preview:NEBFQ.D.....7...!v...\Q..9c.. C...........? ...h0..k....H5f..8......<...|C5....U..D.X(=H".-Ch..E...``..K..x.=..{....}f."...nF...\Z|..v.+q.VZb\. d.Q.R&;F.Y.;p..m=..>?J:..g.5......?...OK....S/........Zk.............J..Y.0.*.S9...i.(...S.U..D..io..H.3.{%..6.4. .a@KU..=.5..")W.c.7.......],-...bz.'...r:......g...|-Ym..g5....C.a$r.F6b{... .#..N$......P.v.)..._...,;*B..a....~..u.]..{....p.....Wn......n'.w5W....gN;..4k1[....'K*?..s.];.....ts....z..4w<..by*f+.R.}(.].........8.YcN.A..9..!.g...\...i.j..i..~..:....P.]....P{.....4.E..h|..a.J.....ia..nWm..x~.o+....A...O2[*2.. >y.,...........n1.k..M.p..g..j..`.Y-.)..k{.... ...8.....z)rGg4.6.......2.\...{...VcA.....Z:p.'I..0..g.x.M......>h.".,.......#E....Z.%.........0..#...w.j.Oi1....]Pa.CC.....:....g.A...."....DL...R......@pP^2tSs83.E47..Y..u%.HW|.N.$'.6.<.8...&%)..../.r..N..|5..Q.......c..?...f...H..h..j.?!.g." ......2Fu..u.z.{6.G..B......E...-$...M[_|]..D...3r...........m6V.h4...o..9...}/?...'oQ..L.

          C:\Users\user\Desktop\SQRKHNBNYN\NEBFQQYWPS.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DC1AA5B16D79630AC74859D37DED1C02
          SHA1:D0F4D514A11230930227831C008FD0ED80B215B3
          SHA-256:B2D978547914830828BB6B7419E2BC9BBC73E4143E0FC49B595867C6C8DCCF0E
          SHA-512:A9FA7844FE3B83DB81CA7FAE7CA1EE5D672F30DBD02073CCBEFCF5483A20F06EB761359FA95BB0171ACA779283FF9D74F0BA318D4407897204A58C6E2AC40EFB
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ.D.....7...!v...\Q..9c.. C...........? ...h0..k....H5f..8......<...|C5....U..D.X(=H".-Ch..E...``..K..x.=..{....}f."...nF...\Z|..v.+q.VZb\. d.Q.R&;F.Y.;p..m=..>?J:..g.5......?...OK....S/........Zk.............J..Y.0.*.S9...i.(...S.U..D..io..H.3.{%..6.4. .a@KU..=.5..")W.c.7.......],-...bz.'...r:......g...|-Ym..g5....C.a$r.F6b{... .#..N$......P.v.)..._...,;*B..a....~..u.]..{....p.....Wn......n'.w5W....gN;..4k1[....'K*?..s.];.....ts....z..4w<..by*f+.R.}(.].........8.YcN.A..9..!.g...\...i.j..i..~..:....P.]....P{.....4.E..h|..a.J.....ia..nWm..x~.o+....A...O2[*2.. >y.,...........n1.k..M.p..g..j..`.Y-.)..k{.... ...8.....z)rGg4.6.......2.\...{...VcA.....Z:p.'I..0..g.x.M......>h.".,.......#E....Z.%.........0..#...w.j.Oi1....]Pa.CC.....:....g.A...."....DL...R......@pP^2tSs83.E47..Y..u%.HW|.N.$'.6.<.8...&%)..../.r..N..|5..Q.......c..?...f...H..h..j.?!.g." ......2Fu..u.z.{6.G..B......E...-$...M[_|]..D...3r...........m6V.h4...o..9...}/?...'oQ..L.

          C:\Users\user\Desktop\SQRKHNBNYN\SFPUSAFIOL.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.843995772585911
          Encrypted:false
          SSDEEP:
          MD5:4ABDA058C0B62E4D8D66DA3258B5EF20
          SHA1:C324B461C8BEEB71021DF614015CED9E807158F8
          SHA-256:587D5EF048DEB7A5343CCBEFADD7785A5B0FFB27DC5955388E7049FA7C84A4D1
          SHA-512:25AE4B2AE934F65505500E3E2C062C77D4004105003A2F56B2D7F92B712A909B432CC9731A18B566C14497979B99050F046C99C204D4E8683C7884237D104763
          Malicious:false
          Reputation:unknown
          Preview:SFPUS.....6D.g.....2\_R.q.k.]./7F.........kat.2#*..Q(.....i`A..........Q.5..|.".......~s.]....5.@..o..1rGM....b..|y..+.8.8.$..3..,}....9W.!.....o...X.=...Y..4Q.....1.%%+.:$f\#$.lGSO%_.j............V..@R.C.Rg.......!....1...|.Q.._...-HQX.).........<..F...1/.1Jg....E.Ag..$.R...Y....F......~...f>........iX.Kr....AiP.t..vO.m.;k..z$..........Q.........h#6.o..L.^t...c...f.%.]..2T.x.b..r...5.bF..._S..3..Q...|..xq.....zyv.....Ue=.F..eA4..H.6..W.t&..g.c9....{.Q......O..k]..6.e.R..Z<[..2n?......8....-"...1...^..ye..._.\x.F..5..!..,`.Jf...q..j....r.3.}.....h..K..%s.U...f[8.[z....}.X.&T....\4E...rJb2..D.u..J........t......m.)F.,..7h.n.......*Y......;kd.4.1...<R...:.L..<Ifk....+G....Y.....D.HE....A.h2pU...{...Z.}.j. .....,...39..C...G...|c...7...E..`.%..W..[....ef.G&.i...t....Q.V..........Q.$bP.i.<....%.h5./5'.I.....i.zc...I.Z.K....BQr|....h ....$.5.v..gd..V=M.....H.p..._>.Hp/.......(.M..j.rV|......b+..y.@.u.|.b.`=.x.....I..@o....

          C:\Users\user\Desktop\SQRKHNBNYN\SFPUSAFIOL.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4ABDA058C0B62E4D8D66DA3258B5EF20
          SHA1:C324B461C8BEEB71021DF614015CED9E807158F8
          SHA-256:587D5EF048DEB7A5343CCBEFADD7785A5B0FFB27DC5955388E7049FA7C84A4D1
          SHA-512:25AE4B2AE934F65505500E3E2C062C77D4004105003A2F56B2D7F92B712A909B432CC9731A18B566C14497979B99050F046C99C204D4E8683C7884237D104763
          Malicious:false
          Reputation:unknown
          Preview:SFPUS.....6D.g.....2\_R.q.k.]./7F.........kat.2#*..Q(.....i`A..........Q.5..|.".......~s.]....5.@..o..1rGM....b..|y..+.8.8.$..3..,}....9W.!.....o...X.=...Y..4Q.....1.%%+.:$f\#$.lGSO%_.j............V..@R.C.Rg.......!....1...|.Q.._...-HQX.).........<..F...1/.1Jg....E.Ag..$.R...Y....F......~...f>........iX.Kr....AiP.t..vO.m.;k..z$..........Q.........h#6.o..L.^t...c...f.%.]..2T.x.b..r...5.bF..._S..3..Q...|..xq.....zyv.....Ue=.F..eA4..H.6..W.t&..g.c9....{.Q......O..k]..6.e.R..Z<[..2n?......8....-"...1...^..ye..._.\x.F..5..!..,`.Jf...q..j....r.3.}.....h..K..%s.U...f[8.[z....}.X.&T....\4E...rJb2..D.u..J........t......m.)F.,..7h.n.......*Y......;kd.4.1...<R...:.L..<Ifk....+G....Y.....D.HE....A.h2pU...{...Z.}.j. .....,...39..C...G...|c...7...E..`.%..W..[....ef.G&.i...t....Q.V..........Q.$bP.i.<....%.h5./5'.I.....i.zc...I.Z.K....BQr|....h ....$.5.v..gd..V=M.....H.p..._>.Hp/.......(.M..j.rV|......b+..y.@.u.|.b.`=.x.....I..@o....

          C:\Users\user\Desktop\SQRKHNBNYN\SQRKHNBNYN.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.870244002829464
          Encrypted:false
          SSDEEP:
          MD5:E24902480E4C4A828985709D9CC1EDAE
          SHA1:AB11AF20F16AE06C534CF92B18C839F411F31D2A
          SHA-256:B4ECE63F68F12F4D86BDC391ADCFCABEC85DF22A5BC3B58081512ED7E5A87CB9
          SHA-512:D0BAD8A30FCB59E3D05F6B9BB979E590419B8E7A2ECD1B5B67BC574FBBC6A18FF2D78E8B61829CD492789242BA390CDA811AF660F8EB26BB5417CB2538976661
          Malicious:false
          Reputation:unknown
          Preview:SQRKH..... ..7...IC.~ m.....+..e..z...Nf........t..u..aZ..}v|1......5R..n|....h.+e.w..$`u.)>.:..Y6.m...xV&I..%...']W.Y......&.....h2.)..._+..z..._.\.b..!.....BD..T8..7...e.....^..J..TM?m...z1.y..u.9p..k.q.@UV....cY....du..W....c......<H.....K..d......3...}R.am..i.2...!.D.,..%u">..T$Fwr........<6#.=.:y..K:......$..S......p.........lK...m4..$?^.Fp...s^.g<l51?:..d.....`.:...Up..;....1CV.......O..Y.{......%.m..(.....Esh_.K..q...7.M@..R}...._".../...3...|...G-hujVa..I5x....u...~..|V.."..`,=...k...{d.n...D..9..q.......@.mo.@....-..9.....=[Ju.}.q....q........0.x..?6......vf2...!..[B>..>.X..n"M..d.._0.L.].#....b~.0^..!.,...tm^6...SB.=...i..w"1G.Q.T..}.hh._..d>.d...'^'..0.|....b*..J..1.|.a-..R.Bo.#.v'.&..~l{&Q..`.T2a*...Z..U...C=.<.....a.$v..75..yTr...N......'.q:6.FN...8.%R.d........-...hY./2Z....l.....a.../MRIG...].AN..?O;.t.O./z..e.|.....AJ(...L?....YH#U..y.3U..e...N..U...Lel.k.....Bj.M.....s./.L....."...........C3B.c@Z.M4.....f..M..V.Z.y...

          C:\Users\user\Desktop\SQRKHNBNYN\SQRKHNBNYN.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E24902480E4C4A828985709D9CC1EDAE
          SHA1:AB11AF20F16AE06C534CF92B18C839F411F31D2A
          SHA-256:B4ECE63F68F12F4D86BDC391ADCFCABEC85DF22A5BC3B58081512ED7E5A87CB9
          SHA-512:D0BAD8A30FCB59E3D05F6B9BB979E590419B8E7A2ECD1B5B67BC574FBBC6A18FF2D78E8B61829CD492789242BA390CDA811AF660F8EB26BB5417CB2538976661
          Malicious:false
          Reputation:unknown
          Preview:SQRKH..... ..7...IC.~ m.....+..e..z...Nf........t..u..aZ..}v|1......5R..n|....h.+e.w..$`u.)>.:..Y6.m...xV&I..%...']W.Y......&.....h2.)..._+..z..._.\.b..!.....BD..T8..7...e.....^..J..TM?m...z1.y..u.9p..k.q.@UV....cY....du..W....c......<H.....K..d......3...}R.am..i.2...!.D.,..%u">..T$Fwr........<6#.=.:y..K:......$..S......p.........lK...m4..$?^.Fp...s^.g<l51?:..d.....`.:...Up..;....1CV.......O..Y.{......%.m..(.....Esh_.K..q...7.M@..R}...._".../...3...|...G-hujVa..I5x....u...~..|V.."..`,=...k...{d.n...D..9..q.......@.mo.@....-..9.....=[Ju.}.q....q........0.x..?6......vf2...!..[B>..>.X..n"M..d.._0.L.].#....b~.0^..!.,...tm^6...SB.=...i..w"1G.Q.T..}.hh._..d>.d...'^'..0.|....b*..J..1.|.a-..R.Bo.#.v'.&..~l{&Q..`.T2a*...Z..U...C=.<.....a.$v..75..yTr...N......'.q:6.FN...8.%R.d........-...hY./2Z....l.....a.../MRIG...].AN..?O;.t.O./z..e.|.....AJ(...L?....YH#U..y.3U..e...N..U...Lel.k.....Bj.M.....s./.L....."...........C3B.c@Z.M4.....f..M..V.Z.y...

          C:\Users\user\Desktop\SQRKHNBNYN\UOOJJOZIRH.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.855573051338822
          Encrypted:false
          SSDEEP:
          MD5:8CD3B24FAE85DBA7B70988A35C38431F
          SHA1:9FC43A9815A753F6F62EF7357D928FA83A50808C
          SHA-256:D7DFC2FEF8B9F5E5C3E95D0FA4043C34D635E1718062A59459855FF30CD5D230
          SHA-512:C38B519F70764B6EB9E339FE977AF60324C43F9F5DB1D515B62B07ACB50DBFC05B8A3A73DC9697900718F8643D320DDA381ABED3DC9992299F05D425B198F056
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ......f.2, ..."`X&.F..."...S{.uq.M..fl./.u.l.....g...........E.LD'.w_...s+..e...7...:.....g..h..c>S[I.$P9..n.[.+[r..._g.;.f..x.d..n.`...w.h..2.m..)..y...y.6..c[N...h.....Y.hy..."[.bk.6.'.B.~.u..:.M.sq..{4iUv..5..7M...K...B...O....+}..HW.]#..a....1...Yc.\..[..0@....p..1.%..3)......3..a....OP..y.0...B~...x.>...1..,....\ru*@.d....K..g.ne...y2..B......d.Z...S.~.xm.e..t;.f\..BV..<........iY.u'.-..m.....*.IQ...3....&..m..4...M.F..s_'OJw/.&.i..b..;.N....^:..Y ..m.k..?4.Q..'....%.[>=..B..5{..~{.....|5.R.})Iyz...mF./Y.Yo.-...J..Bql.AjO...h.Y.<Z..M.`A....S.o.(U...5.PS...^g........n........QY?....S..Ez.U....V.u=.*@&.....<..$L..s..I$L4...71|..y...X.0...;j...q.JVm.7lF..}.C.....>3.,n.........K3]G...?w..*..*zH.|..FR.v......a....{@bL.F.h. .g......LV........]...........|}..x@5.o.~p..=rW....K..0.?..^#nRY+N....Q..-j.XU...].R..26..PSDk0.9q..t...C......9.2..SM..t.r...6../..r..Vk#C:..1*u...i.r.g.>...mq..*..6YW..d...Ei...F.{...O....'..;&e...D...F.2....

          C:\Users\user\Desktop\SQRKHNBNYN\UOOJJOZIRH.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8CD3B24FAE85DBA7B70988A35C38431F
          SHA1:9FC43A9815A753F6F62EF7357D928FA83A50808C
          SHA-256:D7DFC2FEF8B9F5E5C3E95D0FA4043C34D635E1718062A59459855FF30CD5D230
          SHA-512:C38B519F70764B6EB9E339FE977AF60324C43F9F5DB1D515B62B07ACB50DBFC05B8A3A73DC9697900718F8643D320DDA381ABED3DC9992299F05D425B198F056
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ......f.2, ..."`X&.F..."...S{.uq.M..fl./.u.l.....g...........E.LD'.w_...s+..e...7...:.....g..h..c>S[I.$P9..n.[.+[r..._g.;.f..x.d..n.`...w.h..2.m..)..y...y.6..c[N...h.....Y.hy..."[.bk.6.'.B.~.u..:.M.sq..{4iUv..5..7M...K...B...O....+}..HW.]#..a....1...Yc.\..[..0@....p..1.%..3)......3..a....OP..y.0...B~...x.>...1..,....\ru*@.d....K..g.ne...y2..B......d.Z...S.~.xm.e..t;.f\..BV..<........iY.u'.-..m.....*.IQ...3....&..m..4...M.F..s_'OJw/.&.i..b..;.N....^:..Y ..m.k..?4.Q..'....%.[>=..B..5{..~{.....|5.R.})Iyz...mF./Y.Yo.-...J..Bql.AjO...h.Y.<Z..M.`A....S.o.(U...5.PS...^g........n........QY?....S..Ez.U....V.u=.*@&.....<..$L..s..I$L4...71|..y...X.0...;j...q.JVm.7lF..}.C.....>3.,n.........K3]G...?w..*..*zH.|..FR.v......a....{@bL.F.h. .g......LV........]...........|}..x@5.o.~p..=rW....K..0.?..^#nRY+N....Q..-j.XU...].R..26..PSDk0.9q..t...C......9.2..SM..t.r...6../..r..Vk#C:..1*u...i.r.g.>...mq..*..6YW..d...Ei...F.{...O....'..;&e...D...F.2....

          C:\Users\user\Desktop\UOOJJOZIRH.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.815512900096058
          Encrypted:false
          SSDEEP:
          MD5:9A3DB1D0D9ABCEFF7144689A1688CBA9
          SHA1:BB747C8B3174F0E5CAD08F43002A6ED3D8CEB841
          SHA-256:3703CE16CBEE07E9950D688ECB67F69A3C9705401062E09C334EEA3D89A9ACBD
          SHA-512:39450545D5F51649BE2A769DCFF6126D8C2C27F53318E17F28EA3E5D6F353125C8C0510461E08090D588ED8BA7C7F2A1FC16054A0044BC0E3AA6CEF72671BF02
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ|)D.k0*.aCTy..R.C=.yUryx./..G3.xmh....RM..G.$7.._..::d...if.q.U.x\../.".vx.....).?Q.K.)PD.(`56.}..H..8..V...S..i..>u.fI'..7.....$.`..?.4s....R".R..........}..%i..[W.8.2.&\.-..W..g..utF#j..g...mX.`0..,.u ..wP.u....0=..i..S..%0..u~rgM.g./ g......Lk.0.*..W\t..zl....r...c.....?.l...C... ......E.M.....C..T.S..ErB0.f..HT(he.AZ^d...9.)m.$..M.O......A7i%...i.-..}t......l..G6..k,[m(.`.Jo>....s....D..>l...s.u,....t.i.?..&.31.**=..._....b..........HUA.........z.3r..rq.`......^..LA..LA...i.p.CK.2.r<..Gt]..n6....l...f.ir....F.dh.*>...\......N..%w...v....[.)%A< .#f>|..f....z...0..k....Op..]....EG.H............HCa..}.....5^i..t......tn... Z...F..g-[.?.r..O.....@..$....1.=.d.Z..f.U.`.p.4..i....j....DK..............X..9..f..Ta.\.y.....W...s.}....\.3..C..VQ..".X.Em~a......O@...v.G...... ........@..BP>f@....>....-$.....J....G..@J..jG.%L!.....t....cj...%y:/w# 4[..|..8M^..'..(K*o.^ .+...c.Qp.b..a.BU...%...U.........@[..:......m|b"tt.OA..dF..].=e.

          C:\Users\user\Desktop\UOOJJOZIRH.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9A3DB1D0D9ABCEFF7144689A1688CBA9
          SHA1:BB747C8B3174F0E5CAD08F43002A6ED3D8CEB841
          SHA-256:3703CE16CBEE07E9950D688ECB67F69A3C9705401062E09C334EEA3D89A9ACBD
          SHA-512:39450545D5F51649BE2A769DCFF6126D8C2C27F53318E17F28EA3E5D6F353125C8C0510461E08090D588ED8BA7C7F2A1FC16054A0044BC0E3AA6CEF72671BF02
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ|)D.k0*.aCTy..R.C=.yUryx./..G3.xmh....RM..G.$7.._..::d...if.q.U.x\../.".vx.....).?Q.K.)PD.(`56.}..H..8..V...S..i..>u.fI'..7.....$.`..?.4s....R".R..........}..%i..[W.8.2.&\.-..W..g..utF#j..g...mX.`0..,.u ..wP.u....0=..i..S..%0..u~rgM.g./ g......Lk.0.*..W\t..zl....r...c.....?.l...C... ......E.M.....C..T.S..ErB0.f..HT(he.AZ^d...9.)m.$..M.O......A7i%...i.-..}t......l..G6..k,[m(.`.Jo>....s....D..>l...s.u,....t.i.?..&.31.**=..._....b..........HUA.........z.3r..rq.`......^..LA..LA...i.p.CK.2.r<..Gt]..n6....l...f.ir....F.dh.*>...\......N..%w...v....[.)%A< .#f>|..f....z...0..k....Op..]....EG.H............HCa..}.....5^i..t......tn... Z...F..g-[.?.r..O.....@..$....1.=.d.Z..f.U.`.p.4..i....j....DK..............X..9..f..Ta.\.y.....W...s.}....\.3..C..VQ..".X.Em~a......O@...v.G...... ........@..BP>f@....>....-$.....J....G..@J..jG.%L!.....t....cj...%y:/w# 4[..|..8M^..'..(K*o.^ .+...c.Qp.b..a.BU...%...U.........@[..:......m|b"tt.OA..dF..].=e.

          C:\Users\user\Desktop\UOOJJOZIRH.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8617197809009065
          Encrypted:false
          SSDEEP:
          MD5:5C91C31AC984C14C3C6AD361A0BCFAD7
          SHA1:982D13A740ABDCD36663C50B813E101DAD28C05A
          SHA-256:9E42148C36FD367CFFD104F88791455A5016CBD6B098DB3D74FF72769206A6A3
          SHA-512:AC49F45498DD52B2CEDCE0F9CED02157E8B1DE9B970221E6BEE6CF11A7700FDE9A06B210688CB21E1F26E2C5E8AA44C7CB65B8CF85E64FA2019430B28DA0CC1E
          Malicious:true
          Reputation:unknown
          Preview:UOOJJ}.h.k......b-..I...vM.A.R........&.+.....l..<..;...n..A1.V9.....2.N...8y.V.xk..hS?..\.3..WH.fF1}{...-*.J....b...>.?..].(Sz...|.<.Ms..4...A..p.s[..k.$..Q...~.~......0Gh.t...@ADY...h..w.~.b.F.V.%{........h.k.......(.......&.9...I+%..n..H..........S..b.X.&.On..A....d......};.I.Cr.?...^T.r...BRzA.%.......Ld...}>^....-..b../Z.A.G.+M. K.2.0...?U.a.2....ano.w.......S.2.ON,.Qt.4)...G.....t.1O5M=...C.br..P....d_.........$.g..S.......z.1.WZv*:.mX^.%...*8..+.r8..Z.g...{>c....]T.[*e53\.......B....../....:.?..!......w....V.>}.S.0.ih..{..C...u....q.).+%.{0@Bar.X.P..T3E....V...H..e......^0.g.(J.d.......E ...\.yG.....1I$ T-U.i..Z...vg.r....9.....4&......h.h..Z......$.!..K.]2.`s|.g[.......|X...U#.....Wr.=..2D.n..Ynd..x.uB..s..+..A|H.s..p..Q-.R.x......xtI^\.F._...[_.....?.?..r.k.<.%.=.b.c.a..`e.v...D.(<..7.^.w.ftVM...xEt.Fz(G...<.U.P..B.......I.Km.O.].N..~7.....C.%.e.K...S.....`.8$..f...[.D.....#....]r.^.%..E....../......ov._O...|f......+..`.2>..

          C:\Users\user\Desktop\UOOJJOZIRH.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5C91C31AC984C14C3C6AD361A0BCFAD7
          SHA1:982D13A740ABDCD36663C50B813E101DAD28C05A
          SHA-256:9E42148C36FD367CFFD104F88791455A5016CBD6B098DB3D74FF72769206A6A3
          SHA-512:AC49F45498DD52B2CEDCE0F9CED02157E8B1DE9B970221E6BEE6CF11A7700FDE9A06B210688CB21E1F26E2C5E8AA44C7CB65B8CF85E64FA2019430B28DA0CC1E
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ}.h.k......b-..I...vM.A.R........&.+.....l..<..;...n..A1.V9.....2.N...8y.V.xk..hS?..\.3..WH.fF1}{...-*.J....b...>.?..].(Sz...|.<.Ms..4...A..p.s[..k.$..Q...~.~......0Gh.t...@ADY...h..w.~.b.F.V.%{........h.k.......(.......&.9...I+%..n..H..........S..b.X.&.On..A....d......};.I.Cr.?...^T.r...BRzA.%.......Ld...}>^....-..b../Z.A.G.+M. K.2.0...?U.a.2....ano.w.......S.2.ON,.Qt.4)...G.....t.1O5M=...C.br..P....d_.........$.g..S.......z.1.WZv*:.mX^.%...*8..+.r8..Z.g...{>c....]T.[*e53\.......B....../....:.?..!......w....V.>}.S.0.ih..{..C...u....q.).+%.{0@Bar.X.P..T3E....V...H..e......^0.g.(J.d.......E ...\.yG.....1I$ T-U.i..Z...vg.r....9.....4&......h.h..Z......$.!..K.]2.`s|.g[.......|X...U#.....Wr.=..2D.n..Ynd..x.uB..s..+..A|H.s..p..Q-.R.x......xtI^\.F._...[_.....?.?..r.k.<.%.=.b.c.a..`e.v...D.(<..7.^.w.ftVM...xEt.Fz(G...<.U.P..B.......I.Km.O.].N..~7.....C.%.e.K...S.....`.8$..f...[.D.....#....]r.^.%..E....../......ov._O...|f......+..`.2>..

          C:\Users\user\Desktop\UOOJJOZIRH\NEBFQQYWPS.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.862864290021003
          Encrypted:false
          SSDEEP:
          MD5:52581D56DCF4376BA1A2115754AD452C
          SHA1:51554F2BDD408F801E845FACC81B320CDD991635
          SHA-256:488DF5DC8C92FCCBF5222F4E83DBA9B12AA8F37AB584520F0BBE8CDB8E0686A8
          SHA-512:F2A3746F24EB88908DEA1E9F030F587F9EF22634AE2D920547D8F8BA3F8845C6312C2FF75D8FA2E9367800656F940C8BE0893A83E6124A165B8787BCB696CEBC
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ......6%Eg?9..+...1:K.....exJ.."...k.\......V.......Y.x.h.1......E.....EOk.`^.K].H.a.-.2A.0...P,e/OtzGf.+.;..UZ..).....J.&....$.3...B......#.....7{.0....ow..!..I.{...'v......w.../.<....o.T.xt:x......A.Y.E..>@g...{'.)^.<....!...$..9.A.^XH...._.`.U.2.....cQ9{.x...H..M).g.EE................1..iE..E....N..N........&;.h.Okapf...D.f.P....*8D..n.AY..6.?.WJ...e[./.Lu....~0nz@C$..!...>.?..H..0......kh............b...2d..S#j.R...m._.7v;.t....m..coI....)7..I.|...Q....N`(..e..n.. ("..L.[OY?A.Aq...m.|.m...56.c.k..j......(.,Jj.|....\..........~..LH.2H.6Ny..?.T/.Er.=.J(..q...L...2.Y.........y..c..0E..ZB....SbY)l3H..}.(..2.B.......U.].2*+..D..g.Y..iR..K........u.Q..1.n....s.......x......[#...<-c2.I.a=..o$`R...d.?../..5.F....!..1......?....{a...bfQ.Q.n..7!}D.5..@...c4ZFQ.k1.s._,..b{.9).n."...9../....... ....c.!kt....._.4.%.}......7......b.j....t.....z....#...%...cK...S..0.l....}......G.n <d-..UH......D....Z.s.N?d....]J6...GfWR]).!#Bu.Q.......vV.....#.s

          C:\Users\user\Desktop\UOOJJOZIRH\NEBFQQYWPS.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:52581D56DCF4376BA1A2115754AD452C
          SHA1:51554F2BDD408F801E845FACC81B320CDD991635
          SHA-256:488DF5DC8C92FCCBF5222F4E83DBA9B12AA8F37AB584520F0BBE8CDB8E0686A8
          SHA-512:F2A3746F24EB88908DEA1E9F030F587F9EF22634AE2D920547D8F8BA3F8845C6312C2FF75D8FA2E9367800656F940C8BE0893A83E6124A165B8787BCB696CEBC
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ......6%Eg?9..+...1:K.....exJ.."...k.\......V.......Y.x.h.1......E.....EOk.`^.K].H.a.-.2A.0...P,e/OtzGf.+.;..UZ..).....J.&....$.3...B......#.....7{.0....ow..!..I.{...'v......w.../.<....o.T.xt:x......A.Y.E..>@g...{'.)^.<....!...$..9.A.^XH...._.`.U.2.....cQ9{.x...H..M).g.EE................1..iE..E....N..N........&;.h.Okapf...D.f.P....*8D..n.AY..6.?.WJ...e[./.Lu....~0nz@C$..!...>.?..H..0......kh............b...2d..S#j.R...m._.7v;.t....m..coI....)7..I.|...Q....N`(..e..n.. ("..L.[OY?A.Aq...m.|.m...56.c.k..j......(.,Jj.|....\..........~..LH.2H.6Ny..?.T/.Er.=.J(..q...L...2.Y.........y..c..0E..ZB....SbY)l3H..}.(..2.B.......U.].2*+..D..g.Y..iR..K........u.Q..1.n....s.......x......[#...<-c2.I.a=..o$`R...d.?../..5.F....!..1......?....{a...bfQ.Q.n..7!}D.5..@...c4ZFQ.k1.s._,..b{.9).n."...9../....... ....c.!kt....._.4.%.}......7......b.j....t.....z....#...%...cK...S..0.l....}......G.n <d-..UH......D....Z.s.N?d....]J6...GfWR]).!#Bu.Q.......vV.....#.s

          C:\Users\user\Desktop\UOOJJOZIRH\PWCCAWLGRE.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.825022379335279
          Encrypted:false
          SSDEEP:
          MD5:140A0627455B6C831E8A47C2E5B5A7D2
          SHA1:63CD89E53E52952834EA6938EEB019CE98C99A58
          SHA-256:8076D8CA3BB7CA4C31466C6951977BA6869DF99E807309C0D1D639A4C8A1B2C1
          SHA-512:9C2CC62DDD048DAB5B908209BB844037663D442010C6EE1335F1919320FE71823226111D58053B2346F51235E562CB7706EEC9F24D994B066CA5CE61D53C4900
          Malicious:false
          Reputation:unknown
          Preview:PWCCA94.b....B.g...`.#..jvg.T].6...&.. s..^q....!.x.w....w.iS.v..e...v.pT.J.N.J*=...A..G..".u...~.9..EF;.E"..i!.g../.;.O.B.oL.........Y"...r.;......*.VG......E...&c.2h;..7JYa.HjPW...+f..W;....~......W..3;3.+.lo...+....>..^O.d\8G.......h .......Yra-.Js..?.[.M\TE.8..5..{...P~..D.....@.A.j.BI..X............."..^....y...;....].R.y.;W.U.G......`...,.X......7.C}R.....$.E.....7.......#.9_k...r....j`.t.6C^....Xf....7..E.......^.=m.a|}...2.Z.~.e~....kx..X....e.P......@.G..N...t..<.$....Yb{p.[#.o$9P<.&..W...,..".?i...MI4y...h..~..w.%..DtA.d.D.....LvH..`.Cw.....4.8...iTc...Q..N.7Q....m.....d4M...w...N.._I>R........N..o.4p.#e....(....z....*?;V4.@.&w.G^....."MY....:....\.9.W/=.K.\.TH9..!...T...C.J...yk9..0O...p.+....{Ee.-W.N.`...2.-../e..^v.=........TKL!4.YQ......e5'<*.'.b.?`.$....<..BYQ....NQPp...*.....E..G......Y..s..#3v!.&i.$...n....l>j.\..aC..bs.^....$........j.>K.A&..Pr.Mw.L.[Pro.}J .E.#...,&.eW.&<.f.W....7E..;mfL...N...M#.38..9>.3...1.:W<

          C:\Users\user\Desktop\UOOJJOZIRH\PWCCAWLGRE.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:140A0627455B6C831E8A47C2E5B5A7D2
          SHA1:63CD89E53E52952834EA6938EEB019CE98C99A58
          SHA-256:8076D8CA3BB7CA4C31466C6951977BA6869DF99E807309C0D1D639A4C8A1B2C1
          SHA-512:9C2CC62DDD048DAB5B908209BB844037663D442010C6EE1335F1919320FE71823226111D58053B2346F51235E562CB7706EEC9F24D994B066CA5CE61D53C4900
          Malicious:false
          Reputation:unknown
          Preview:PWCCA94.b....B.g...`.#..jvg.T].6...&.. s..^q....!.x.w....w.iS.v..e...v.pT.J.N.J*=...A..G..".u...~.9..EF;.E"..i!.g../.;.O.B.oL.........Y"...r.;......*.VG......E...&c.2h;..7JYa.HjPW...+f..W;....~......W..3;3.+.lo...+....>..^O.d\8G.......h .......Yra-.Js..?.[.M\TE.8..5..{...P~..D.....@.A.j.BI..X............."..^....y...;....].R.y.;W.U.G......`...,.X......7.C}R.....$.E.....7.......#.9_k...r....j`.t.6C^....Xf....7..E.......^.=m.a|}...2.Z.~.e~....kx..X....e.P......@.G..N...t..<.$....Yb{p.[#.o$9P<.&..W...,..".?i...MI4y...h..~..w.%..DtA.d.D.....LvH..`.Cw.....4.8...iTc...Q..N.7Q....m.....d4M...w...N.._I>R........N..o.4p.#e....(....z....*?;V4.@.&w.G^....."MY....:....\.9.W/=.K.\.TH9..!...T...C.J...yk9..0O...p.+....{Ee.-W.N.`...2.-../e..^v.=........TKL!4.YQ......e5'<*.'.b.?`.$....<..BYQ....NQPp...*.....E..G......Y..s..#3v!.&i.$...n....l>j.\..aC..bs.^....$........j.>K.A&..Pr.Mw.L.[Pro.}J .E.#...,&.eW.&<.f.W....7E..;mfL...N...M#.38..9>.3...1.:W<

          C:\Users\user\Desktop\UOOJJOZIRH\QNCYCDFIJJ.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.851194150981678
          Encrypted:false
          SSDEEP:
          MD5:DD0EDF5BB9DC4848B8DB9BB05BDD5B7F
          SHA1:362A8A66DE29C76D22EE8FED97357599E28407E8
          SHA-256:0909877947A380C5131BEC9160EA4E5B295DDB80B9DEB20FCE405B4DD70B4510
          SHA-512:4AB2A6732D346D6297AA5569CF95D7E90F78565510A25C5AC5A6D9FE154BE616B66687B13521AA7F9D30B9344D6C04164F5B9717A0EF4F135C8362787022B330
          Malicious:false
          Reputation:unknown
          Preview:QNCYCh.S.I..F.."=.....k..P.1'..9..8..4.."....:.x.=n.|.u.x.M...{....H.v.34b.i.C..-.0E....H.f.....K....h..Gh.6%s>..S.0......>...#Q..J@.....4...j...yw.q.Y...b..!].r...,..o.....f.z@4.K..R.....1.aw...y2..G.k....5..H...d.e.0U-.m....."J..>.*....X]..4T.]VLg.O]9.x............ 9....1.h<..h.......7rt...A.p.{..Kq...6.1}T....C...n.............X..9.-..A..C..{...............G......<.3..m@.@.5b....NSQ. .(q....T...G....(..m...~...g.r.......F..n.?q..b&?L&b.G.CK.\.8P....$....P.q.V.R..1..}=;.a.L.......4.:..=MR..`j1U.s.8...%....O.g.h....N->X2.W"f.1...!1....lH.......l.........l%c.8.|@.<."....'.}0.....cS.bx..v....6o7g...)...O....K..[%TP.]..5..c.9u...56_p.+..!%.q....!..l....]'~.....R.+.Z.....LkK~....y. C.w.*+.P1...O."...._.M.n.7.;E.Z..4.\.z.^.[.Y.^~.hs..<.@NO.@.B..LG.G.#...,e$%/.:AF.7....2X..l<....(.S*...H.<jy..N.?'`b.0m..It.~Zm...4....9.@v.t..d.0......Yqm.U..b...."\...~]M...g._.u..T...'E...3.C.p..D...nY8...Z..]+.....PA.~~...v.-.D....}T..3..Z...5F....8..V.....

          C:\Users\user\Desktop\UOOJJOZIRH\QNCYCDFIJJ.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DD0EDF5BB9DC4848B8DB9BB05BDD5B7F
          SHA1:362A8A66DE29C76D22EE8FED97357599E28407E8
          SHA-256:0909877947A380C5131BEC9160EA4E5B295DDB80B9DEB20FCE405B4DD70B4510
          SHA-512:4AB2A6732D346D6297AA5569CF95D7E90F78565510A25C5AC5A6D9FE154BE616B66687B13521AA7F9D30B9344D6C04164F5B9717A0EF4F135C8362787022B330
          Malicious:false
          Reputation:unknown
          Preview:QNCYCh.S.I..F.."=.....k..P.1'..9..8..4.."....:.x.=n.|.u.x.M...{....H.v.34b.i.C..-.0E....H.f.....K....h..Gh.6%s>..S.0......>...#Q..J@.....4...j...yw.q.Y...b..!].r...,..o.....f.z@4.K..R.....1.aw...y2..G.k....5..H...d.e.0U-.m....."J..>.*....X]..4T.]VLg.O]9.x............ 9....1.h<..h.......7rt...A.p.{..Kq...6.1}T....C...n.............X..9.-..A..C..{...............G......<.3..m@.@.5b....NSQ. .(q....T...G....(..m...~...g.r.......F..n.?q..b&?L&b.G.CK.\.8P....$....P.q.V.R..1..}=;.a.L.......4.:..=MR..`j1U.s.8...%....O.g.h....N->X2.W"f.1...!1....lH.......l.........l%c.8.|@.<."....'.}0.....cS.bx..v....6o7g...)...O....K..[%TP.]..5..c.9u...56_p.+..!%.q....!..l....]'~.....R.+.Z.....LkK~....y. C.w.*+.P1...O."...._.M.n.7.;E.Z..4.\.z.^.[.Y.^~.hs..<.@NO.@.B..LG.G.#...,e$%/.:AF.7....2X..l<....(.S*...H.<jy..N.?'`b.0m..It.~Zm...4....9.@v.t..d.0......Yqm.U..b...."\...~]M...g._.u..T...'E...3.C.p..D...nY8...Z..]+.....PA.~~...v.-.D....}T..3..Z...5F....8..V.....

          C:\Users\user\Desktop\UOOJJOZIRH\SFPUSAFIOL.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.850858014386917
          Encrypted:false
          SSDEEP:
          MD5:E13FFE804E0C09A896439D043C8C762F
          SHA1:CEE6AF4EAE38EBF6D6FDE9B5DA13EA0CD6C5A020
          SHA-256:D94FBED72F2FC5C276D290D47C1F50F8D39D2FFA9599E54E94DA2C84CF52B311
          SHA-512:4405C1D133505D487E237C60D000C07254FBE6506E6D296C5ECCF771FE14AB2F56DA2236D23F5A427C894909B6CCB120D4FCD33CA71E90B0CE5F4D3CAFA1298A
          Malicious:false
          Reputation:unknown
          Preview:SFPUS=...8.S..Et.0.p.l.K..N..'.f...Vb+NBj>.>p_.+Ke...S.2....I..%......>J..f.kSH.9|2~.h.."~.}..D..i../K.m#...e..|...e >.t..}.o...t..h.x.w...%r....,|..I...=.zv....^.\........&KK?%...>....".....e.x.pE.T[".<0..}..V..HM.../.RLc.g...I...a.-..p\._!.w.SS.>}..;T.#.x+....1..b}8..kk7..e.-...T.....M.....|...A...jG.y_..0t\....!E....l=w....Qn.#..g.......8.].(.u....K'z...+.!.0.V.A.S.F....!..j0...!.:$A..d/..e..\T..uw.p>.s..9....''..m.J...Jo....~cS.RXJ&.J......C...P.o.qD.J...........@,.......K/f.q_..z+.b}.S...X..Fr...............5`c}.[h3?....E.y5_%.+.%...f.....|.H.|.'1.K..TD.....c@ATx.1..gp.-......*."...i9..[..%......S<.u.23....|XS$.....2..b.4.\.U...bHH..m..s..y^R.s.,.A..b..../.....?.Q;.......zX...3.......&....7..d...z........o.A.....R..2o.!.C.W..%&.T-C....=.(...m.7.^.v9...P..j...='...\. .)...2.5Fgwvy.s.CW.al../.G%J..h.....~......C..;...DK.E?.)j..@^..,...q.e2.}.7$3..4.$.........b. l\m"3...!P...J...&^.........u.^,.5.$6....b.-..3K.._8.n..M....a...J.u.)V.N..k..'..

          C:\Users\user\Desktop\UOOJJOZIRH\SFPUSAFIOL.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E13FFE804E0C09A896439D043C8C762F
          SHA1:CEE6AF4EAE38EBF6D6FDE9B5DA13EA0CD6C5A020
          SHA-256:D94FBED72F2FC5C276D290D47C1F50F8D39D2FFA9599E54E94DA2C84CF52B311
          SHA-512:4405C1D133505D487E237C60D000C07254FBE6506E6D296C5ECCF771FE14AB2F56DA2236D23F5A427C894909B6CCB120D4FCD33CA71E90B0CE5F4D3CAFA1298A
          Malicious:false
          Reputation:unknown
          Preview:SFPUS=...8.S..Et.0.p.l.K..N..'.f...Vb+NBj>.>p_.+Ke...S.2....I..%......>J..f.kSH.9|2~.h.."~.}..D..i../K.m#...e..|...e >.t..}.o...t..h.x.w...%r....,|..I...=.zv....^.\........&KK?%...>....".....e.x.pE.T[".<0..}..V..HM.../.RLc.g...I...a.-..p\._!.w.SS.>}..;T.#.x+....1..b}8..kk7..e.-...T.....M.....|...A...jG.y_..0t\....!E....l=w....Qn.#..g.......8.].(.u....K'z...+.!.0.V.A.S.F....!..j0...!.:$A..d/..e..\T..uw.p>.s..9....''..m.J...Jo....~cS.RXJ&.J......C...P.o.qD.J...........@,.......K/f.q_..z+.b}.S...X..Fr...............5`c}.[h3?....E.y5_%.+.%...f.....|.H.|.'1.K..TD.....c@ATx.1..gp.-......*."...i9..[..%......S<.u.23....|XS$.....2..b.4.\.U...bHH..m..s..y^R.s.,.A..b..../.....?.Q;.......zX...3.......&....7..d...z........o.A.....R..2o.!.C.W..%&.T-C....=.(...m.7.^.v9...P..j...='...\. .)...2.5Fgwvy.s.CW.al../.G%J..h.....~......C..;...DK.E?.)j..@^..,...q.e2.}.7$3..4.$.........b. l\m"3...!P...J...&^.........u.^,.5.$6....b.-..3K.._8.n..M....a...J.u.)V.N..k..'..

          C:\Users\user\Desktop\UOOJJOZIRH\UOOJJOZIRH.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.840854453837524
          Encrypted:false
          SSDEEP:
          MD5:BCD9E73DAB88E2330F502F10BEF9526A
          SHA1:077C8983BFAB692A7E9551A1080317C49DF5F0DA
          SHA-256:DFDF85E8519364AC98EDC7536F72E406A4DC3B032C1792C326ADA75688EB38FD
          SHA-512:E86749C12DDCED6D1237F14D6387F5CD350D751135801D88B7C8DE06AE18AD071E5F36011603BB6418A6037AEBE8D224C7AE060399D895AC623EDFA48B0CE977
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ..e.).R-..."7....O.q.....L...@.s...-K....]3-=..zd.N..<}.....v.\.........UJ.....OW......M.2$........4...D7X........ .Y.a..N.6.-<~>D.....{S.....:.6.Ox..YrK.d.$U..!.....\.0s.d.$.T.J7...E.#..._. ...qd....K..B..-..D.q...].h...-.w.....f..h.|}.7......W...x:....D.8...E~R.0.7M.......C..!.DX.w(J.L....4.mS.H)@=..56..F.*.i......:.,.....?Z.s.....q3.!.......^..q..Mx.K..}.k".....;36e...j..?.YD.XZ.o!cG.p..ru..{..J.D.t:Y..z...u6.(.1.kE..v".%...<_..42.I.....Q..M...0x^..4m..d.-.~.b...".....uG....t..Y......M@....r.~.F...~.L.R-.D.k....K...mfC.H.-.....@R.....0Z+.L........ `2.Yp.&...'>....'U.r.q.4.`.."/U....S......8..:...j.......I.m.....\...9y.v..+..U..+.'YG.h.e.e.(..g0J..TH...k..e.oh.#1..FI/..!.......z.A..FhU>.W.,..*.Q.xU.....Q...'V^.5..9..>.2Gt.vPu..l.FaL.1#ns.....~1...{8..1...#.#.pm.;....VR.. .%0.g..Qm....Z....3.?#.*UB..^S-..Fj.n....J.\.Ox.~....).o.....k.]..:O`c{B..j..M....}=F./...........J.P...k..a..J..kL.].i....._....@."*%..f.......r./3S.nT.....

          C:\Users\user\Desktop\UOOJJOZIRH\UOOJJOZIRH.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:BCD9E73DAB88E2330F502F10BEF9526A
          SHA1:077C8983BFAB692A7E9551A1080317C49DF5F0DA
          SHA-256:DFDF85E8519364AC98EDC7536F72E406A4DC3B032C1792C326ADA75688EB38FD
          SHA-512:E86749C12DDCED6D1237F14D6387F5CD350D751135801D88B7C8DE06AE18AD071E5F36011603BB6418A6037AEBE8D224C7AE060399D895AC623EDFA48B0CE977
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ..e.).R-..."7....O.q.....L...@.s...-K....]3-=..zd.N..<}.....v.\.........UJ.....OW......M.2$........4...D7X........ .Y.a..N.6.-<~>D.....{S.....:.6.Ox..YrK.d.$U..!.....\.0s.d.$.T.J7...E.#..._. ...qd....K..B..-..D.q...].h...-.w.....f..h.|}.7......W...x:....D.8...E~R.0.7M.......C..!.DX.w(J.L....4.mS.H)@=..56..F.*.i......:.,.....?Z.s.....q3.!.......^..q..Mx.K..}.k".....;36e...j..?.YD.XZ.o!cG.p..ru..{..J.D.t:Y..z...u6.(.1.kE..v".%...<_..42.I.....Q..M...0x^..4m..d.-.~.b...".....uG....t..Y......M@....r.~.F...~.L.R-.D.k....K...mfC.H.-.....@R.....0Z+.L........ `2.Yp.&...'>....'U.r.q.4.`.."/U....S......8..:...j.......I.m.....\...9y.v..+..U..+.'YG.h.e.e.(..g0J..TH...k..e.oh.#1..FI/..!.......z.A..FhU>.W.,..*.Q.xU.....Q...'V^.5..9..>.2Gt.vPu..l.FaL.1#ns.....~1...{8..1...#.#.pm.;....VR.. .%0.g..Qm....Z....3.?#.*UB..^S-..Fj.n....J.\.Ox.~....).o.....k.]..:O`c{B..j..M....}=F./...........J.P...k..a..J..kL.].i....._....@."*%..f.......r./3S.nT.....

          C:\Users\user\Desktop\UOOJJOZIRH\ZQIXMVQGAH.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.836885968418926
          Encrypted:false
          SSDEEP:
          MD5:4B52EEC01BA9695184CD954F8E89547D
          SHA1:6387DF2436F0D4087BB6750C1E28307080FEBDA9
          SHA-256:D992DD3F8F8207BC328FF727A36897E43F1D44C0D95CE1C687A8653AC5C6B9E9
          SHA-512:E2B0E4A392081383BEA8D4C21C6F44C5C85E99AF4BB3F6EAFB6C26DC397E647AEFC38A267103482AB990811C442195973EED9DEEE85FAB082453740700179A47
          Malicious:false
          Reputation:unknown
          Preview:ZQIXMyb*.{w..0...K.HO.W...0.(..?......9[..+..eW.sU..Z#E...u%..ch.>.....4*.=AY&..L.I..r!.~...s..Y....$.......w..C..'..u..Lr..=BG&.O.A.....b.az.._@d.s4...|./......{..k..wdo....o3Cm..[..L..TL.-.?\..~7rb.k.G.#...\.A..I.......h.....K..l....<)..sZ..D.{..O`.c...6..Y....S..."mis./l.V`.2.b\CC...$Nz}'l..|.(.2.3...S.6....2....&.Q..w..w>..:..N..C.-.O........".Hp..R>.[...&...8..k./...04s.tfg..W...../I.S...z../(..:.G..F.....T.....H'....S*...]m. .;..?..-.VL....Z.f..)be.q........8..9L...$#hpo..qy...+...G-....R.r....K.>...c.vZKd.. .*.D..5{/DPt-...[Km...1....K^i.1Ck{.3...._....b[J.gm..I....33T0.....7..=..._koK.=..@}.rj*.kM....<...`G.E`.{e\.$.f....oq.g.xL5b."..!.so6...A.E...b....&...?.V.3.o...V.=q62l$./.r..m.."Z........Y..0..t2.1oJ....s~!..~7....(1b.G...w.'2.#..O.f..Zn63..2g.I.Q.G.....h.Z3......l+.u)3...N...l.G..I.t.'V....bx..w2..."a...x.EY...~.9....m..Z.(.z.f.f....'l...Aje ..$..GMm..*R3k.+.RK..E./K..'..sxL...SE.4...R..!|.]QZ..G....n.4,.i....uVe.

          C:\Users\user\Desktop\UOOJJOZIRH\ZQIXMVQGAH.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4B52EEC01BA9695184CD954F8E89547D
          SHA1:6387DF2436F0D4087BB6750C1E28307080FEBDA9
          SHA-256:D992DD3F8F8207BC328FF727A36897E43F1D44C0D95CE1C687A8653AC5C6B9E9
          SHA-512:E2B0E4A392081383BEA8D4C21C6F44C5C85E99AF4BB3F6EAFB6C26DC397E647AEFC38A267103482AB990811C442195973EED9DEEE85FAB082453740700179A47
          Malicious:false
          Reputation:unknown
          Preview:ZQIXMyb*.{w..0...K.HO.W...0.(..?......9[..+..eW.sU..Z#E...u%..ch.>.....4*.=AY&..L.I..r!.~...s..Y....$.......w..C..'..u..Lr..=BG&.O.A.....b.az.._@d.s4...|./......{..k..wdo....o3Cm..[..L..TL.-.?\..~7rb.k.G.#...\.A..I.......h.....K..l....<)..sZ..D.{..O`.c...6..Y....S..."mis./l.V`.2.b\CC...$Nz}'l..|.(.2.3...S.6....2....&.Q..w..w>..:..N..C.-.O........".Hp..R>.[...&...8..k./...04s.tfg..W...../I.S...z../(..:.G..F.....T.....H'....S*...]m. .;..?..-.VL....Z.f..)be.q........8..9L...$#hpo..qy...+...G-....R.r....K.>...c.vZKd.. .*.D..5{/DPt-...[Km...1....K^i.1Ck{.3...._....b[J.gm..I....33T0.....7..=..._koK.=..@}.rj*.kM....<...`G.E`.{e\.$.f....oq.g.xL5b."..!.so6...A.E...b....&...?.V.3.o...V.=q62l$./.r..m.."Z........Y..0..t2.1oJ....s~!..~7....(1b.G...w.'2.#..O.f..Zn63..2g.I.Q.G.....h.Z3......l+.u)3...N...l.G..I.t.'V....bx..w2..."a...x.EY...~.9....m..Z.(.z.f.f....'l...Aje ..$..GMm..*R3k.+.RK..E./K..'..sxL...SE.4...R..!|.]QZ..G....n.4,.i....uVe.

          C:\Users\user\Desktop\ZQIXMVQGAH.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.824202794277135
          Encrypted:false
          SSDEEP:
          MD5:21DA3DDAF27F1CFF86556AD5E8F2D109
          SHA1:FC03897CD663AEF3BE9E2986E84FB9E42089A244
          SHA-256:965471E94732DEFAE17CED15BB694329BDB511EC8DCEA6AE727401B68752D94C
          SHA-512:00A5156A07E4AD5179E8BB118FEE25EE461DDD33C4C7312BB5307C71F533A3158DFEFCBF6EB13ABB8B9EAC17265912F6DD947215ADBECC945113586DDF9287B8
          Malicious:false
          Reputation:unknown
          Preview:ZQIXM...>.K:...z......|..W.J...U*=#1..zk4P9.I.E.ad.x.A.PM.......pt.&si? O`.YU4.X...v.9..i7W.N..E..zvQhw...W....n..v.....V..".....w...ns..;...?cQ...[%.,.n...................{.Z$......SQN%M.....(.%.Tj.Z./.j....e3.$!...$SR.m S..."X.7A..0..:.Z!.T....e..("....![.l..p...?#....".yH...8.2......".......3.k....1......@.l..".4.UQ4..(lQ......O.-:...Nb.4j2.]....-kqc*...XI........H.......\7x1rp.M.:.H.jW...Eg1yN....u...C~2b9z..S...U....i..:....... 2&-e.+ID.JUc8q.T...a.y:..wC.u.==O...,.N..[.`{.'.....c1...m9Q....0cN.9..#.....i;." ...m7..H....A._%`.4.... ......(u.P3/.....0....T..>.(4.s...7.U%6.5_...u.E.U.H.....7|.B..,#F..yC].s....Y.V..$.BG.F.Y.).[......S.$..[ ..Ev....].a...K......#...D...y.\.....J1.(.)g(U.e...r,w. .l.V.V..B.......9`(........B._..!h......1.h..........%(e...H....f.U...._..........j....Kl._..|$../C.....Z...<..H..wr......i.1,N(P7.,$.E..uc....'Y....i.Jbs.p.).....]G.x."7..Y..`X.^...f._..U...a.D...GN0...gO....!.1..A..f...$.

          C:\Users\user\Desktop\ZQIXMVQGAH.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:21DA3DDAF27F1CFF86556AD5E8F2D109
          SHA1:FC03897CD663AEF3BE9E2986E84FB9E42089A244
          SHA-256:965471E94732DEFAE17CED15BB694329BDB511EC8DCEA6AE727401B68752D94C
          SHA-512:00A5156A07E4AD5179E8BB118FEE25EE461DDD33C4C7312BB5307C71F533A3158DFEFCBF6EB13ABB8B9EAC17265912F6DD947215ADBECC945113586DDF9287B8
          Malicious:false
          Reputation:unknown
          Preview:ZQIXM...>.K:...z......|..W.J...U*=#1..zk4P9.I.E.ad.x.A.PM.......pt.&si? O`.YU4.X...v.9..i7W.N..E..zvQhw...W....n..v.....V..".....w...ns..;...?cQ...[%.,.n...................{.Z$......SQN%M.....(.%.Tj.Z./.j....e3.$!...$SR.m S..."X.7A..0..:.Z!.T....e..("....![.l..p...?#....".yH...8.2......".......3.k....1......@.l..".4.UQ4..(lQ......O.-:...Nb.4j2.]....-kqc*...XI........H.......\7x1rp.M.:.H.jW...Eg1yN....u...C~2b9z..S...U....i..:....... 2&-e.+ID.JUc8q.T...a.y:..wC.u.==O...,.N..[.`{.'.....c1...m9Q....0cN.9..#.....i;." ...m7..H....A._%`.4.... ......(u.P3/.....0....T..>.(4.s...7.U%6.5_...u.E.U.H.....7|.B..,#F..yC].s....Y.V..$.BG.F.Y.).[......S.$..[ ..Ev....].a...K......#...D...y.\.....J1.(.)g(U.e...r,w. .l.V.V..B.......9`(........B._..!h......1.h..........%(e...H....f.U...._..........j....Kl._..|$../C.....Z...<..H..wr......i.1,N(P7.,$.E..uc....'Y....i.Jbs.p.).....]G.x."7..Y..`X.^...f._..U...a.D...GN0...gO....!.1..A..f...$.

          C:\Users\user\Documents\BNAGMGSPLO.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.852388071373308
          Encrypted:false
          SSDEEP:
          MD5:FDC15D63366D4EEF07159B8CDBF46D85
          SHA1:51AECA19F96EC5DAB3EFB53258741D19BC89695F
          SHA-256:40FCF4B4939329E29B7BAEC1775F9954FD9DE18B8C095CA69ECB52008256E9D9
          SHA-512:5D07E530A32CCDECC481247F34CA35586996AE1DAA2A792AB329C91FF65BE10AE81CFDF258CC258B70328F85F3EDDF0C5FD7EEB33BDEAECBEBDD8F7EFFF8FFE5
          Malicious:false
          Reputation:unknown
          Preview:BNAGM...6.V...iOx...S..\....v.....>..i ..cG.......E..o...9h...pf.F..:R.mZx@.`P..l....`U...P.=.....b.Z....tp.0.G2{.,.....L..uY....A....f../...JS.T....(..."............e.$.9..&vV.|l..t..u............ ....].......O.... 1.w......H.....LjeZbE..^).i}o.;.(..*....g.c3`......_......d..4e..N&.........Lq.......my.J.G..4.........../....D....!............}9...Fox.....Zh4....Uq..@.........f....~....Hnh.)...B...TW.Ul......a<B...q,...M(...Sz..o...].......U.....f8.2.d"$....k...Tb.S#..J.t0....gGJ=d.......N...."*.u...WP..U.C...V.....)....}V#.6U...U-.....O..Xh.S.....G.\.G.hm......7ni...V..W.u..3....zO%..1pm...e.6y?.T.;..K.>...+..v.T.h9.?1k..OcN.L...5.K..u.pQ.!y..K.....cy.mN~X.n.B..}1n?.~@3.4@.l......jI.|..!H(.uP......w<.d~o..3.].x.wB.!..o...(.w.XK.=.^9C5E.L@.J)....R.. .UPb~..t..%.g..C!.S3%..'Q.u}.X......M...^"..k...f.....nvv5.x.....2.(.#.p.Co.UF.Y.7Q...($g.D.N2.....`.M.W.z....!.,..i.._=.R]?F.^.\.[.o...f..\.. .. ........b..?....3s.O..N&.\. ...

          C:\Users\user\Documents\BNAGMGSPLO.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FDC15D63366D4EEF07159B8CDBF46D85
          SHA1:51AECA19F96EC5DAB3EFB53258741D19BC89695F
          SHA-256:40FCF4B4939329E29B7BAEC1775F9954FD9DE18B8C095CA69ECB52008256E9D9
          SHA-512:5D07E530A32CCDECC481247F34CA35586996AE1DAA2A792AB329C91FF65BE10AE81CFDF258CC258B70328F85F3EDDF0C5FD7EEB33BDEAECBEBDD8F7EFFF8FFE5
          Malicious:false
          Reputation:unknown
          Preview:BNAGM...6.V...iOx...S..\....v.....>..i ..cG.......E..o...9h...pf.F..:R.mZx@.`P..l....`U...P.=.....b.Z....tp.0.G2{.,.....L..uY....A....f../...JS.T....(..."............e.$.9..&vV.|l..t..u............ ....].......O.... 1.w......H.....LjeZbE..^).i}o.;.(..*....g.c3`......_......d..4e..N&.........Lq.......my.J.G..4.........../....D....!............}9...Fox.....Zh4....Uq..@.........f....~....Hnh.)...B...TW.Ul......a<B...q,...M(...Sz..o...].......U.....f8.2.d"$....k...Tb.S#..J.t0....gGJ=d.......N...."*.u...WP..U.C...V.....)....}V#.6U...U-.....O..Xh.S.....G.\.G.hm......7ni...V..W.u..3....zO%..1pm...e.6y?.T.;..K.>...+..v.T.h9.?1k..OcN.L...5.K..u.pQ.!y..K.....cy.mN~X.n.B..}1n?.~@3.4@.l......jI.|..!H(.uP......w<.d~o..3.].x.wB.!..o...(.w.XK.=.^9C5E.L@.J)....R.. .UPb~..t..%.g..C!.S3%..'Q.u}.X......M...^"..k...f.....nvv5.x.....2.(.#.p.Co.UF.Y.7Q...($g.D.N2.....`.M.W.z....!.,..i.._=.R]?F.^.\.[.o...f..\.. .. ........b..?....3s.O..N&.\. ...

          C:\Users\user\Documents\GAOBCVIQIJ.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.84219191044113
          Encrypted:false
          SSDEEP:
          MD5:07D0A5AAEBD12A8BA3117195F82F9FCD
          SHA1:F0E4636D7AB96CF25FDD74DE697C805D124FF2BC
          SHA-256:29D0BD7A2CD37AB1F5A4DE1C06A6531024DC62A91F9FF5DC57AD53F1D19460E6
          SHA-512:522B091295283F7ECB964F82F10B06CFB03DC5619F9A7341D70AD80DD84388A688DE754048EC00B99C9CCFC8D6202AEA4F641B8B413B88D799EF87F3D066CF54
          Malicious:false
          Reputation:unknown
          Preview:GAOBCuT(.X...X...T2.....$..W6.....?...S.@o_...)..JV.....e.K{A....G{v.-J..q.g...#O.L0::rg..)....d..:u.M`"...N..6F0...f..X...s..Ic..Y.....V.....B^o.$..q-..h...*S...S..-o.8f...3"....U..U..R]4....~.`lBQ].pg.J.wS.../...r"..C.b!.@..!4:.'v..p.HB...g.R...>K-....T9d.i....lrM.|..............r...|B.8<.K.....#.......+X.)..k.'T.....3.a..:.n,..Ox.D.k... E....uP......[.&&{.3<08.g.<...*@z.....E;.....~..i...U.o....X..H.M.#g..Fl...B`cp.<.B....*..sd.*.....I..V...6........+...Ds...t.....^................L.3.X.z.U.g.j...U..D..{k....`._. $...n...-Er.QU0..X...y..Z..p..M.@....i.#"...=x.k.$.......y.....}....F...4.n.@.....!_.r..?.5......c...sQ..|i@..4...*...w..2.{e.0Y.Jk....z.&p.V....X).W.x|-..E.B......y.7.......+...K*j...9.4^......u.X.r....31....cgTP.1....w$QHW.3~WL........i...........92.*.S.......{..5...c..1...C ..Q...c~.9!..dx..].._....=....}....L.Qh....G....[x..I../...-#...t.l.....1..0.h.b.$.......k..)d../.o&...b...t...SuZ...hU.......n.Q.i..".E.p....).V...

          C:\Users\user\Documents\GAOBCVIQIJ.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:07D0A5AAEBD12A8BA3117195F82F9FCD
          SHA1:F0E4636D7AB96CF25FDD74DE697C805D124FF2BC
          SHA-256:29D0BD7A2CD37AB1F5A4DE1C06A6531024DC62A91F9FF5DC57AD53F1D19460E6
          SHA-512:522B091295283F7ECB964F82F10B06CFB03DC5619F9A7341D70AD80DD84388A688DE754048EC00B99C9CCFC8D6202AEA4F641B8B413B88D799EF87F3D066CF54
          Malicious:false
          Reputation:unknown
          Preview:GAOBCuT(.X...X...T2.....$..W6.....?...S.@o_...)..JV.....e.K{A....G{v.-J..q.g...#O.L0::rg..)....d..:u.M`"...N..6F0...f..X...s..Ic..Y.....V.....B^o.$..q-..h...*S...S..-o.8f...3"....U..U..R]4....~.`lBQ].pg.J.wS.../...r"..C.b!.@..!4:.'v..p.HB...g.R...>K-....T9d.i....lrM.|..............r...|B.8<.K.....#.......+X.)..k.'T.....3.a..:.n,..Ox.D.k... E....uP......[.&&{.3<08.g.<...*@z.....E;.....~..i...U.o....X..H.M.#g..Fl...B`cp.<.B....*..sd.*.....I..V...6........+...Ds...t.....^................L.3.X.z.U.g.j...U..D..{k....`._. $...n...-Er.QU0..X...y..Z..p..M.@....i.#"...=x.k.$.......y.....}....F...4.n.@.....!_.r..?.5......c...sQ..|i@..4...*...w..2.{e.0Y.Jk....z.&p.V....X).W.x|-..E.B......y.7.......+...K*j...9.4^......u.X.r....31....cgTP.1....w$QHW.3~WL........i...........92.*.S.......{..5...c..1...C ..Q...c~.9!..dx..].._....=....}....L.Qh....G....[x..I../...-#...t.l.....1..0.h.b.$.......k..)d../.o&...b...t...SuZ...hU.......n.Q.i..".E.p....).V...

          C:\Users\user\Documents\IPKGELNTQY.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.83819956100859
          Encrypted:false
          SSDEEP:
          MD5:3E87D74A579D6EA2634BCD952B37B9A0
          SHA1:9AA0D3D6C137F89CC15DB6BD2681680FC23158F4
          SHA-256:154645FFA95792AB4C85CF883BFD9F075B09E5D4A53AA8FD9DA470548142845C
          SHA-512:D717DE737892E11D2D9BF71D6FA45EA4D9500592BD9C30A72AC995BFCF7602D0228B093EFC277F496A37ADF03A59AFB736D98967FE88E6ABA02295E3D35C5E40
          Malicious:false
          Reputation:unknown
          Preview:IPKGEC.7.../..0.O..)..i.}.v..,.bs./q.W..I..z...$..d.V..r...Y.(.U...NJ.Mp.0....,.'...../Y.,.9./.~}..C..-.(.?N.............uj.V..m....K...D..|).D.mc.6.l.o.Z.=.].V...5..o..a.-9....[v..>.$H.1.OI.A:'...N.%./...X...`.|...o..R.b,..t......u...<.]...#c?V.i..Q.n.y...N...U!+..z.Mx..H....b]>{/x.M.-..m.......q.N...G.....]...{Q..+DX._....Gi...Xp."..._O...j..".....0..R.'FG..\..6K.'......b.XI..r.........6....F....,.k.=.5(..'....<....K..g......G.J.".T.[?..a..x2...H.].........I..A.O.6p&...........c...g..c..]..#,..%..+...a.].\b.b.g.)..F.l.......d.3..d.2_..@D.....).UU..p.(...(..d.es5...N.I..i.M..k.....l.{A.c.O...%f...M..O.Z7...lG...B...!...t.4..Q..w..Pk...S.I....3[I.v]Q.(Ak.....M.X..5D....=:Y..k.............r..a..........|blcD.n*"1...m......6...P..w./z..-<.q...K-.p...y.....:..'.W.f.G2.._J.!...M....W..l.._...b.=b8..p...(.....k..S.l[$n$K..p....PG..E......m.n.QW.M ...4r.(@bV..v....L..Q...pG..W.>.9..E#(\.pa.6.2.......k.....#......ot,{..pH.L.....;..+.

          C:\Users\user\Documents\IPKGELNTQY.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3E87D74A579D6EA2634BCD952B37B9A0
          SHA1:9AA0D3D6C137F89CC15DB6BD2681680FC23158F4
          SHA-256:154645FFA95792AB4C85CF883BFD9F075B09E5D4A53AA8FD9DA470548142845C
          SHA-512:D717DE737892E11D2D9BF71D6FA45EA4D9500592BD9C30A72AC995BFCF7602D0228B093EFC277F496A37ADF03A59AFB736D98967FE88E6ABA02295E3D35C5E40
          Malicious:false
          Reputation:unknown
          Preview:IPKGEC.7.../..0.O..)..i.}.v..,.bs./q.W..I..z...$..d.V..r...Y.(.U...NJ.Mp.0....,.'...../Y.,.9./.~}..C..-.(.?N.............uj.V..m....K...D..|).D.mc.6.l.o.Z.=.].V...5..o..a.-9....[v..>.$H.1.OI.A:'...N.%./...X...`.|...o..R.b,..t......u...<.]...#c?V.i..Q.n.y...N...U!+..z.Mx..H....b]>{/x.M.-..m.......q.N...G.....]...{Q..+DX._....Gi...Xp."..._O...j..".....0..R.'FG..\..6K.'......b.XI..r.........6....F....,.k.=.5(..'....<....K..g......G.J.".T.[?..a..x2...H.].........I..A.O.6p&...........c...g..c..]..#,..%..+...a.].\b.b.g.)..F.l.......d.3..d.2_..@D.....).UU..p.(...(..d.es5...N.I..i.M..k.....l.{A.c.O...%f...M..O.Z7...lG...B...!...t.4..Q..w..Pk...S.I....3[I.v]Q.(Ak.....M.X..5D....=:Y..k.............r..a..........|blcD.n*"1...m......6...P..w./z..-<.q...K-.p...y.....:..'.W.f.G2.._J.!...M....W..l.._...b.=b8..p...(.....k..S.l[$n$K..p....PG..E......m.n.QW.M ...4r.(@bV..v....L..Q...pG..W.>.9..E#(\.pa.6.2.......k.....#......ot,{..pH.L.....;..+.

          C:\Users\user\Documents\MXPXCVPDVN.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.869451221679029
          Encrypted:false
          SSDEEP:
          MD5:D7D120690E91F2D36EFA59C19F0AFE9B
          SHA1:5C02EDEA438CEDE5751C129BB8E08136A3D72142
          SHA-256:31E1DA16AFABBAFDCC3E92D990BEE886B7A34BA210C2113631D5282E4FAC8A06
          SHA-512:D24AC6F101E09D39D51E1DC69DD30CF5B7DEA4A4C35536F48042BF905AD249BC7455FD861343387CD193175481CA3636F33FE5E9B0A8CE63DE5A28B6542FE1D6
          Malicious:false
          Reputation:unknown
          Preview:MXPXC:...."..1.I...\O...Mk.7...:._..r,....8...u.1.=..c..E..>...Y...f0a....u;........1..1..?....k.].*...9..Y8..TP.X..rt.>j.J.S...2..@Z.U.Qe...HN...-%b...r..BM..Y..bf.K...".O.BVC......U....&.w.U<z<.`kY...d._.@D...Y.I....o7v....l......A........+.r|_k.ZA......E.$.Qi.S....h>...".B..[......e..T..(.....!D..%....@;'A.=9._.6.\%b........|W[.....^.%/.aXy..[.p...P..l"{....s(.9.>......e.<...#..a..6......z{V..]...L..w.D=..?iMG..+..z.S#.+9+a..^^,,...%.._(........S.y2m..A.{.;1."f~.G..8.r.?..D..Sr.#.....a.2.q.=..f.L...P&#.o.).EJ.?R....=.\8.{.g7..)...I.&LCk..3,..,.G.i../..!.O!j%t.R.'G>.'....X^.'......9.qt.s-.!.egM..q.)s*OZ.B......k..L..B.....]..l../..Q.._...:r......^1..P..7M..D..v.K8......hp.`....jB.....)..WP.....tZT4....).o;.b.....:..}<.......^..j....f... #O....2..uw..M.w?.~.M..0e...T.CY.$....N.....A...Y.V.p.2../.JT.....\..,9p..t.I..ZA..x5...r.P.....~j.v..1n].Z9.D...]V/..3...w4C....`i.....[I.Z~.".MTo.p.........3.B..p....n....O.k..F.-...e+.~v.h../.....8

          C:\Users\user\Documents\MXPXCVPDVN.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D7D120690E91F2D36EFA59C19F0AFE9B
          SHA1:5C02EDEA438CEDE5751C129BB8E08136A3D72142
          SHA-256:31E1DA16AFABBAFDCC3E92D990BEE886B7A34BA210C2113631D5282E4FAC8A06
          SHA-512:D24AC6F101E09D39D51E1DC69DD30CF5B7DEA4A4C35536F48042BF905AD249BC7455FD861343387CD193175481CA3636F33FE5E9B0A8CE63DE5A28B6542FE1D6
          Malicious:false
          Reputation:unknown
          Preview:MXPXC:...."..1.I...\O...Mk.7...:._..r,....8...u.1.=..c..E..>...Y...f0a....u;........1..1..?....k.].*...9..Y8..TP.X..rt.>j.J.S...2..@Z.U.Qe...HN...-%b...r..BM..Y..bf.K...".O.BVC......U....&.w.U<z<.`kY...d._.@D...Y.I....o7v....l......A........+.r|_k.ZA......E.$.Qi.S....h>...".B..[......e..T..(.....!D..%....@;'A.=9._.6.\%b........|W[.....^.%/.aXy..[.p...P..l"{....s(.9.>......e.<...#..a..6......z{V..]...L..w.D=..?iMG..+..z.S#.+9+a..^^,,...%.._(........S.y2m..A.{.;1."f~.G..8.r.?..D..Sr.#.....a.2.q.=..f.L...P&#.o.).EJ.?R....=.\8.{.g7..)...I.&LCk..3,..,.G.i../..!.O!j%t.R.'G>.'....X^.'......9.qt.s-.!.egM..q.)s*OZ.B......k..L..B.....]..l../..Q.._...:r......^1..P..7M..D..v.K8......hp.`....jB.....)..WP.....tZT4....).o;.b.....:..}<.......^..j....f... #O....2..uw..M.w?.~.M..0e...T.CY.$....N.....A...Y.V.p.2../.JT.....\..,9p..t.I..ZA..x5...r.P.....~j.v..1n].Z9.D...]V/..3...w4C....`i.....[I.Z~.".MTo.p.........3.B..p....n....O.k..F.-...e+.~v.h../.....8

          C:\Users\user\Documents\MXPXCVPDVN.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.831709021343144
          Encrypted:false
          SSDEEP:
          MD5:CCF7602C0A845FD918E23212851A92FC
          SHA1:AE3D3CB4ADE92FDFF4FE7D8315B4DD3A03877D2A
          SHA-256:682F821C0E8250865A98DBF46586CDDB432C5421B7AD50FEEE92450D0F2EFF3E
          SHA-512:F11CF2D1B18B575828F3CFB984EABCAC15E762E84498501960D84310C9DBFA53F22DE847A9527C95632453462266CDAFF52FCB33CFF40F8F0949735763A5EEB7
          Malicious:false
          Reputation:unknown
          Preview:MXPXC..u..R.a.z.Q.F.......DC..m..Vk.D..A;c.~..[.g".....o....C3u..$...........<|.$H..d`...h..9.t3RoCm....~.S.P....'..&......B...b.B..4.....X..6e..GBR...=.+E.....h..3..$3..?.^."..|.s...F.....G.=EK.)..uE..O5)....c...gdC...|.....S*...YK*0QS..d...%.k......M.U.c.r..P.b.R............oJ.-......j#.Ut..?..-l.......m`c.....@....Y..5............=.t......a...*..*.>..`E[-....L.~....:JY.......{)..+...."..,D..h~^.<.$.^.C.x."HQg...qJ..D.._Z>..\&I......ff\....bsR.@..\..c-.r6.4`....QhX.A.....".-....U.D.~.~F.+.c.dRl..r...M2~.G.m.......X...0.?H.i....J.X....5..Q.......HT...O......0..z.A.@5.L.....3._.....d.\.M.J.p... ...<D.......^.l..}.....Y........#T.u>...!...t.+...._.:'.Y..U.j..]..-].u...RdT...+mOw......).!..Hd...p....,X/s*...P.b......;^'..7.....c...M...f..J+.nk.....*..h.Z.....S..-yk.+......N...+.P*..%lp.>]q5..>..........4....`..y.K.d.V....|E/...$..2.2..c..#0$t..t.:&......ue'%*..oS",......y.B.....a1.99&T]dY.>.h.@.e~.....\.F.m...7....7.....Np.........A.

          C:\Users\user\Documents\MXPXCVPDVN.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CCF7602C0A845FD918E23212851A92FC
          SHA1:AE3D3CB4ADE92FDFF4FE7D8315B4DD3A03877D2A
          SHA-256:682F821C0E8250865A98DBF46586CDDB432C5421B7AD50FEEE92450D0F2EFF3E
          SHA-512:F11CF2D1B18B575828F3CFB984EABCAC15E762E84498501960D84310C9DBFA53F22DE847A9527C95632453462266CDAFF52FCB33CFF40F8F0949735763A5EEB7
          Malicious:false
          Reputation:unknown
          Preview:MXPXC..u..R.a.z.Q.F.......DC..m..Vk.D..A;c.~..[.g".....o....C3u..$...........<|.$H..d`...h..9.t3RoCm....~.S.P....'..&......B...b.B..4.....X..6e..GBR...=.+E.....h..3..$3..?.^."..|.s...F.....G.=EK.)..uE..O5)....c...gdC...|.....S*...YK*0QS..d...%.k......M.U.c.r..P.b.R............oJ.-......j#.Ut..?..-l.......m`c.....@....Y..5............=.t......a...*..*.>..`E[-....L.~....:JY.......{)..+...."..,D..h~^.<.$.^.C.x."HQg...qJ..D.._Z>..\&I......ff\....bsR.@..\..c-.r6.4`....QhX.A.....".-....U.D.~.~F.+.c.dRl..r...M2~.G.m.......X...0.?H.i....J.X....5..Q.......HT...O......0..z.A.@5.L.....3._.....d.\.M.J.p... ...<D.......^.l..}.....Y........#T.u>...!...t.+...._.:'.Y..U.j..]..-].u...RdT...+mOw......).!..Hd...p....,X/s*...P.b......;^'..7.....c...M...f..J+.nk.....*..h.Z.....S..-yk.+......N...+.P*..%lp.>]q5..>..........4....`..y.K.d.V....|E/...$..2.2..c..#0$t..t.:&......ue'%*..oS",......y.B.....a1.99&T]dY.>.h.@.e~.....\.F.m...7....7.....Np.........A.

          C:\Users\user\Documents\MXPXCVPDVN\BNAGMGSPLO.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.833364152700861
          Encrypted:false
          SSDEEP:
          MD5:715040E74003C462D01A70BE36A000DF
          SHA1:EC770856F6A8D307F4E9291AD60CD4DACC6E448B
          SHA-256:C0AF26BDC82BB0AD4483F8D0446D76FDE7A265D8D3FC8013D0C32C188022643A
          SHA-512:541BC9A2C52E7FF8504DBCE7E20F1300D84D72BE735A879186F4F50CDFF9DD5581880C3C9CADD7B1B0E6F113B88FE2CB3A4958E5504A1770A63F761067677749
          Malicious:false
          Reputation:unknown
          Preview:BNAGM1.`2....).......u..|,.s.{.8.j..B.!?....`.7o.;e.`...,...x.#9....w..Pe......_..R.........}.......<...'...k.M.b.t6.1.#m.x...I!B(.M..*O..(...E...Yuo.R.....I..o>..).\.........]w.(..!I.;..i...8........h.."-....'...._Hg%.S.z..b..U.....GH.@.~..-....s........j.x...[..c...8.5RZiZ a.....v.\......p...}1.I?....n...m.k.......-..tqKi........g....&...c)..".so...Y2...n\..p:....R]\.\&.V.` ..o..nU.........80..Y.H......k.j.9S.).E..%...........*..I.8U.<+8."...Z7S.3....9..x\O/U..........kf..uU{.3.v#p.J.."..x.......?..m..._.r+O..af....d`....h.^T......Dk..,{i2:KcEzp.(].1.E...y.#..6.G!i.(xbM..N...`..4_4.tsj...6.z..2.y9z....1.Cz.:.6.7.5.Ax.q....{c./..c..5.K^...j.w...6UD...ML.C...(...\.Mv.....r}}...?.P..9..9.(...UoI....I...;...is..p.&..]..-..X.....V|J.4F.7]..[%....+.......1..b.o.V.d...3.q....A~......(v.c.....v..Co_O\l.h.-.&wG....!q......#X....Ai3<.u......H.. .+.....C..H..v..m.}Xs......J{kOrLiDd..S8?.....FON.Q....Qtx.1.s.....FN.[..<C.......:)Q=..M'..O..6.. 4

          C:\Users\user\Documents\MXPXCVPDVN\BNAGMGSPLO.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:715040E74003C462D01A70BE36A000DF
          SHA1:EC770856F6A8D307F4E9291AD60CD4DACC6E448B
          SHA-256:C0AF26BDC82BB0AD4483F8D0446D76FDE7A265D8D3FC8013D0C32C188022643A
          SHA-512:541BC9A2C52E7FF8504DBCE7E20F1300D84D72BE735A879186F4F50CDFF9DD5581880C3C9CADD7B1B0E6F113B88FE2CB3A4958E5504A1770A63F761067677749
          Malicious:false
          Reputation:unknown
          Preview:BNAGM1.`2....).......u..|,.s.{.8.j..B.!?....`.7o.;e.`...,...x.#9....w..Pe......_..R.........}.......<...'...k.M.b.t6.1.#m.x...I!B(.M..*O..(...E...Yuo.R.....I..o>..).\.........]w.(..!I.;..i...8........h.."-....'...._Hg%.S.z..b..U.....GH.@.~..-....s........j.x...[..c...8.5RZiZ a.....v.\......p...}1.I?....n...m.k.......-..tqKi........g....&...c)..".so...Y2...n\..p:....R]\.\&.V.` ..o..nU.........80..Y.H......k.j.9S.).E..%...........*..I.8U.<+8."...Z7S.3....9..x\O/U..........kf..uU{.3.v#p.J.."..x.......?..m..._.r+O..af....d`....h.^T......Dk..,{i2:KcEzp.(].1.E...y.#..6.G!i.(xbM..N...`..4_4.tsj...6.z..2.y9z....1.Cz.:.6.7.5.Ax.q....{c./..c..5.K^...j.w...6UD...ML.C...(...\.Mv.....r}}...?.P..9..9.(...UoI....I...;...is..p.&..]..-..X.....V|J.4F.7]..[%....+.......1..b.o.V.d...3.q....A~......(v.c.....v..Co_O\l.h.-.&wG....!q......#X....Ai3<.u......H.. .+.....C..H..v..m.}Xs......J{kOrLiDd..S8?.....FON.Q....Qtx.1.s.....FN.[..<C.......:)Q=..M'..O..6.. 4

          C:\Users\user\Documents\MXPXCVPDVN\GAOBCVIQIJ.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.848962151269762
          Encrypted:false
          SSDEEP:
          MD5:FFFA73F38A393E260D5A1B7244716718
          SHA1:54B50A06315FBCD923160016B3C5785717018ACA
          SHA-256:844DA0B37A6B9E3DC5DA306AF89A4C47F2A58C031C783D285F2597E6580B93BB
          SHA-512:82EB30D37E7F00C40095DACE4CD7C0D09C696443D358D13A70E23955D14792916F8001EB0EE0EE9116116CE7BB631B104FAB1D6A842CB82F561DD27A730729E9
          Malicious:false
          Reputation:unknown
          Preview:GAOBC../W...sB!.....1...q/......J7;z.@a...a......b...l.....wWW.}.,..lf.}8+`.3....^}.p.N+.h.v..Wm..VH....."...kE....0.b.d..Y."-....}~........kS@.....o.o......!.....4q.g...}|.h...s..n..g.b...i..R'I.....,.@j.C.......o.e"......Gf3$/.....RIss...npq.nz`He.[/~.|~?.....@.N.....h.^...A]a..E..0=.....X.^..=gp.<O.G.[.?w.1!.V-...G[.kd.g...|7..-..u..{.....j..?..[H#......a....L7iE..T.K.....0..l.i.g....~<G[..t..t...).K'A.......Z....2.R~..C5y..z(.i'.......<4d............A5.q....Wm.U9.!. ..X^..^.....>_b.....mF..R......a..+e.s.....5.(/t;^......~.i..p.s...C.\.....A.|.^..C./.F..K.e].(.....D./nh.V_x...y.m.C...Mb.%.....OR...,....&..7S..0....uBw.lj.w.....q.?&r*..|q.V....P|.....w.l.....P1.]..D.rC.......9X.C.-...b3.G.|a3.....4..Q$..?..1.._.R.....R!.-.gD..Y...zG..=..s.|..(R?H...........Q&..27...!G..#F.o..D2.uH.Fx!..}.1.*8lT.......s....0..r..r+.`b...{\.....q...k%......h:..k.o{.7.q.SP......c.h....m.VT..C]..Re.L..d.$.1r3..K.0..^...9...TE....+.. ...`.i!..:...L..c.K

          C:\Users\user\Documents\MXPXCVPDVN\GAOBCVIQIJ.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FFFA73F38A393E260D5A1B7244716718
          SHA1:54B50A06315FBCD923160016B3C5785717018ACA
          SHA-256:844DA0B37A6B9E3DC5DA306AF89A4C47F2A58C031C783D285F2597E6580B93BB
          SHA-512:82EB30D37E7F00C40095DACE4CD7C0D09C696443D358D13A70E23955D14792916F8001EB0EE0EE9116116CE7BB631B104FAB1D6A842CB82F561DD27A730729E9
          Malicious:false
          Reputation:unknown
          Preview:GAOBC../W...sB!.....1...q/......J7;z.@a...a......b...l.....wWW.}.,..lf.}8+`.3....^}.p.N+.h.v..Wm..VH....."...kE....0.b.d..Y."-....}~........kS@.....o.o......!.....4q.g...}|.h...s..n..g.b...i..R'I.....,.@j.C.......o.e"......Gf3$/.....RIss...npq.nz`He.[/~.|~?.....@.N.....h.^...A]a..E..0=.....X.^..=gp.<O.G.[.?w.1!.V-...G[.kd.g...|7..-..u..{.....j..?..[H#......a....L7iE..T.K.....0..l.i.g....~<G[..t..t...).K'A.......Z....2.R~..C5y..z(.i'.......<4d............A5.q....Wm.U9.!. ..X^..^.....>_b.....mF..R......a..+e.s.....5.(/t;^......~.i..p.s...C.\.....A.|.^..C./.F..K.e].(.....D./nh.V_x...y.m.C...Mb.%.....OR...,....&..7S..0....uBw.lj.w.....q.?&r*..|q.V....P|.....w.l.....P1.]..D.rC.......9X.C.-...b3.G.|a3.....4..Q$..?..1.._.R.....R!.-.gD..Y...zG..=..s.|..(R?H...........Q&..27...!G..#F.o..D2.uH.Fx!..}.1.*8lT.......s....0..r..r+.`b...{\.....q...k%......h:..k.o{.7.q.SP......c.h....m.VT..C]..Re.L..d.$.1r3..K.0..^...9...TE....+.. ...`.i!..:...L..c.K

          C:\Users\user\Documents\MXPXCVPDVN\MXPXCVPDVN.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.850058430969114
          Encrypted:false
          SSDEEP:
          MD5:4F5482B42664E6937D1D389E459B7B8F
          SHA1:A2714102280C990083E58A694973A9B579CFC91B
          SHA-256:2EDBD74219427A65B1CD6A99ABDFC5737F78D17BF4EFDB2228CD1525937C3E85
          SHA-512:25F393B0FEC43371EDD82652255707E9C711B3E1DA0A01D1F402A7D17C550A771E138ACB1FBBB42C9313DAA8F2960D20AC2DC155C13BED1EEA6FC51EA4789F31
          Malicious:false
          Reputation:unknown
          Preview:MXPXC.i..EfD..8.....n.A._...y....Q..=.....?&r.\.b...n{.d...cj.~g....S/L.....<.!...9...\u.n.(..d".W....niM....v]Q.Oi....V..W..4..F..)..J....Y.bl...fw..t..-..y0".{.t...0gX.i.6.......J`[..D..xQ]......@......-.X._.$0B...Y.2."..u2..B...[..Ys.j."k..^.QB.u..V....2...a.*...`*..U.)........r....e7.p~Z....U...}.F...}..;q*....s.e..>l. o.am0.b.n....Y[..JBk5~..B..q.V.uO._SAW..........F..b)D...:i.X..#.&s..O.E.m.*...+..9r.q..A......F.W....%@..c..P..lFh...(8.u..`......(...t&.x.....>.#?..B.T5.Z$s.....@..=....p.....m.c.....f..+..E..Z6...}N`..>QJ...F...;.<|ce.=.\PRO...:C..".....v..G.t&..u..S.g..#.....+-......L{...o....+]3z>..HY.c...]-.c.........qi..*..b.z."...._....K.9....,&..$.Z3.........y .H:..v...H...2..\....u...O....]X.X.i....~...j..v..4...r._..J....jr.X..`V..?.....@....X....p.cX=08.,o.Q=30.,;.JP..n.y...&...T..d.{"i.Z.....l....O.$.R......eS.Q.AW...%....g..>.....}.$(.....iq..N.>3?.<..c,.fP...c...3,{........}....6....p.....D..&...L..r.s'M.1.!......P

          C:\Users\user\Documents\MXPXCVPDVN\MXPXCVPDVN.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4F5482B42664E6937D1D389E459B7B8F
          SHA1:A2714102280C990083E58A694973A9B579CFC91B
          SHA-256:2EDBD74219427A65B1CD6A99ABDFC5737F78D17BF4EFDB2228CD1525937C3E85
          SHA-512:25F393B0FEC43371EDD82652255707E9C711B3E1DA0A01D1F402A7D17C550A771E138ACB1FBBB42C9313DAA8F2960D20AC2DC155C13BED1EEA6FC51EA4789F31
          Malicious:false
          Reputation:unknown
          Preview:MXPXC.i..EfD..8.....n.A._...y....Q..=.....?&r.\.b...n{.d...cj.~g....S/L.....<.!...9...\u.n.(..d".W....niM....v]Q.Oi....V..W..4..F..)..J....Y.bl...fw..t..-..y0".{.t...0gX.i.6.......J`[..D..xQ]......@......-.X._.$0B...Y.2."..u2..B...[..Ys.j."k..^.QB.u..V....2...a.*...`*..U.)........r....e7.p~Z....U...}.F...}..;q*....s.e..>l. o.am0.b.n....Y[..JBk5~..B..q.V.uO._SAW..........F..b)D...:i.X..#.&s..O.E.m.*...+..9r.q..A......F.W....%@..c..P..lFh...(8.u..`......(...t&.x.....>.#?..B.T5.Z$s.....@..=....p.....m.c.....f..+..E..Z6...}N`..>QJ...F...;.<|ce.=.\PRO...:C..".....v..G.t&..u..S.g..#.....+-......L{...o....+]3z>..HY.c...]-.c.........qi..*..b.z."...._....K.9....,&..$.Z3.........y .H:..v...H...2..\....u...O....]X.X.i....~...j..v..4...r._..J....jr.X..`V..?.....@....X....p.cX=08.,o.Q=30.,;.JP..n.y...&...T..d.{"i.Z.....l....O.$.R......eS.Q.AW...%....g..>.....}.$(.....iq..N.>3?.<..c,.fP...c...3,{........}....6....p.....D..&...L..r.s'M.1.!......P

          C:\Users\user\Documents\MXPXCVPDVN\NEBFQQYWPS.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.856785680468027
          Encrypted:false
          SSDEEP:
          MD5:810FF8074F455D2313A976EA9A2AF034
          SHA1:32DE7C8DFE3B0D2C0C178CEF4C1489D63D175E4F
          SHA-256:2539C497660428818942B91C6B1868E26B2CC5F14E2EDFE745E818477A8F45EC
          SHA-512:49E38AFCB6A595DC95F233DE3097427CB77FBC36449DF61489366C28893B987AE8FACEAAE383367D76D45CCACF21489E3194CBA67B25735D97DA64B14C8DBB36
          Malicious:false
          Reputation:unknown
          Preview:NEBFQGA.@...........@.........m.s0$.@..l.#I&.......R.y...V*Vf".}......Y@`......]....D.-.G..$.t....m.........uL..!.jz...."..n..P.i.1..,.fz+E.....K'..El..,..pZ..d..r....m&Ur..D.....Pm....o.4lH#.n..o..d~.s;5...~.......9gw...yV...}..;.DY..jC..X....4.....=...%..~.g....5aM..zt.N....p.Y....,).<K.7.S}.>t~......:>L.W\L.....+.o.v7..yvd.a.....~..?..wg...].3....J...}...X...y...ub3G0..Is....>p(..d...ma..U.Y"..O...I..%..K.Y4...u.Hq.....v..I.$....D...K..Ud..L..=...3.;GT.h'......,./.U......n..us.fq.a.V........5,...d.J...[...?$s4..5e..^.=.k....{`).?4..Q.z.r.k.[.o.........L.x.\.,...}.3.|.Q...G;v.m.!..Ym..M.IW.>.I].......].Y..._.P...b..u.o&.I1q.v.+4.S.F!x/..$.......x.]...[..&.....+.....usr.>\..e....%x.~....Sc....1..p.."".s..JB..@7.k.P...d.Q.Y....&..X....xx..)fi..+.....6j$O...@F..dw).^.a.u.r...$~..."L.B...P........k.....Ibh...R+.0lt......n*..{:.r.......a6..,Z#.....BhK,.....Q...a2.oM %...Z.!uh...7.?..3......*.M.}4K.ynV..|.neMl.........Le.m.....G....$w.....1

          C:\Users\user\Documents\MXPXCVPDVN\NEBFQQYWPS.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:810FF8074F455D2313A976EA9A2AF034
          SHA1:32DE7C8DFE3B0D2C0C178CEF4C1489D63D175E4F
          SHA-256:2539C497660428818942B91C6B1868E26B2CC5F14E2EDFE745E818477A8F45EC
          SHA-512:49E38AFCB6A595DC95F233DE3097427CB77FBC36449DF61489366C28893B987AE8FACEAAE383367D76D45CCACF21489E3194CBA67B25735D97DA64B14C8DBB36
          Malicious:false
          Reputation:unknown
          Preview:NEBFQGA.@...........@.........m.s0$.@..l.#I&.......R.y...V*Vf".}......Y@`......]....D.-.G..$.t....m.........uL..!.jz...."..n..P.i.1..,.fz+E.....K'..El..,..pZ..d..r....m&Ur..D.....Pm....o.4lH#.n..o..d~.s;5...~.......9gw...yV...}..;.DY..jC..X....4.....=...%..~.g....5aM..zt.N....p.Y....,).<K.7.S}.>t~......:>L.W\L.....+.o.v7..yvd.a.....~..?..wg...].3....J...}...X...y...ub3G0..Is....>p(..d...ma..U.Y"..O...I..%..K.Y4...u.Hq.....v..I.$....D...K..Ud..L..=...3.;GT.h'......,./.U......n..us.fq.a.V........5,...d.J...[...?$s4..5e..^.=.k....{`).?4..Q.z.r.k.[.o.........L.x.\.,...}.3.|.Q...G;v.m.!..Ym..M.IW.>.I].......].Y..._.P...b..u.o&.I1q.v.+4.S.F!x/..$.......x.]...[..&.....+.....usr.>\..e....%x.~....Sc....1..p.."".s..JB..@7.k.P...d.Q.Y....&..X....xx..)fi..+.....6j$O...@F..dw).^.a.u.r...$~..."L.B...P........k.....Ibh...R+.0lt......n*..{:.r.......a6..,Z#.....BhK,.....Q...a2.oM %...Z.!uh...7.?..3......*.M.}4K.ynV..|.neMl.........Le.m.....G....$w.....1

          C:\Users\user\Documents\MXPXCVPDVN\NVWZAPQSQL.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.844848559240175
          Encrypted:false
          SSDEEP:
          MD5:AA3B01B41A7AFB003EB68C4E72FFDF04
          SHA1:17F99E7798AE30243E983D8632C7A536D310575F
          SHA-256:11FA09F8FD2BBEF3038F684D5A734BB7683FDD72B5166C4B80432F67088198A7
          SHA-512:1DFA0D73E696522F4428A8C9A7868D4CBF54AB189BC5138E6651FB2562B40FD5AF3E2FFCF307CF6DF99E990D3DF435B8F02BCD4D2BFDF2764A2F0271B0E3594F
          Malicious:false
          Reputation:unknown
          Preview:NVWZA...EM...+.P....k.}w7.R..*.{.....[T...O..(M..72....-.:.'TV..kfgU.#@..A...5h.W.>(0.<............./u .n.NV....W.E..so..e..I..W/.M.w.8...i..U.n.K..+zR.'.......9~..u..W...-... ".......C:.....tu...j...t.L.......H..O.R)..J(x..E.Yt... .4.....Y.*.... ....EC5.c8....Z.V...V|.....J3..J.K.3X\f..'ix...)Eg...Au1~j..8.R.n....O..u.giV..9;....7.Q.....(..?BQ.....3B.Y..q..S..mg..*.H.J..L.s..c.........A..S.U].{A...2....A.!..........|...@....rR.......)....k..v....%q...L..K...v...f6...+J..)..i........P.....%.N..L,.'!}.`.Y.......`..C.I..oY..UG....~........?...cN.4.."....sML......U..z...b.^..&uWJ.x&/.f.>X........Vi$...m-..%A....e.~.2..q...(.1.k9.......9.....M.T+8.M..#g...M...jt...g...xK.7W....Y...C.( ..AZA<-{.t. ...s.p..^9(....c..D.qA.Ha.t.g.....a.bi.Y...@4........'4].>X.Q(.Kq.....T'.^":...C..?.v,..D.....Vv.......iG.C;_ja/|(...DV..2......0.].z;........]H8p{S.2....6Q.!W[.j`X..d/.P..+..d...(1..........C. .......8.*....7@.3..c.....Z..<P..m.B..2.....8.._

          C:\Users\user\Documents\MXPXCVPDVN\NVWZAPQSQL.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:AA3B01B41A7AFB003EB68C4E72FFDF04
          SHA1:17F99E7798AE30243E983D8632C7A536D310575F
          SHA-256:11FA09F8FD2BBEF3038F684D5A734BB7683FDD72B5166C4B80432F67088198A7
          SHA-512:1DFA0D73E696522F4428A8C9A7868D4CBF54AB189BC5138E6651FB2562B40FD5AF3E2FFCF307CF6DF99E990D3DF435B8F02BCD4D2BFDF2764A2F0271B0E3594F
          Malicious:false
          Reputation:unknown
          Preview:NVWZA...EM...+.P....k.}w7.R..*.{.....[T...O..(M..72....-.:.'TV..kfgU.#@..A...5h.W.>(0.<............./u .n.NV....W.E..so..e..I..W/.M.w.8...i..U.n.K..+zR.'.......9~..u..W...-... ".......C:.....tu...j...t.L.......H..O.R)..J(x..E.Yt... .4.....Y.*.... ....EC5.c8....Z.V...V|.....J3..J.K.3X\f..'ix...)Eg...Au1~j..8.R.n....O..u.giV..9;....7.Q.....(..?BQ.....3B.Y..q..S..mg..*.H.J..L.s..c.........A..S.U].{A...2....A.!..........|...@....rR.......)....k..v....%q...L..K...v...f6...+J..)..i........P.....%.N..L,.'!}.`.Y.......`..C.I..oY..UG....~........?...cN.4.."....sML......U..z...b.^..&uWJ.x&/.f.>X........Vi$...m-..%A....e.~.2..q...(.1.k9.......9.....M.T+8.M..#g...M...jt...g...xK.7W....Y...C.( ..AZA<-{.t. ...s.p..^9(....c..D.qA.Ha.t.g.....a.bi.Y...@4........'4].>X.Q(.Kq.....T'.^":...C..?.v,..D.....Vv.......iG.C;_ja/|(...DV..2......0.].z;........]H8p{S.2....6Q.!W[.j`X..d/.P..+..d...(1..........C. .......8.*....7@.3..c.....Z..<P..m.B..2.....8.._

          C:\Users\user\Documents\MXPXCVPDVN\PWCCAWLGRE.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.841166978711275
          Encrypted:false
          SSDEEP:
          MD5:3FEAF48CC0FFA9B618F1726890D9C570
          SHA1:B517AB5ADB0A8C967781A787846C9D4113F6B42F
          SHA-256:97B0884F4D18F4B565857299FAEC1EED15379D65942F4A27D1CD340E40B1B7CC
          SHA-512:5027E0D1B1CBC54D028D79380D9BD881A321DA058E6175DCBA087957431AF77C09FE101AEDEF5558BAEEFBBA1586B5406DC12BEF414E0370E64C48A72698DB7E
          Malicious:false
          Reputation:unknown
          Preview:PWCCA..._&_..;S.....`0....R;.2.`..B....[.I..<..../d.>?... .,..|.C..=.r.?...O.>.....xICn*...>^H6..t.. E.`-b.V.a/.Wy.H..o.W.3F..!z_...^>.&..^........o|..w.`.r...Ao.uU.&3.yj...=..xEp..zW...2.yZ3.p...B..F....p-6.6..7..zC..)v.F'....r..v..r.,............QT.sb.;.........+.]8..'U...X..f.d.,....._.+.M.U.T.. ..P.....I.15a?9_..4...D..m.N/lb.]...s.G50...H.O.^...a.E.d.7&...7W.p..wb..L.!...L.........T...3.-..........R.0.S..1...%..\_K}d....4.[...7s...Z*-..G...x.LmX..EG.v(|....u%n....L.rW.["....z.....#..TJ.4..wt.....@......K...K.6....X....~.........W.]w../k.(......KB.......2.uK..f..9nl\^..p_.d.m..../hR..c.c..H.#,....uf.l.!...._...E_.J.,9x..r..|...5.E.Y5X...kF.&N.....1%^......}2..d....d..8.......FCe&.O.$.1.....5*.`.o.L..~....kF..TU..e...K\W.....+V.}......=....."... ..L.....?n....7[....];..$.P..9....w.Z.4..9+...9U...Fn...}..C..I..P..t...@).h...5M......P.Q./.m4..s..&M+..u...s|KTZa..t.f.u....\e.h6A........1<..cU|.+....4.....z.'..d.".0..*.0...#.Cz..

          C:\Users\user\Documents\MXPXCVPDVN\PWCCAWLGRE.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3FEAF48CC0FFA9B618F1726890D9C570
          SHA1:B517AB5ADB0A8C967781A787846C9D4113F6B42F
          SHA-256:97B0884F4D18F4B565857299FAEC1EED15379D65942F4A27D1CD340E40B1B7CC
          SHA-512:5027E0D1B1CBC54D028D79380D9BD881A321DA058E6175DCBA087957431AF77C09FE101AEDEF5558BAEEFBBA1586B5406DC12BEF414E0370E64C48A72698DB7E
          Malicious:false
          Reputation:unknown
          Preview:PWCCA..._&_..;S.....`0....R;.2.`..B....[.I..<..../d.>?... .,..|.C..=.r.?...O.>.....xICn*...>^H6..t.. E.`-b.V.a/.Wy.H..o.W.3F..!z_...^>.&..^........o|..w.`.r...Ao.uU.&3.yj...=..xEp..zW...2.yZ3.p...B..F....p-6.6..7..zC..)v.F'....r..v..r.,............QT.sb.;.........+.]8..'U...X..f.d.,....._.+.M.U.T.. ..P.....I.15a?9_..4...D..m.N/lb.]...s.G50...H.O.^...a.E.d.7&...7W.p..wb..L.!...L.........T...3.-..........R.0.S..1...%..\_K}d....4.[...7s...Z*-..G...x.LmX..EG.v(|....u%n....L.rW.["....z.....#..TJ.4..wt.....@......K...K.6....X....~.........W.]w../k.(......KB.......2.uK..f..9nl\^..p_.d.m..../hR..c.c..H.#,....uf.l.!...._...E_.J.,9x..r..|...5.E.Y5X...kF.&N.....1%^......}2..d....d..8.......FCe&.O.$.1.....5*.`.o.L..~....kF..TU..e...K\W.....+V.}......=....."... ..L.....?n....7[....];..$.P..9....w.Z.4..9+...9U...Fn...}..C..I..P..t...@).h...5M......P.Q./.m4..s..&M+..u...s|KTZa..t.f.u....\e.h6A........1<..cU|.+....4.....z.'..d.".0..*.0...#.Cz..

          C:\Users\user\Documents\NEBFQQYWPS.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.842204818227863
          Encrypted:false
          SSDEEP:
          MD5:50D9DE319EDB48A819DAD31DCED1DDAD
          SHA1:C530CDC01A3AB752C8E7757D8D8CE5F4ED5B8A90
          SHA-256:FF0A85E4F23421CBF376C84290FAA461BB079FEB0E775B0C51B1D77CCC5E049A
          SHA-512:3AB045A2AF1D3752533DC72B41D0F71C95C44909CBADCBB2960591F26CAD5527549D0441487EE979C6EF6FAACAB4F666E618477DCFC7C328894ABB06920F6E3F
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ.d...F....dB,.h1..EZ.G~=.....|....p.....P....{........EP....f%.7.....H...D.._.y6.)..j...\I 4.w.....)....Br.yp.z.iv.'..|G...;z- H.N..<..qt..(..W.I.5g7..3..<.[....t.K..}........-e.....G...D.....?(.].B.....c .q../..9f.}...."ST...j..l.*zS..2Y!.......bW....z{..v..<.A"C...;{[c.;nTK.'94..K._E.{OH.M.7..{..9.{..A..b.A.8Zw...9e...O....jCh.~...@...S..zcs!..*.1..9...:x.......N,.n&..X....J.>...=.w....uLx..M!O..M^.9.G.y.Y..6.q...j.`.Je...M..E..26.-.+.xi,Gd5...6..."X53qU.....D..0.@..n.../Q.|.......8.8*.b('.Cy.7K|....Hjb...............5[[.....['....PS.p1..0.uDZ..2.....Hi.J..Z.p.L..2.(,ue.Y{..y..g5....3.#.<..|ph......p).E0.....3I..hC..j......m.).x...t.U....nj&.c...f...R.lj.G.=.H....5......%.=.A.q.......l.%r.5.{.En...F.<._...f24f..b..+.<s.9.8....nfE.\......u2sk%..(.C.y{...p.u.>..@.......n..=Y......f(....e..C.+Y...+..........0.P..]...Mm.H)..q=.}..|...U}..%.\..\.M...c.v.g0...F,.....M]...!.F.uGI..?.........STR.W.=...\.."maS....A2.#.!IeB.:.^I..xT..n.n.f

          C:\Users\user\Documents\NEBFQQYWPS.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:50D9DE319EDB48A819DAD31DCED1DDAD
          SHA1:C530CDC01A3AB752C8E7757D8D8CE5F4ED5B8A90
          SHA-256:FF0A85E4F23421CBF376C84290FAA461BB079FEB0E775B0C51B1D77CCC5E049A
          SHA-512:3AB045A2AF1D3752533DC72B41D0F71C95C44909CBADCBB2960591F26CAD5527549D0441487EE979C6EF6FAACAB4F666E618477DCFC7C328894ABB06920F6E3F
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ.d...F....dB,.h1..EZ.G~=.....|....p.....P....{........EP....f%.7.....H...D.._.y6.)..j...\I 4.w.....)....Br.yp.z.iv.'..|G...;z- H.N..<..qt..(..W.I.5g7..3..<.[....t.K..}........-e.....G...D.....?(.].B.....c .q../..9f.}...."ST...j..l.*zS..2Y!.......bW....z{..v..<.A"C...;{[c.;nTK.'94..K._E.{OH.M.7..{..9.{..A..b.A.8Zw...9e...O....jCh.~...@...S..zcs!..*.1..9...:x.......N,.n&..X....J.>...=.w....uLx..M!O..M^.9.G.y.Y..6.q...j.`.Je...M..E..26.-.+.xi,Gd5...6..."X53qU.....D..0.@..n.../Q.|.......8.8*.b('.Cy.7K|....Hjb...............5[[.....['....PS.p1..0.uDZ..2.....Hi.J..Z.p.L..2.(,ue.Y{..y..g5....3.#.<..|ph......p).E0.....3I..hC..j......m.).x...t.U....nj&.c...f...R.lj.G.=.H....5......%.=.A.q.......l.%r.5.{.En...F.<._...f24f..b..+.<s.9.8....nfE.\......u2sk%..(.C.y{...p.u.>..@.......n..=Y......f(....e..C.+Y...+..........0.P..]...Mm.H)..q=.}..|...U}..%.\..\.M...c.v.g0...F,.....M]...!.F.uGI..?.........STR.W.=...\.."maS....A2.#.!IeB.:.^I..xT..n.n.f

          C:\Users\user\Documents\NEBFQQYWPS.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.864383024658886
          Encrypted:false
          SSDEEP:
          MD5:44522CFE8ED2CE9606C22B1643C5780E
          SHA1:1EA994584036B8D3E883A422AAC7B74AE28CEE1B
          SHA-256:646C9A29ECD0FA720F5A3050DD220726DD1F9A358EDEE0C96670F5996F5C27C8
          SHA-512:DC58C9BDFC0286A3F9A8D14CB18B92CA94E66D01CCC2FC5AFECAD31F4BAAEEA4897E31D7A2A87F6EC7E895B0FA0EC799032DBDB6D155485ED83D604E58F02F03
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ.|..H.*..Gab..N......r'qR....T.$.X..G...d....\..8S...K.".L...c..m..-.....9%...![.|F.L...+..2Fr.=f.$''...<['.<:....h~-...Y.. ...h..9....XP..8B..J..ND.........c.........w.....u..~....-...9U&u....jxw(o..\...F.]......#`.....yu..+.d...A]O..9,M.R..e..i..w.=0f....8f...........a....\...6VQp.?;.....{v.H.^.|.z@~..:.......Y..]...Qv;....C..F..[no.2_,....`.a.f..0.%?..-....1.&."?7v....f.....s2.K...]..........{>..1.....o..R.....(..>......@4.g..h%.7.'.....&...a...U.W.5...q....A..h..j(...e.{"-..r.t3Q./..6..;....l.......w......p.h ....V.G......4.........2E.{...d..."..v%p.1.S]..u.ff|...5.k.......+...Y.d.m{.#\..t.....,.L.xfc.(.R...>..l...dt.$..a.2dv(.SS ..."G...1.........H~.e.....N..L.Q.m.^".}./iA....#.&..q.g........F..7Sq..6....s..#...I|..w....|.?.......*.Q..u..S.......S.S.-..JW..nrH.r.N.^&.]Y..4._..|%.P>.YZ.....Ls]..S.&..[A..g. ...H..H{..7.48Q|...X.72.MsJ..J.pt...r..p.\y.H..W.Q_2.....R..|L.=...AX..%.R.A.....$C...1e6....n./m.h.[.*.G.+..2....;K..

          C:\Users\user\Documents\NEBFQQYWPS.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:44522CFE8ED2CE9606C22B1643C5780E
          SHA1:1EA994584036B8D3E883A422AAC7B74AE28CEE1B
          SHA-256:646C9A29ECD0FA720F5A3050DD220726DD1F9A358EDEE0C96670F5996F5C27C8
          SHA-512:DC58C9BDFC0286A3F9A8D14CB18B92CA94E66D01CCC2FC5AFECAD31F4BAAEEA4897E31D7A2A87F6EC7E895B0FA0EC799032DBDB6D155485ED83D604E58F02F03
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ.|..H.*..Gab..N......r'qR....T.$.X..G...d....\..8S...K.".L...c..m..-.....9%...![.|F.L...+..2Fr.=f.$''...<['.<:....h~-...Y.. ...h..9....XP..8B..J..ND.........c.........w.....u..~....-...9U&u....jxw(o..\...F.]......#`.....yu..+.d...A]O..9,M.R..e..i..w.=0f....8f...........a....\...6VQp.?;.....{v.H.^.|.z@~..:.......Y..]...Qv;....C..F..[no.2_,....`.a.f..0.%?..-....1.&."?7v....f.....s2.K...]..........{>..1.....o..R.....(..>......@4.g..h%.7.'.....&...a...U.W.5...q....A..h..j(...e.{"-..r.t3Q./..6..;....l.......w......p.h ....V.G......4.........2E.{...d..."..v%p.1.S]..u.ff|...5.k.......+...Y.d.m{.#\..t.....,.L.xfc.(.R...>..l...dt.$..a.2dv(.SS ..."G...1.........H~.e.....N..L.Q.m.^".}./iA....#.&..q.g........F..7Sq..6....s..#...I|..w....|.?.......*.Q..u..S.......S.S.-..JW..nrH.r.N.^&.]Y..4._..|%.P>.YZ.....Ls]..S.&..[A..g. ...H..H{..7.48Q|...X.72.MsJ..J.pt...r..p.\y.H..W.Q_2.....R..|L.=...AX..%.R.A.....$C...1e6....n./m.h.[.*.G.+..2....;K..

          C:\Users\user\Documents\NEBFQQYWPS.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.850691669395658
          Encrypted:false
          SSDEEP:
          MD5:3A75712F35F26E973483C0ABCBB354E8
          SHA1:70DEB14D41ABFF0C59C96C8EBF7372585C6AC56E
          SHA-256:4BA0419C984679972A58DC6054CB9A1A496A24FE730A4408337EF960B69473F8
          SHA-512:01BD7FDEDD41B3EAB07F27439050E47F529E9DA136D0DBA7C2A98DBA853AF1DBFAFBE24864A6458731D5C08EDB70F2A774F3DEEEEF6B82EB0E372DFD0C8C5449
          Malicious:false
          Reputation:unknown
          Preview:NEBFQU.-O...*.....w.=..y.=...6..f.=W.@.....K..4./G~.......o.....*C..!-vb..v}..MJ....f0...4u...K.........3...GN.L........l.z..I..*.b....g..I\.\.....G%.F..`..No.d._..Y..vd... ..xCw.y\...tw..:......+.n..7..$....0.2....)...:.k......M...l.@hO..)O.[....r..M...uT......R.{2$.1..-...2+.9...{.@..gy..R..%V..........m.P'-....n.......LO.y$.b5.E..w.8.z.P..u.Hw..5.(R....@........*.Vc.O..k.J,.S.*r.;.K.P..5.4.....8[X).....V..X8.5k......Y5...?2XP...q...C.U.~.^_.JY.....Cy..Aq...h.~8"F..w.!*..!...../5.....X.o<gl.5.....LS..U.X|I`.,%.....@E]..*...ju.d........ri.x.7..GZQ."Hl.s.a.U..hz.c..j..^>...I.2o..._...~...g2O...LIz..|.L...E.L..Z..\.v.O.....%...U.#...^...Y.........m..Jf....Xp....%.|.S.X5..!Z....m-.RI....)y...}..\'.%......m..g...j.F...P+.}t;....!R.p..Ss..LAjW.s.<Z...8.m.]..n....I.:-i..l|q.Ft,..?..lv...).$]3.9...|#..\..Y..9.l....F...C.C..o."...@~..&5>5../K./.;F..-..0..rt...2$w.{.OM.p.v..yH|...E..s>..UK:8...h].5....Y.j.|._.E.|.X.>.o.O.G.......$e...~n._..o".3.

          C:\Users\user\Documents\NEBFQQYWPS.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3A75712F35F26E973483C0ABCBB354E8
          SHA1:70DEB14D41ABFF0C59C96C8EBF7372585C6AC56E
          SHA-256:4BA0419C984679972A58DC6054CB9A1A496A24FE730A4408337EF960B69473F8
          SHA-512:01BD7FDEDD41B3EAB07F27439050E47F529E9DA136D0DBA7C2A98DBA853AF1DBFAFBE24864A6458731D5C08EDB70F2A774F3DEEEEF6B82EB0E372DFD0C8C5449
          Malicious:false
          Reputation:unknown
          Preview:NEBFQU.-O...*.....w.=..y.=...6..f.=W.@.....K..4./G~.......o.....*C..!-vb..v}..MJ....f0...4u...K.........3...GN.L........l.z..I..*.b....g..I\.\.....G%.F..`..No.d._..Y..vd... ..xCw.y\...tw..:......+.n..7..$....0.2....)...:.k......M...l.@hO..)O.[....r..M...uT......R.{2$.1..-...2+.9...{.@..gy..R..%V..........m.P'-....n.......LO.y$.b5.E..w.8.z.P..u.Hw..5.(R....@........*.Vc.O..k.J,.S.*r.;.K.P..5.4.....8[X).....V..X8.5k......Y5...?2XP...q...C.U.~.^_.JY.....Cy..Aq...h.~8"F..w.!*..!...../5.....X.o<gl.5.....LS..U.X|I`.,%.....@E]..*...ju.d........ri.x.7..GZQ."Hl.s.a.U..hz.c..j..^>...I.2o..._...~...g2O...LIz..|.L...E.L..Z..\.v.O.....%...U.#...^...Y.........m..Jf....Xp....%.|.S.X5..!Z....m-.RI....)y...}..\'.%......m..g...j.F...P+.}t;....!R.p..Ss..LAjW.s.<Z...8.m.]..n....I.:-i..l|q.Ft,..?..lv...).$]3.9...|#..\..Y..9.l....F...C.C..o."...@~..&5>5../K./.;F..-..0..rt...2$w.{.OM.p.v..yH|...E..s>..UK:8...h].5....Y.j.|._.E.|.X.>.o.O.G.......$e...~n._..o".3.

          C:\Users\user\Documents\NVWZAPQSQL.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.840327672723303
          Encrypted:false
          SSDEEP:
          MD5:781B035BA79A3B2D37B688EDE3893FB4
          SHA1:D17F2FB7C6B5EC2127264ED076D7D3102164EDD7
          SHA-256:E2A81ECCB939545BBC326EEA068BB2B3D20081B213244DB24918081E5E2A1C3D
          SHA-512:258C81BEE2205FCB545CEF8F5BBF74F07632D2E327A80C14DEE12244088C5D23D232FAE7EC71DEA2363B38AF19687FDA9AF9F5C35E2DE079F667F4CEED4820C7
          Malicious:false
          Reputation:unknown
          Preview:NVWZAJ.{..|K1.E..l.......j..K....?..T(...H...TKm....>L.H{.DP..TM...CZR.SOE...Y.....`t.7..4.....%X._I[[..y....`~.Q.z....|..TJ!.,.3.*.3yZ.?$MN.}/..v................X...:...J.^...T..A....J.A.......By.%...0.)'I%...".t....t*<-ixG<.X..$.....N....K.).f.8...P.ZX.(.ezv..Js;'?A..b...i.].>.U.....<...i."m..'.~T....-Z..@...E8&..Bu04$S....l..q....i. /^..s..x...3Q.94.C........\|.F!.2*.... ....(...@..x...k...8..Y..~.]......p...-...l.4$ ...n"!.i.F.k\q.. g..K....N\.'6....G...`.3...|T....[V*...e.c..=..)D.G..7..?...{R...0..W(.yJ.....'.J..:.5.G.?6...7.3?...f.6....{...pM;.P V..j..3..U0_....`l...B.."N.o.).|.....!q...=...%bU....o9...ct.<.f....Ipv%.....E.A..`...9...}G..J.J....;..v.Lb.^....k..x.......p....y. .......5.............[.,....(...(...I7=.1...=...`.G[.k.S.X....@.i2.~.vb..8.^y'..t.%.[u.c.._.....h..Ae....7...^."{.7./..0<.....s>..j.q3.`6..K..Tsw..4.x..-.W.3..~(.@....1%..C....D...7..o..<<......+l.s...D"..&..4..&{.8..D.Fu..o..Ky^(.>..;HR ...o{..~.....)e...>l

          C:\Users\user\Documents\NVWZAPQSQL.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:781B035BA79A3B2D37B688EDE3893FB4
          SHA1:D17F2FB7C6B5EC2127264ED076D7D3102164EDD7
          SHA-256:E2A81ECCB939545BBC326EEA068BB2B3D20081B213244DB24918081E5E2A1C3D
          SHA-512:258C81BEE2205FCB545CEF8F5BBF74F07632D2E327A80C14DEE12244088C5D23D232FAE7EC71DEA2363B38AF19687FDA9AF9F5C35E2DE079F667F4CEED4820C7
          Malicious:false
          Reputation:unknown
          Preview:NVWZAJ.{..|K1.E..l.......j..K....?..T(...H...TKm....>L.H{.DP..TM...CZR.SOE...Y.....`t.7..4.....%X._I[[..y....`~.Q.z....|..TJ!.,.3.*.3yZ.?$MN.}/..v................X...:...J.^...T..A....J.A.......By.%...0.)'I%...".t....t*<-ixG<.X..$.....N....K.).f.8...P.ZX.(.ezv..Js;'?A..b...i.].>.U.....<...i."m..'.~T....-Z..@...E8&..Bu04$S....l..q....i. /^..s..x...3Q.94.C........\|.F!.2*.... ....(...@..x...k...8..Y..~.]......p...-...l.4$ ...n"!.i.F.k\q.. g..K....N\.'6....G...`.3...|T....[V*...e.c..=..)D.G..7..?...{R...0..W(.yJ.....'.J..:.5.G.?6...7.3?...f.6....{...pM;.P V..j..3..U0_....`l...B.."N.o.).|.....!q...=...%bU....o9...ct.<.f....Ipv%.....E.A..`...9...}G..J.J....;..v.Lb.^....k..x.......p....y. .......5.............[.,....(...(...I7=.1...=...`.G[.k.S.X....@.i2.~.vb..8.^y'..t.%.[u.c.._.....h..Ae....7...^."{.7./..0<.....s>..j.q3.`6..K..Tsw..4.x..-.W.3..~(.@....1%..C....D...7..o..<<......+l.s...D"..&..4..&{.8..D.Fu..o..Ky^(.>..;HR ...o{..~.....)e...>l

          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Microsoft Outlook email folder
          Category:dropped
          Size (bytes):271694
          Entropy (8bit):5.497636689683847
          Encrypted:false
          SSDEEP:
          MD5:D7B9104A96F21488622E8433A7CD09BA
          SHA1:E216C3642A463566D84AE09350C1D28F9D5BC081
          SHA-256:6B62A419B72151FEC42ABDBF050CA830BCEDE9E1B62C48C69DD0467F4FFBA01C
          SHA-512:C77B8EF75048C1578B1A4D09D9EFD5CC3AF2BBAB2ABAA29181FE8405CD258DB4A6076C0C65E90A64AA291F4D99BF1F70E549B54F70540284C44590855C19D8AE
          Malicious:false
          Reputation:unknown
          Preview:!BDNvj..x7x...<\.iI.Fx.M.........c....qP.i~s..k..(.t.J.O..y....yU..y.._.I..o.a.r=.O........j.Ha.<.NOY.\j.2"y...G.c..s.|.............4.....S./u.]B......a..$..AM...%.....(..........{...e....zAX....$#.OS.<5...haW.LSzz`...u...'.S..g<.r5....Bot;.'..yBRZ.../x.N).HU."q.V.....p...J.....j..-..=...kG.....O..$.6*.+A.`T.F4...6..I..r..E.v.j.......oV........*.0C./,>O.i.'.w.f..yRI.|.}b]..."n..ns...&.....(.92%..yB..06..}...Z.b3.=.G.g_...-.oe|...`.x.7..0....(L..og.5s.......oY8. F.!.i..w`..2....-...7..+....I.x.k..J]....|w8.FX.{}a...H...?.9;...^i..5.j.e||.c..;CV.Q~gQ..2e...6.>r.2..........!......=.byd>..T./S.A.9#.8......%.I(....y}.N.'T..8...*(..b,.D..........|8V..e.6N........2....lI_......!)..,.Np.4..$"..Q.5.{....!......p.m;.|(..mX.ve... z"6o......@.F..:}.{...e..J.Bt.+qh0~Fp.0...Q..;M.q.....EL"..W...]Wv~..w......w202..r.}...5..d......^..*[8z..E`.....l.K.O.!... ..<...q..+....f`?..?.bK'...J..Y.%..@..#..c..+]Km.>..\.'.d.?.HV.....M..W.....2c.-.=..0....q..U.V...

          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Microsoft Outlook email folder
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D7B9104A96F21488622E8433A7CD09BA
          SHA1:E216C3642A463566D84AE09350C1D28F9D5BC081
          SHA-256:6B62A419B72151FEC42ABDBF050CA830BCEDE9E1B62C48C69DD0467F4FFBA01C
          SHA-512:C77B8EF75048C1578B1A4D09D9EFD5CC3AF2BBAB2ABAA29181FE8405CD258DB4A6076C0C65E90A64AA291F4D99BF1F70E549B54F70540284C44590855C19D8AE
          Malicious:false
          Reputation:unknown
          Preview:!BDNvj..x7x...<\.iI.Fx.M.........c....qP.i~s..k..(.t.J.O..y....yU..y.._.I..o.a.r=.O........j.Ha.<.NOY.\j.2"y...G.c..s.|.............4.....S./u.]B......a..$..AM...%.....(..........{...e....zAX....$#.OS.<5...haW.LSzz`...u...'.S..g<.r5....Bot;.'..yBRZ.../x.N).HU."q.V.....p...J.....j..-..=...kG.....O..$.6*.+A.`T.F4...6..I..r..E.v.j.......oV........*.0C./,>O.i.'.w.f..yRI.|.}b]..."n..ns...&.....(.92%..yB..06..}...Z.b3.=.G.g_...-.oe|...`.x.7..0....(L..og.5s.......oY8. F.!.i..w`..2....-...7..+....I.x.k..J]....|w8.FX.{}a...H...?.9;...^i..5.j.e||.c..;CV.Q~gQ..2e...6.>r.2..........!......=.byd>..T./S.A.9#.8......%.I(....y}.N.'T..8...*(..b,.D..........|8V..e.6N........2....lI_......!)..,.Np.4..$"..Q.5.{....!......p.m;.|(..mX.ve... z"6o......@.F..:}.{...e..J.Bt.+qh0~Fp.0...Q..;M.q.....EL"..W...]Wv~..w......w202..r.}...5..d......^..*[8z..E`.....l.K.O.!... ..<...q..+....f`?..?.bK'...J..Y.%..@..#..c..+]Km.>..\.'.d.?.HV.....M..W.....2c.-.=..0....q..U.V...

          C:\Users\user\Documents\PWCCAWLGRE.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.85653673981736
          Encrypted:false
          SSDEEP:
          MD5:3E0B5B6457B5F37E9F8B5FF07085A4DF
          SHA1:9EAE59AC1EF5C2E02373F36428724C0D40A18303
          SHA-256:AF0E1819693C38445E4A36C0044C136B5920998951E060F2DB470EC125714F80
          SHA-512:25853B37288DE88D7C0132AA7D96BA551A567E69983D9543618DB364D56484336CF19F894D803E269901621155F5800595E5CD999F205C3EFA3266B4EEC57FDB
          Malicious:false
          Reputation:unknown
          Preview:PWCCAK....~T.-pe.t|G.vPX..F.....d.Xdy$..........y.A....}@.Y...Tr.".*..m^....p.`A.t.7..7...5.Z....Ys?..(C...p......;.Rd.(...8u.P.M6.D.Z..-Cb}."`.....*W.o...{.PYQU..J,...3.B.Y......@....:....).."{O]k..iPg%.=_..=z.C-....X...}.'Bi.7.d...Fp..1.....W..V..l.A.B.NVK.]X.u..'.../.....7.'.../..U...Q.in..O...W.......O(.L.!.%...h.V...`........MV......m.T#..s..){.ko.....S!.e)g.]~..U.....V.;.f.._..x..V....l....ea.U.|M,KcO.U....[<:.mqIw....V.#..Yr.b../......L.u+..h._.."3...mpn,..\.!.3..T.s..W%#usk.N.jC.0......,...<.|.^..I.o.....Z..B..v:.3.i9t..+*........gw.........ki..1.@.U..}%...Y.W}}....$..A.l..`]........%kr.u...X...K...h..8.q....f....r.v$?s:Y@.v.}...Z`...+..{....b.....Ad........oI..s..4....E$6...s!./.Z.....}.7..y=..[Mqi...;..L....(..&j_.a..v......ya\+.X.o.>."%...!1K.G|}..c......g<....U..I..sSN.7...|...7.._....(..B6gK..yKP..}k......#R....c..n'.K...)32...........S.A.]S.`..U..Y.F.(.B...6..1,J..\...... ^....<..$...M....J....9_..<A...IV.8.%...EZ..*AN...u:J

          C:\Users\user\Documents\PWCCAWLGRE.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3E0B5B6457B5F37E9F8B5FF07085A4DF
          SHA1:9EAE59AC1EF5C2E02373F36428724C0D40A18303
          SHA-256:AF0E1819693C38445E4A36C0044C136B5920998951E060F2DB470EC125714F80
          SHA-512:25853B37288DE88D7C0132AA7D96BA551A567E69983D9543618DB364D56484336CF19F894D803E269901621155F5800595E5CD999F205C3EFA3266B4EEC57FDB
          Malicious:false
          Reputation:unknown
          Preview:PWCCAK....~T.-pe.t|G.vPX..F.....d.Xdy$..........y.A....}@.Y...Tr.".*..m^....p.`A.t.7..7...5.Z....Ys?..(C...p......;.Rd.(...8u.P.M6.D.Z..-Cb}."`.....*W.o...{.PYQU..J,...3.B.Y......@....:....).."{O]k..iPg%.=_..=z.C-....X...}.'Bi.7.d...Fp..1.....W..V..l.A.B.NVK.]X.u..'.../.....7.'.../..U...Q.in..O...W.......O(.L.!.%...h.V...`........MV......m.T#..s..){.ko.....S!.e)g.]~..U.....V.;.f.._..x..V....l....ea.U.|M,KcO.U....[<:.mqIw....V.#..Yr.b../......L.u+..h._.."3...mpn,..\.!.3..T.s..W%#usk.N.jC.0......,...<.|.^..I.o.....Z..B..v:.3.i9t..+*........gw.........ki..1.@.U..}%...Y.W}}....$..A.l..`]........%kr.u...X...K...h..8.q....f....r.v$?s:Y@.v.}...Z`...+..{....b.....Ad........oI..s..4....E$6...s!./.Z.....}.7..y=..[Mqi...;..L....(..&j_.a..v......ya\+.X.o.>."%...!1K.G|}..c......g<....U..I..sSN.7...|...7.._....(..B6gK..yKP..}k......#R....c..n'.K...)32...........S.A.]S.`..U..Y.F.(.B...6..1,J..\...... ^....<..$...M....J....9_..<A...IV.8.%...EZ..*AN...u:J

          C:\Users\user\Documents\PWCCAWLGRE.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.845766703163143
          Encrypted:false
          SSDEEP:
          MD5:1F78B0F5FDAFD58C9094BA74E62D375A
          SHA1:E60969433190466550033B65A3C61F6BB94CBB42
          SHA-256:76A4B109EB7F3FBB96493FF2EC4E445EC36EA1650321255A8174DC283AB2C8EF
          SHA-512:3871A7255682F07D79D6E346E5D38B98EC2496201341260B45735A981DD0F30BF0EFAE5E69F6EF11AC257BD47FCE5EEACED2F5943E365C8B57A7B37CAB0220F5
          Malicious:false
          Reputation:unknown
          Preview:PWCCAPF0xh.i..2.!=C..V...A.C.a.T.HZ8.*..s..E...<.mEm....t......=.h.=............]Np....#<.z+..>.T x....B....k_.x#n.L"Z._.MA.}.H.|...j.P.Z.E.. .e+|M.....[;.h...........H..h...s.W._....>...)........6%)....k^.yb.....>.7D)...<V.u.q....aY....J...8....h.(M%..)... DNFL.../Wi.>.H.)...6C..:.....L.Q...'7...z..a}?.=...&.....1>......3....[...\...%R.b.H.Z........o.K....~.qp.4.......T....O..z@.u.k.!z..u(.......X}.......?.v(.j..A.!.l....g..U.m,.H..F1!..7PCS.....+g+'A..U............W!.;..,........Sr.~...F..p..'.az(u|.0...T.!@..z......Q..H.;.....UQ.X.m..0...B.,..'.g..|D..^../....-. ..i.H...........2{.]Nj=j..;..,.B......zhK..T.......v1..3.R@M=+.bp}.. ..FQ8y.W..D#..#.}.w.......<.[!pZ...H..^.H.u.W..."..A.s./)...eH.G...y.L..q......6i<.|..:..*...:......4./...D.v^N%t.=P.iX......>..@.H.(..k....-.d.^".-.[.S...FK...L..ml.....G..Ahj.&.......z...R}..U."2.y..d9..@...Vd.^ `.sgn&zt].*...R......3V.m....G.#..........3.v..O.y*...j..C..<#....m.n...i..I../.ol.1..`.

          C:\Users\user\Documents\PWCCAWLGRE.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1F78B0F5FDAFD58C9094BA74E62D375A
          SHA1:E60969433190466550033B65A3C61F6BB94CBB42
          SHA-256:76A4B109EB7F3FBB96493FF2EC4E445EC36EA1650321255A8174DC283AB2C8EF
          SHA-512:3871A7255682F07D79D6E346E5D38B98EC2496201341260B45735A981DD0F30BF0EFAE5E69F6EF11AC257BD47FCE5EEACED2F5943E365C8B57A7B37CAB0220F5
          Malicious:false
          Reputation:unknown
          Preview:PWCCAPF0xh.i..2.!=C..V...A.C.a.T.HZ8.*..s..E...<.mEm....t......=.h.=............]Np....#<.z+..>.T x....B....k_.x#n.L"Z._.MA.}.H.|...j.P.Z.E.. .e+|M.....[;.h...........H..h...s.W._....>...)........6%)....k^.yb.....>.7D)...<V.u.q....aY....J...8....h.(M%..)... DNFL.../Wi.>.H.)...6C..:.....L.Q...'7...z..a}?.=...&.....1>......3....[...\...%R.b.H.Z........o.K....~.qp.4.......T....O..z@.u.k.!z..u(.......X}.......?.v(.j..A.!.l....g..U.m,.H..F1!..7PCS.....+g+'A..U............W!.;..,........Sr.~...F..p..'.az(u|.0...T.!@..z......Q..H.;.....UQ.X.m..0...B.,..'.g..|D..^../....-. ..i.H...........2{.]Nj=j..;..,.B......zhK..T.......v1..3.R@M=+.bp}.. ..FQ8y.W..D#..#.}.w.......<.[!pZ...H..^.H.u.W..."..A.s./)...eH.G...y.L..q......6i<.|..:..*...:......4./...D.v^N%t.=P.iX......>..@.H.(..k....-.d.^".-.[.S...FK...L..ml.....G..Ahj.&.......z...R}..U."2.y..d9..@...Vd.^ `.sgn&zt].*...R......3V.m....G.#..........3.v..O.y*...j..C..<#....m.n...i..I../.ol.1..`.

          C:\Users\user\Documents\QNCYCDFIJJ.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8563891936066
          Encrypted:false
          SSDEEP:
          MD5:3453261F05CF65264A9E83CDC2297F0D
          SHA1:4CE333217747F15DC2B19146F6166E92C500D4CE
          SHA-256:14A114838BBA2EDF0154BC4D3D807D7E5E44F86634BD19C17B05C918C2A28016
          SHA-512:AE38761C70C84058AC1B1F23E194338D712BF60B43FADDFDC1CFAC99AA475D20AAF7150028EE5514FBCA056DE3A29C9F55DEC03275A71F5D2240C2EBFB7E9EDE
          Malicious:false
          Reputation:unknown
          Preview:QNCYC.N'.L.v.......]6&.!vS..)...p*Dc.q7...1F...]2...#r.'..vv.....Q.?.xc.4.1_..JX.s\e.H....x.Z....i.@>`#mN...G.L..La.........]..uqZ......^*d.w..P.....Yzc~J...6P.f.f.Q...V...H.T_^RVB..7.o.W.&~....b.+......_Q.l...*.89.......2....]..W.1...#...M.....a..5......X^f..fn'n1..i....l...c.....>....P.N._...W<..{........v4N.p)n....0.0i......U.,hK.gF."...W..~..5?D.W>..2._.e....t.yn.M..+.1.Z.|..5W%e.........Q..v....8D......v.lc....2.74N}U.p.|..1.........+y....@.I..#Uf..C..%.,..A....>?.....!..F<U....(0[........])....vnd:p...IV..R..&..d..z.S.. .....<.E-.s;.....G!@Z..k.g.,.K......F......x...F'P...V..tSiY..,/.!.[......Q ...o........GK.X.^.......l......|..FC.V..@..]..f..T!.u.@S..N...N.9w.',.'....4r85v<...mQ%..)Zo.. ..kK.o.N.......DR.......Y}....T.p./..2.H.....D..5..._.E~[.B.h...G.Y.Ol.v_......c4..+l...sw......9U....Rl...%..K./8..{..*j...(..........qi.P{/o..K,.B.T.mX...9..=.(....f6.....6:....<..M...5*{.f..L. .....5.lwo.w......k.9>......G..

          C:\Users\user\Documents\QNCYCDFIJJ.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3453261F05CF65264A9E83CDC2297F0D
          SHA1:4CE333217747F15DC2B19146F6166E92C500D4CE
          SHA-256:14A114838BBA2EDF0154BC4D3D807D7E5E44F86634BD19C17B05C918C2A28016
          SHA-512:AE38761C70C84058AC1B1F23E194338D712BF60B43FADDFDC1CFAC99AA475D20AAF7150028EE5514FBCA056DE3A29C9F55DEC03275A71F5D2240C2EBFB7E9EDE
          Malicious:false
          Reputation:unknown
          Preview:QNCYC.N'.L.v.......]6&.!vS..)...p*Dc.q7...1F...]2...#r.'..vv.....Q.?.xc.4.1_..JX.s\e.H....x.Z....i.@>`#mN...G.L..La.........]..uqZ......^*d.w..P.....Yzc~J...6P.f.f.Q...V...H.T_^RVB..7.o.W.&~....b.+......_Q.l...*.89.......2....]..W.1...#...M.....a..5......X^f..fn'n1..i....l...c.....>....P.N._...W<..{........v4N.p)n....0.0i......U.,hK.gF."...W..~..5?D.W>..2._.e....t.yn.M..+.1.Z.|..5W%e.........Q..v....8D......v.lc....2.74N}U.p.|..1.........+y....@.I..#Uf..C..%.,..A....>?.....!..F<U....(0[........])....vnd:p...IV..R..&..d..z.S.. .....<.E-.s;.....G!@Z..k.g.,.K......F......x...F'P...V..tSiY..,/.!.[......Q ...o........GK.X.^.......l......|..FC.V..@..]..f..T!.u.@S..N...N.9w.',.'....4r85v<...mQ%..)Zo.. ..kK.o.N.......DR.......Y}....T.p./..2.H.....D..5..._.E~[.B.h...G.Y.Ol.v_......c4..+l...sw......9U....Rl...%..K./8..{..*j...(..........qi.P{/o..K,.B.T.mX...9..=.(....f6.....6:....<..M...5*{.f..L. .....5.lwo.w......k.9>......G..

          C:\Users\user\Documents\SFPUSAFIOL.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.819474830288012
          Encrypted:false
          SSDEEP:
          MD5:149CD78ED530A337D80A14AAE5A84F85
          SHA1:FB1A361241BE95827DB4F7E85D883D7F45574B75
          SHA-256:C6D7A2910F5A3F1DEC94B9F1C9C5747DC05B2AC9B7931D40DEF7EEE99B3F6904
          SHA-512:3E568632C9EA9B6F4ADBB5560F24A4276A680A3A2065C27B9952B4CA5D5A13890960AA24BB32871D82275FBBC986B5A20BCB1FD41D366FD898643B33D74833C4
          Malicious:false
          Reputation:unknown
          Preview:SFPUS].f7x....QJ1....u&..R.5 .....-t..q.wL.g.&....c..$q.x(..#.1j........p.....2z0.......x...\..}r|K..m...-..0...=")H)yb...>.p..U.y.(.1......d..........5g.....,z(..E.....T!K...u.Lu.W..?.....".Z.2MlW\.....M,.#>.g.......l...&.zp....U.HKziq.@..F/.I,.N?....!5@">.pq..kU...g......jS..N4....~..E...F.XK..3/.lDE2.o.U>.).f.{..h5.I.F......o.1+..UOc......h%....I.....N.rY....s...).m..AoC.P....yr...J#...]E....c.r..._9.Xl..C/......'.WY.$.*..^...$...P.....1.Enb&.8V...0....'H*e.2*~&.X.M...r.\Wz..7..W...0.m2r.83..FPg....7...u3.....u.z1.E..4..../...E..........$D.y..Y.r......|=..4.(......+d.5..W.i^&.4x3..d)dQ.V...Ue...=...D(......g..g...$..i...A.W_%.....w....)..G..:Lzh.T...../....a..\u.H..1.].......O.1.t.^!..x.o..A.0?f.~...(n..Q..?..>...A.Z..g.7\..+..7...2...U....2.zL.0.(^1.3B.d!`..t...|.........Z......Yc.EMn=@C=.ix..C..........-....;UF..A..*...03.7b.D.r..VFS.=.........)...2..PxF6 ..g...-....C..n..m..U.cP..5..R...b.B....^.R.EV/;.....:o..L...I.:s-...!%.bo!.

          C:\Users\user\Documents\SFPUSAFIOL.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:149CD78ED530A337D80A14AAE5A84F85
          SHA1:FB1A361241BE95827DB4F7E85D883D7F45574B75
          SHA-256:C6D7A2910F5A3F1DEC94B9F1C9C5747DC05B2AC9B7931D40DEF7EEE99B3F6904
          SHA-512:3E568632C9EA9B6F4ADBB5560F24A4276A680A3A2065C27B9952B4CA5D5A13890960AA24BB32871D82275FBBC986B5A20BCB1FD41D366FD898643B33D74833C4
          Malicious:false
          Reputation:unknown
          Preview:SFPUS].f7x....QJ1....u&..R.5 .....-t..q.wL.g.&....c..$q.x(..#.1j........p.....2z0.......x...\..}r|K..m...-..0...=")H)yb...>.p..U.y.(.1......d..........5g.....,z(..E.....T!K...u.Lu.W..?.....".Z.2MlW\.....M,.#>.g.......l...&.zp....U.HKziq.@..F/.I,.N?....!5@">.pq..kU...g......jS..N4....~..E...F.XK..3/.lDE2.o.U>.).f.{..h5.I.F......o.1+..UOc......h%....I.....N.rY....s...).m..AoC.P....yr...J#...]E....c.r..._9.Xl..C/......'.WY.$.*..^...$...P.....1.Enb&.8V...0....'H*e.2*~&.X.M...r.\Wz..7..W...0.m2r.83..FPg....7...u3.....u.z1.E..4..../...E..........$D.y..Y.r......|=..4.(......+d.5..W.i^&.4x3..d)dQ.V...Ue...=...D(......g..g...$..i...A.W_%.....w....)..G..:Lzh.T...../....a..\u.H..1.].......O.1.t.^!..x.o..A.0?f.~...(n..Q..?..>...A.Z..g.7\..+..7...2...U....2.zL.0.(^1.3B.d!`..t...|.........Z......Yc.EMn=@C=.ix..C..........-....;UF..A..*...03.7b.D.r..VFS.=.........)...2..PxF6 ..g...-....C..n..m..U.cP..5..R...b.B....^.R.EV/;.....:o..L...I.:s-...!%.bo!.

          C:\Users\user\Documents\SFPUSAFIOL.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.85511594877134
          Encrypted:false
          SSDEEP:
          MD5:E3B7DD986D2AFE14FD47EB9AD6C05706
          SHA1:2607579C84885E93EDFA338EE4ED75AD18FC8E8D
          SHA-256:776498D0C7D78802BAED81D7129778C40AC71165F0A628D1CBC9FCE2C1AD1A74
          SHA-512:6464F39C7BD88130D48F7B32A65AC1126ED22B223BEDB9940E9EF28CE6057290FDEC984E9C570BEA524DC89A41D80FEBA1712430F58EF2E4C17055423272D31D
          Malicious:false
          Reputation:unknown
          Preview:SFPUS.E4......k.Z.j...p..l.Y....D......@F.d|..`.d.$.\ =k...+.......^T.......{...-..D..cb@ff'..ZgA.....7H.....-.[.......1.......%B.y\@)=O$P|.3.t.Jt...!.B....}....Rz.?L.Jy..qQ...)....._t.!..&.`w......p.s..GNA..L..9...1.iL...Y$......~.)...7.2'\..I..<h.4.....O....y'.jU.).i..ba..T..a..RPC......q.d).f.%..&e.+%.*.I,......H..#..2>-&. ...........oZ\.]..J.?(...7...~...k.d....ew.C..r9f).)M,.|s..Sf..j.[0..../....<65..);.m...u...C..2.....g...."._..:?.4.T........3...5+...n.\_..-ch=..{.[#%..+.....N.?pL.}X.e........E.H....K.3h...,.U..+...KTY..5A..X>..pE...L..d....t..4wp..i_bZ.U../..lm0+.7..3..(.....VKL.,...}.H.j).T..YK&k.Tk..n/.*...e.Ut,....NO ...+..S....+F..D,....$...b..`\:^....3U.....!....a.~.J.w.+.8yw..1.H.\`Q..f..`..,..F._.-G.....Z..I..A..&\..q.a.......K.q.....?...1...v..Yjm[j.V;.2L...#jd.!.$.h|......Ad)pf..z..U..a..r....GV....jni8.........t..4[..]..z...qw......Y.j..A$|I...Ep?JW....[..KL..*...xwk..!Gy.....,.q..Ch.f....o..6....><i....b.?o.#_(....

          C:\Users\user\Documents\SFPUSAFIOL.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E3B7DD986D2AFE14FD47EB9AD6C05706
          SHA1:2607579C84885E93EDFA338EE4ED75AD18FC8E8D
          SHA-256:776498D0C7D78802BAED81D7129778C40AC71165F0A628D1CBC9FCE2C1AD1A74
          SHA-512:6464F39C7BD88130D48F7B32A65AC1126ED22B223BEDB9940E9EF28CE6057290FDEC984E9C570BEA524DC89A41D80FEBA1712430F58EF2E4C17055423272D31D
          Malicious:false
          Reputation:unknown
          Preview:SFPUS.E4......k.Z.j...p..l.Y....D......@F.d|..`.d.$.\ =k...+.......^T.......{...-..D..cb@ff'..ZgA.....7H.....-.[.......1.......%B.y\@)=O$P|.3.t.Jt...!.B....}....Rz.?L.Jy..qQ...)....._t.!..&.`w......p.s..GNA..L..9...1.iL...Y$......~.)...7.2'\..I..<h.4.....O....y'.jU.).i..ba..T..a..RPC......q.d).f.%..&e.+%.*.I,......H..#..2>-&. ...........oZ\.]..J.?(...7...~...k.d....ew.C..r9f).)M,.|s..Sf..j.[0..../....<65..);.m...u...C..2.....g...."._..:?.4.T........3...5+...n.\_..-ch=..{.[#%..+.....N.?pL.}X.e........E.H....K.3h...,.U..+...KTY..5A..X>..pE...L..d....t..4wp..i_bZ.U../..lm0+.7..3..(.....VKL.,...}.H.j).T..YK&k.Tk..n/.*...e.Ut,....NO ...+..S....+F..D,....$...b..`\:^....3U.....!....a.~.J.w.+.8yw..1.H.\`Q..f..`..,..F._.-G.....Z..I..A..&\..q.a.......K.q.....?...1...v..Yjm[j.V;.2L...#jd.!.$.h|......Ad)pf..z..U..a..r....GV....jni8.........t..4[..]..z...qw......Y.j..A$|I...Ep?JW....[..KL..*...xwk..!Gy.....,.q..Ch.f....o..6....><i....b.?o.#_(....

          C:\Users\user\Documents\SQRKHNBNYN.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.848880108037508
          Encrypted:false
          SSDEEP:
          MD5:D79EB6C9AC3B754A21836296CCCDE9BA
          SHA1:A3112C310E2F7827B3FF22414EA052B4785BFEAC
          SHA-256:1DBC6A88AF0AD6D4DC17463A5B3DB026C88F1BCCA1B37F71597445B292FBC120
          SHA-512:B76AEA83D83C8181F5333FC30E6708F12D51415F4332CAE1A9E5E7DC69BCF21D13AB8964132BB1FFEE3ED4CF527DF02376F79F29BA7FE468D14FC8CC1B60752E
          Malicious:false
          Reputation:unknown
          Preview:SQRKH....e...<...A.D.<MLV.cZ....Ff..&.*...C..o.~..i..m:J....J.L..<....#..?.........a.......jj2....Gl.<...d.5@7.-(..VM.*..(....;.D.#.-..".Wg.......<.~..g..6.ax............x...c.....$..yz..~....s.).cPIQ|.\..........`..5.4..(P...Oe...-"0;.....t...R........K..L6...^O..w.n.......S..{w..rU..x...O.G..M..Y.E....@z.....ag.A.wc k..)....k..D...U.U...c.n...c... 3.o.....zy).u.........~...y"A6...--....+h9...B.Z.^-.!jL.q]...hO..beF.L.............D.......;!...$....D...Q2}...(.b..o_+mu;....S.g.b=.....A.B.INX)..+.s..}.._n...p#.".../a3......D.n...N./.).......Q..(0..B}..-..jHj8....Ow..!K|qJ....&......3~=..l!RM)......#.8{L..o.S...\W....7zU......>...f....sg. .ti.]Xp<.,.\....f4...c.l.........wk....2u<.'~.....mtlM.R$.B....c......*u.V.o9WN...".......!ZE.Q..0.X.<...J^..S1...q%k...o...k..FH.t.;;.a...G......nh..@..?ZVk..l.........YC}1e.&..5.[.^3..~.6.@4 .[.@.:........tC.J.2s.I.9.8..1.%.........F....!....\O..QY.h.o(..#.Oni?k..p..!z..)~+..U.lD.c...

          C:\Users\user\Documents\SQRKHNBNYN.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D79EB6C9AC3B754A21836296CCCDE9BA
          SHA1:A3112C310E2F7827B3FF22414EA052B4785BFEAC
          SHA-256:1DBC6A88AF0AD6D4DC17463A5B3DB026C88F1BCCA1B37F71597445B292FBC120
          SHA-512:B76AEA83D83C8181F5333FC30E6708F12D51415F4332CAE1A9E5E7DC69BCF21D13AB8964132BB1FFEE3ED4CF527DF02376F79F29BA7FE468D14FC8CC1B60752E
          Malicious:false
          Reputation:unknown
          Preview:SQRKH....e...<...A.D.<MLV.cZ....Ff..&.*...C..o.~..i..m:J....J.L..<....#..?.........a.......jj2....Gl.<...d.5@7.-(..VM.*..(....;.D.#.-..".Wg.......<.~..g..6.ax............x...c.....$..yz..~....s.).cPIQ|.\..........`..5.4..(P...Oe...-"0;.....t...R........K..L6...^O..w.n.......S..{w..rU..x...O.G..M..Y.E....@z.....ag.A.wc k..)....k..D...U.U...c.n...c... 3.o.....zy).u.........~...y"A6...--....+h9...B.Z.^-.!jL.q]...hO..beF.L.............D.......;!...$....D...Q2}...(.b..o_+mu;....S.g.b=.....A.B.INX)..+.s..}.._n...p#.".../a3......D.n...N./.).......Q..(0..B}..-..jHj8....Ow..!K|qJ....&......3~=..l!RM)......#.8{L..o.S...\W....7zU......>...f....sg. .ti.]Xp<.,.\....f4...c.l.........wk....2u<.'~.....mtlM.R$.B....c......*u.V.o9WN...".......!ZE.Q..0.X.<...J^..S1...q%k...o...k..FH.t.;;.a...G......nh..@..?ZVk..l.........YC}1e.&..5.[.^3..~.6.@4 .[.@.:........tC.J.2s.I.9.8..1.%.........F....!....\O..QY.h.o(..#.Oni?k..p..!z..)~+..U.lD.c...

          C:\Users\user\Documents\SQRKHNBNYN\IPKGELNTQY.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8518606673069335
          Encrypted:false
          SSDEEP:
          MD5:3FA71EFC575E73AB60710947BB29829E
          SHA1:BF8B9F3AF9058ED3497CF5FED794B68DC6DEA7AA
          SHA-256:3EAB9EC4BC33F30E9A41802B165F0C8E7DAAA9425F98AFC55F8D518234674286
          SHA-512:87DE833B8391FB12D3EB43475DC84E82976E34953065E55C17B487A60C604F489C857A2066D41FA29641065985073CFA6BB3DBC54EBC8D13BCD4E4A87AACD1FA
          Malicious:false
          Reputation:unknown
          Preview:IPKGE....;..?.*...0..|.......h.N.L.C...A.\l..>@...._).98.m...2....,[..s. }.i.0..`}..[..K....5.b..x.m...!.0...^.. fZH....v...F|.......~]B.....bT,..e..I.je...&.[.7uI..2fe.-.Z.......J.8...5.H?..$...P....;...{...`.Z.......s\|>...Z.........X..S.d.~b.q0......=....Y.....D.v{.....p.:....y..~...%.>}'..s..6......96r../.B..:....?....+.0.n....G..>..^.....%.~..........r...^'...p"..t..$.t.3.2S.#.Y...?.....v.........s.d.F.Fc...CAy..EN..61.U+..rp.m......'..x..-Ok.s....?.&.sb...2$...hlH..r-......:...y.[....=+]P.o.6.,.4.q.......UvW.X...).......2.&....>0..s....y.E{>....J....(.U.S3..'2.a7.k.F..;.......J.E..'S.yN1..Z-...|"h...X.PZL+..^b....X~(..%|..l.$.K..3..S.x.x.y..SN_Iie9......p.8.;..=6Y>y.\.Q..q.tnb........?&D..D...2Q.M...Y!.w.....^Y_..o.....a..,.$6......RH..p..N...Ec...@..Z..}9b...?.3:4..u<...+.(...p.{&o.&.[E..n...#..."31F.....9...Lq..h.F....N...i..sW....@.A.`HI.<1..=..N.1....%.4G..v.0I.........{Mv/J.~I.^.TU6.a...q..u q...-..il.SJ.6*is.Me...

          C:\Users\user\Documents\SQRKHNBNYN\IPKGELNTQY.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3FA71EFC575E73AB60710947BB29829E
          SHA1:BF8B9F3AF9058ED3497CF5FED794B68DC6DEA7AA
          SHA-256:3EAB9EC4BC33F30E9A41802B165F0C8E7DAAA9425F98AFC55F8D518234674286
          SHA-512:87DE833B8391FB12D3EB43475DC84E82976E34953065E55C17B487A60C604F489C857A2066D41FA29641065985073CFA6BB3DBC54EBC8D13BCD4E4A87AACD1FA
          Malicious:false
          Reputation:unknown
          Preview:IPKGE....;..?.*...0..|.......h.N.L.C...A.\l..>@...._).98.m...2....,[..s. }.i.0..`}..[..K....5.b..x.m...!.0...^.. fZH....v...F|.......~]B.....bT,..e..I.je...&.[.7uI..2fe.-.Z.......J.8...5.H?..$...P....;...{...`.Z.......s\|>...Z.........X..S.d.~b.q0......=....Y.....D.v{.....p.:....y..~...%.>}'..s..6......96r../.B..:....?....+.0.n....G..>..^.....%.~..........r...^'...p"..t..$.t.3.2S.#.Y...?.....v.........s.d.F.Fc...CAy..EN..61.U+..rp.m......'..x..-Ok.s....?.&.sb...2$...hlH..r-......:...y.[....=+]P.o.6.,.4.q.......UvW.X...).......2.&....>0..s....y.E{>....J....(.U.S3..'2.a7.k.F..;.......J.E..'S.yN1..Z-...|"h...X.PZL+..^b....X~(..%|..l.$.K..3..S.x.x.y..SN_Iie9......p.8.;..=6Y>y.\.Q..q.tnb........?&D..D...2Q.M...Y!.w.....^Y_..o.....a..,.$6......RH..p..N...Ec...@..Z..}9b...?.3:4..u<...+.(...p.{&o.&.[E..n...#..."31F.....9...Lq..h.F....N...i..sW....@.A.`HI.<1..=..N.1....%.4G..v.0I.........{Mv/J.~I.^.TU6.a...q..u q...-..il.SJ.6*is.Me...

          C:\Users\user\Documents\SQRKHNBNYN\MXPXCVPDVN.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.864624401321324
          Encrypted:false
          SSDEEP:
          MD5:0C05E7E8F1504A824E71BF699EEC9DFE
          SHA1:42374A96C9236B659093705E01AC954869246A8C
          SHA-256:FB7DB651414E71D2301C6F671CCF818F7134A1F045132C5736A33588F3055D2C
          SHA-512:6763F9199D341B6F4BECE1DAE0284F405BD3405B60E625AEFEBDFFD7019860EE697228F721250777EBE71B620C5247A6B04438671EA1DD5E49CE282D3ACAEB98
          Malicious:false
          Reputation:unknown
          Preview:MXPXC4........".M....1..gs_./.;i..|..'Q.nMdx...C[..9.M..D8..Ah......D.j.Q...6F....Ze.k..}...d".P.bG...Y(..:...!G.....)H.x,.Rd#.;.H.v+...h{...F....BG.5)........[.UIG....9..(h...fY.X.K6=.&.]<5..<N/o......S...N...y[0....[[$a..:.{....k6"..ID3.E.R..H.RQ.W..tO.M3"...........-..@[....(.D...........p>..4.u..v....#...k.O...kg~S.,..w.UK.0.mY..!v.Y=!%......U.P2..-c.u.n....1>.....#.....b3...q. ...z...t..;..........~....Po....1.IZ(.a.%<g.r..... B...YLdI+F^.S...H$......7..J..2-8.).^..VH........0..q.(I~ tA..V..g*..e.B..S.."f._[.......Z..7`..,.I.&...,..Ub."......E:1..X[..m...U!R.3.~0..2y|.9D?.a}S.0..rwC.{vxc..m?...E`S.S..X=._.{:......1.t..tb...S.\Y...._....!.......)/)[.qx.W.Q.=.y.U....}..'g{:...E...I.l.\..#..!tb..9Zw..8L/....$-f.T..Or[.B.$.....s(....n...wg......cOq....GU....O^ .....o......?.58..s..:K,...Kb....o...%c...{.....2I...........lf....D[..,.-..#.^gz...p.2...g.I.XJ..qm....8...@.*.>..\.H....;........R..^./.Q..>bx..._. ...P.3Q5x..{....|+.g.(.

          C:\Users\user\Documents\SQRKHNBNYN\MXPXCVPDVN.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0C05E7E8F1504A824E71BF699EEC9DFE
          SHA1:42374A96C9236B659093705E01AC954869246A8C
          SHA-256:FB7DB651414E71D2301C6F671CCF818F7134A1F045132C5736A33588F3055D2C
          SHA-512:6763F9199D341B6F4BECE1DAE0284F405BD3405B60E625AEFEBDFFD7019860EE697228F721250777EBE71B620C5247A6B04438671EA1DD5E49CE282D3ACAEB98
          Malicious:false
          Reputation:unknown
          Preview:MXPXC4........".M....1..gs_./.;i..|..'Q.nMdx...C[..9.M..D8..Ah......D.j.Q...6F....Ze.k..}...d".P.bG...Y(..:...!G.....)H.x,.Rd#.;.H.v+...h{...F....BG.5)........[.UIG....9..(h...fY.X.K6=.&.]<5..<N/o......S...N...y[0....[[$a..:.{....k6"..ID3.E.R..H.RQ.W..tO.M3"...........-..@[....(.D...........p>..4.u..v....#...k.O...kg~S.,..w.UK.0.mY..!v.Y=!%......U.P2..-c.u.n....1>.....#.....b3...q. ...z...t..;..........~....Po....1.IZ(.a.%<g.r..... B...YLdI+F^.S...H$......7..J..2-8.).^..VH........0..q.(I~ tA..V..g*..e.B..S.."f._[.......Z..7`..,.I.&...,..Ub."......E:1..X[..m...U!R.3.~0..2y|.9D?.a}S.0..rwC.{vxc..m?...E`S.S..X=._.{:......1.t..tb...S.\Y...._....!.......)/)[.qx.W.Q.=.y.U....}..'g{:...E...I.l.\..#..!tb..9Zw..8L/....$-f.T..Or[.B.$.....s(....n...wg......cOq....GU....O^ .....o......?.58..s..:K,...Kb....o...%c...{.....2I...........lf....D[..,.-..#.^gz...p.2...g.I.XJ..qm....8...@.*.>..\.H....;........R..^./.Q..>bx..._. ...P.3Q5x..{....|+.g.(.

          C:\Users\user\Documents\SQRKHNBNYN\NEBFQQYWPS.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.847160303853408
          Encrypted:false
          SSDEEP:
          MD5:23AE96B4C749DABA1C0E947B7C830966
          SHA1:BB17B09B6FBDFE94DC21008377198F3DBD869DD0
          SHA-256:4CFF02012963B42846750020FF89E7A1377B83D259570C09BDF40C89A754C172
          SHA-512:7E8E27AEF694FAFA5E865D8B327A6EE24201E8E7030F3BD1F049158606718BFE0024A11CE45E67847D79E99A6F14974C793D450C36BBF616B423B99952A30628
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ..E...<..-...JUw..1P..t.BG..J!.;!...Vhy....{..):.S.........4..P.F.#......].c.w..f..Dz.c..|.OR_.~.{Z<P%..D..G..HpfS.u.W/...%..7..`:$............m.;..nk<..&.q.')~t.....'..4.'.(.......mB.._a....U.(y.....xl.Q.......TGe#\w.y>..|..m...Q........ .u.9...^c.....KeR.-...h.,..C)...x.. ...eFI%..Y.d..w...\..};xO...Az .K.~GE....L..F....#.^..g.V3D...n..$.J.s..q.xnWs..*W.<..z"R.8O.r.Zz......T.......a.V.iA>b..{.../...i..e..a...F... .........Y....!.2..D...y.....zGRp......@....).O.pl...B.l......\l..]....(wH...W.'m..B..p.ya.......@...l.%..klq[..l2c..t..]-.FV6..H.j....C:W.b...;Z..4....K..1L..A..#..&.....I....t.....t....y..g...c..R.p.X.....-....@.Nx..n7.RK..L..U...........V4amJ/........J..<...hc.#....8.@..p....A.B.)....c....*.^.....V.8..F.A....U{N..]...1.)}.ib.T./.m..\u....Fe.....&..Y.CY'.>....wb....2.u#=1....V...j.I..U>...Y......V..m.h).. PV.b...W..!.."..T'..^....}.W.1.b..u.`.3..m..I.j ..FT51..;0..O-..x.l....ls~...G...P..m...."=CF.dFu.Kv"......c..0.rxD...<I..

          C:\Users\user\Documents\SQRKHNBNYN\NEBFQQYWPS.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:23AE96B4C749DABA1C0E947B7C830966
          SHA1:BB17B09B6FBDFE94DC21008377198F3DBD869DD0
          SHA-256:4CFF02012963B42846750020FF89E7A1377B83D259570C09BDF40C89A754C172
          SHA-512:7E8E27AEF694FAFA5E865D8B327A6EE24201E8E7030F3BD1F049158606718BFE0024A11CE45E67847D79E99A6F14974C793D450C36BBF616B423B99952A30628
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ..E...<..-...JUw..1P..t.BG..J!.;!...Vhy....{..):.S.........4..P.F.#......].c.w..f..Dz.c..|.OR_.~.{Z<P%..D..G..HpfS.u.W/...%..7..`:$............m.;..nk<..&.q.')~t.....'..4.'.(.......mB.._a....U.(y.....xl.Q.......TGe#\w.y>..|..m...Q........ .u.9...^c.....KeR.-...h.,..C)...x.. ...eFI%..Y.d..w...\..};xO...Az .K.~GE....L..F....#.^..g.V3D...n..$.J.s..q.xnWs..*W.<..z"R.8O.r.Zz......T.......a.V.iA>b..{.../...i..e..a...F... .........Y....!.2..D...y.....zGRp......@....).O.pl...B.l......\l..]....(wH...W.'m..B..p.ya.......@...l.%..klq[..l2c..t..]-.FV6..H.j....C:W.b...;Z..4....K..1L..A..#..&.....I....t.....t....y..g...c..R.p.X.....-....@.Nx..n7.RK..L..U...........V4amJ/........J..<...hc.#....8.@..p....A.B.)....c....*.^.....V.8..F.A....U{N..]...1.)}.ib.T./.m..\u....Fe.....&..Y.CY'.>....wb....2.u#=1....V...j.I..U>...Y......V..m.h).. PV.b...W..!.."..T'..^....}.W.1.b..u.`.3..m..I.j ..FT51..;0..O-..x.l....ls~...G...P..m...."=CF.dFu.Kv"......c..0.rxD...<I..

          C:\Users\user\Documents\SQRKHNBNYN\SFPUSAFIOL.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8598364977202495
          Encrypted:false
          SSDEEP:
          MD5:5B4D6444549379EA4D80A70E05CFF5FB
          SHA1:6FCFEC107463BAB15DF282D50E0CC0625FECF8F9
          SHA-256:5FE56AD6F6ECAA8A50C43CCCD95AF4CC997405A473610D33AF697CEF5E58A687
          SHA-512:12C3D57E472595F56DDC59E3BAA61D2A8C7E15CA4EADE15B6E84DFAED84EDB2C162E2513212D16317F2B642140F985ECABE10945C452F9F5DD4646676FD5D90F
          Malicious:false
          Reputation:unknown
          Preview:SFPUSW.2{v..c..y.+..U .A..@74.."Q.i.N.....+/..J...8..X...]$.w.....&.@.}"o..hf3V.Z..1.~.~v..y....RH...'.ro..K4......R@g......b..!U...D..o....'...7q...}.......=.r. ......gjN.?<L..._.Z.`{.....5....%..U.*..L.e#"8.p...4.....2.On.l.b.!..G<.Bp.........}RP..)...Q..j....U..$3.Gw-...n.:rJ....F~.a`..>.$...ZP.:..Y....>d.`c..@i.&..........]...'![9he....{O.B..e...`h..%.R)..kZ..6.X.[K\.!......d...%.~....!l..b..(..gh;....T.@..^rv..jG..o...Da...j...@..z..L1.K.F?Hy....U....rM.......)7...C&<.. %.y..N#fq.......Y.{5.YA;Ca7...L..>.....5.d4.660.STz..F.!T.~..(...f.N_A....F...Y2.P...?..&.....H{.<.1.Ea7.U..{.\.R..'Wj.....x.k.....s.....k;...Nu.6e....yJ.%....V.^.gsW<..1.V......vg'@Q..k.QpG..%m.=.S..N......C.C...Oc.).0..o#.7C.... .../..1....'C..P.; ......).z..J.4...lo&....o#...Vc..j},y.v.?F..5oC..hOn.i..5...h...\)../.?9......m,b;J..fkXw......`7.....<A.;k.5..@.z....Ym{{..f.K...s.zf..9......C.b....N....+..`)...H.T..o....U.q.Cz.a.W.......2..=./K\..w.sY.6.b...A-k0!.f...

          C:\Users\user\Documents\SQRKHNBNYN\SFPUSAFIOL.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5B4D6444549379EA4D80A70E05CFF5FB
          SHA1:6FCFEC107463BAB15DF282D50E0CC0625FECF8F9
          SHA-256:5FE56AD6F6ECAA8A50C43CCCD95AF4CC997405A473610D33AF697CEF5E58A687
          SHA-512:12C3D57E472595F56DDC59E3BAA61D2A8C7E15CA4EADE15B6E84DFAED84EDB2C162E2513212D16317F2B642140F985ECABE10945C452F9F5DD4646676FD5D90F
          Malicious:false
          Reputation:unknown
          Preview:SFPUSW.2{v..c..y.+..U .A..@74.."Q.i.N.....+/..J...8..X...]$.w.....&.@.}"o..hf3V.Z..1.~.~v..y....RH...'.ro..K4......R@g......b..!U...D..o....'...7q...}.......=.r. ......gjN.?<L..._.Z.`{.....5....%..U.*..L.e#"8.p...4.....2.On.l.b.!..G<.Bp.........}RP..)...Q..j....U..$3.Gw-...n.:rJ....F~.a`..>.$...ZP.:..Y....>d.`c..@i.&..........]...'![9he....{O.B..e...`h..%.R)..kZ..6.X.[K\.!......d...%.~....!l..b..(..gh;....T.@..^rv..jG..o...Da...j...@..z..L1.K.F?Hy....U....rM.......)7...C&<.. %.y..N#fq.......Y.{5.YA;Ca7...L..>.....5.d4.660.STz..F.!T.~..(...f.N_A....F...Y2.P...?..&.....H{.<.1.Ea7.U..{.\.R..'Wj.....x.k.....s.....k;...Nu.6e....yJ.%....V.^.gsW<..1.V......vg'@Q..k.QpG..%m.=.S..N......C.C...Oc.).0..o#.7C.... .../..1....'C..P.; ......).z..J.4...lo&....o#...Vc..j},y.v.?F..5oC..hOn.i..5...h...\)../.?9......m,b;J..fkXw......`7.....<A.;k.5..@.z....Ym{{..f.K...s.zf..9......C.b....N....+..`)...H.T..o....U.q.Cz.a.W.......2..=./K\..w.sY.6.b...A-k0!.f...

          C:\Users\user\Documents\SQRKHNBNYN\SQRKHNBNYN.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.845494228801483
          Encrypted:false
          SSDEEP:
          MD5:8C03F4ACE9A63E189712CEF785558472
          SHA1:CD2145AE86FEF3219952EF41A15516E644AA4810
          SHA-256:10B72F8A281E7920C437A47BA8BC0983F3AB85E41B79123A9FC4EBF4980A4FDF
          SHA-512:D79CAC74E90A5D3B77BEAE4F0CA9DAC4E9371A4D572D670357FB150E6D8950E8C6AB56BD33A2A15B75960ACE3A1FF71CF1C92A93B28CD4E885F8185A75AD42A4
          Malicious:false
          Reputation:unknown
          Preview:SQRKH.N.G....?.q...._<.}.7.."*+Y}+%....D%..d-..",:H..yr....*.CL..TQ.d..<..[.wa......$./_..o=........8....S......7...Gy.......... TEd..J..~......,.Ct..U .2...u\....W...!...K..Fb.6.,.w#5..)....l..sj.K........?o...w[....8..k....A.....).K..~.o....,..w..n...UB.k.C..J.........'$..6hf1..A......n.s.v.....H=y.H...FU..`A.6...H.....P\....b...;....6...&F......}3........"q{....L....}...2(-Z.....[.&@.I.....E.jk..5.'P"..f.\=...s....b|...I...O5..mJ...7.g3..NR.y....Mg..m.......8.zw.......3..+.i.i.>ivB.S..,._;.e.M..t..].>..C.......1!,....E...oz..G}B.o....Ox.Bj..N6..`......A...^.~..Y...K.}.#p#|.....Y..vn4.......P=.ScO.4..(..N.w..K..'7p..g..............H..v..8#......R...A.[s;..........@d.....V......./.......u8.&e..X...!X.=...`j..d.>.N.f.Y^..8kC........c..32...pqg\..vh........#.!....f..d......LP..09.......".l.^.b..<.=v..Q.Ox=....Df...+..D.....#K.N........F5...>_..W.....B.+1..".".'..wIm.Q..qs.2....qoi.~.4..N*.?....._.:...M..n..J.......&i....../.v..!...R....KS.

          C:\Users\user\Documents\SQRKHNBNYN\SQRKHNBNYN.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8C03F4ACE9A63E189712CEF785558472
          SHA1:CD2145AE86FEF3219952EF41A15516E644AA4810
          SHA-256:10B72F8A281E7920C437A47BA8BC0983F3AB85E41B79123A9FC4EBF4980A4FDF
          SHA-512:D79CAC74E90A5D3B77BEAE4F0CA9DAC4E9371A4D572D670357FB150E6D8950E8C6AB56BD33A2A15B75960ACE3A1FF71CF1C92A93B28CD4E885F8185A75AD42A4
          Malicious:false
          Reputation:unknown
          Preview:SQRKH.N.G....?.q...._<.}.7.."*+Y}+%....D%..d-..",:H..yr....*.CL..TQ.d..<..[.wa......$./_..o=........8....S......7...Gy.......... TEd..J..~......,.Ct..U .2...u\....W...!...K..Fb.6.,.w#5..)....l..sj.K........?o...w[....8..k....A.....).K..~.o....,..w..n...UB.k.C..J.........'$..6hf1..A......n.s.v.....H=y.H...FU..`A.6...H.....P\....b...;....6...&F......}3........"q{....L....}...2(-Z.....[.&@.I.....E.jk..5.'P"..f.\=...s....b|...I...O5..mJ...7.g3..NR.y....Mg..m.......8.zw.......3..+.i.i.>ivB.S..,._;.e.M..t..].>..C.......1!,....E...oz..G}B.o....Ox.Bj..N6..`......A...^.~..Y...K.}.#p#|.....Y..vn4.......P=.ScO.4..(..N.w..K..'7p..g..............H..v..8#......R...A.[s;..........@d.....V......./.......u8.&e..X...!X.=...`j..d.>.N.f.Y^..8kC........c..32...pqg\..vh........#.!....f..d......LP..09.......".l.^.b..<.=v..Q.Ox=....Df...+..D.....#K.N........F5...>_..W.....B.+1..".".'..wIm.Q..qs.2....qoi.~.4..N*.?....._.:...M..n..J.......&i....../.v..!...R....KS.

          C:\Users\user\Documents\SQRKHNBNYN\UOOJJOZIRH.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8703790875416075
          Encrypted:false
          SSDEEP:
          MD5:31D0F4C62EA33BDE8CEEE1D586657EC5
          SHA1:5DD84B52DB08466A2656630429D99FC5B5FDCE69
          SHA-256:A3B6C1CD2892A4BEC2139D9CD2AAECAAE7ACEC466563A1A6C88D2702E35BDCBE
          SHA-512:2F0B609185B13C96CF1F39A6874A98DD248A1629AF78315E52BD4CD26B73BFC7544634DBE1845E977E0A600025005AF362709A1356764A2F21E8E60D215F98D0
          Malicious:false
          Reputation:unknown
          Preview:UOOJJS.)....m...s^_..]/rr..o...y.)...b7.<P,FJ...!I....S...."..^:...Q..W.o.B.J.....S...#s..`x1i..z.n?S...U....Yf...by.E..P..[.._.7.|..G#.fa...P..L ....>KHC....".....h.+g....R..w.X...U.Q..Y.g...........M.e,..j.)b..k....zf.~;F....[&E.-....Y.o...3B.B4.r..q.D..,.n..v=.k.WV."8...@x.2......t.S..~.J..W..`........8......j.....P^[...i....'.!...Q..-.+O63LJ.........`#.L...$.C...-*.,{A./.p.S.\Vq..{.....m.,.R.u..W.X.....V/.C>M.9.....L.!>.......3........M......O_.1..qT.c.:.!LZ...iA.t..-b|..!<.I..CrgJ)...M...a.;q..V_q...=............w2..=.Fw..w0..3.Cc....C.Ws..<...`0.wO.!Xj}....*~.K.'....D..a'I.[.:.a.<.c.t.^.....n......X9.........c...7.3c.,.N.R..B.-...tN.V.a?b4U.F.....g.......T.B.>,..d....G....]..f.?..M......P.@.......*..u1....a.??.e..1>..j.0or]p....r.J.0...^2R...O........4w..`..9.....q..Q....c...u\..!NG....y.e...4....9...y.....J...K....z..t...=.o/..Y.0...).d.......7.......l.V.p.X&1..r.y..$..7;..dJ....*.j.i.>..X...d...a...`..M...?g.+..@76......]2#. /....%.p.

          C:\Users\user\Documents\SQRKHNBNYN\UOOJJOZIRH.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:31D0F4C62EA33BDE8CEEE1D586657EC5
          SHA1:5DD84B52DB08466A2656630429D99FC5B5FDCE69
          SHA-256:A3B6C1CD2892A4BEC2139D9CD2AAECAAE7ACEC466563A1A6C88D2702E35BDCBE
          SHA-512:2F0B609185B13C96CF1F39A6874A98DD248A1629AF78315E52BD4CD26B73BFC7544634DBE1845E977E0A600025005AF362709A1356764A2F21E8E60D215F98D0
          Malicious:false
          Reputation:unknown
          Preview:UOOJJS.)....m...s^_..]/rr..o...y.)...b7.<P,FJ...!I....S...."..^:...Q..W.o.B.J.....S...#s..`x1i..z.n?S...U....Yf...by.E..P..[.._.7.|..G#.fa...P..L ....>KHC....".....h.+g....R..w.X...U.Q..Y.g...........M.e,..j.)b..k....zf.~;F....[&E.-....Y.o...3B.B4.r..q.D..,.n..v=.k.WV."8...@x.2......t.S..~.J..W..`........8......j.....P^[...i....'.!...Q..-.+O63LJ.........`#.L...$.C...-*.,{A./.p.S.\Vq..{.....m.,.R.u..W.X.....V/.C>M.9.....L.!>.......3........M......O_.1..qT.c.:.!LZ...iA.t..-b|..!<.I..CrgJ)...M...a.;q..V_q...=............w2..=.Fw..w0..3.Cc....C.Ws..<...`0.wO.!Xj}....*~.K.'....D..a'I.[.:.a.<.c.t.^.....n......X9.........c...7.3c.,.N.R..B.-...tN.V.a?b4U.F.....g.......T.B.>,..d....G....]..f.?..M......P.@.......*..u1....a.??.e..1>..j.0or]p....r.J.0...^2R...O........4w..`..9.....q..Q....c...u\..!NG....y.e...4....9...y.....J...K....z..t...=.o/..Y.0...).d.......7.......l.V.p.X&1..r.y..$..7;..dJ....*.j.i.>..X...d...a...`..M...?g.+..@76......]2#. /....%.p.

          C:\Users\user\Documents\UOOJJOZIRH.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.862743733321025
          Encrypted:false
          SSDEEP:
          MD5:CC457B37D9FE32F5C685E011FF92465E
          SHA1:CF773700A9B1166C375CE030B363CEEF5BDE9DDD
          SHA-256:5BB005AB41E5140B270FF0313A0A73224B735C95D173507D5E2E0D1C714757B8
          SHA-512:96764223A30A9FB107688C628C2286E996E0C587E2AA193E2D615A2F06926C62B9FADB90B3E5A08396E8A051713322C10C5A5D65FDCF51453AB91B451067AC5D
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ..k*..o...GGrr...)2...|.....VA.#..OQ+.2...=....t..X{]....U.....I..t.oP..M.b..>].>.9F.F.....R....RQ.|r..2..1..p......`{.,..9bd..W.....vf...z....W'4.....0.s...X.w.....!...[.y..[................a.j.......WJ..?*.......?v8..Y.......J6.y...Q.zFq...6..6.!.....~.l.%..Y...R..O..{....1{...g..}..ql.U.YH.9..+....?#....O..S..].Rl...o.L-.s._38..lMCA....l..&..(........T.^..Z..h.0g....G..m0l(.....O...C.......0#Y....@...KJL.<U..q.o............]...Fs.A.1... ........e......1s..A...x..#.....n..:.C+..z...S....*"P...*...".'.50.q........{..X^+..S.!2td.a...,......uX.)T..X......1....:.......P..;....=.4..l..9.K*hx=..6!V..&^..pH./.@w.A~..... .....&D.FF.f\(....y.....#.,ghe.?hV.9.ISa..x.*..T.aQ.....9..1F..f<..#m?....*=.`U......,R8.G...8.E"<......................Z.p.#.~.E.#[.z}...K....J4MAW%..ou.}.<[l.b.....y....|....V.?u.n..Bm.:..,pD.#..=.Mb^3....[..`.!...^.G..4O...}.V.".=,}.eL.d.Dg...$=....&.."......V...%L..S..xd....4.....P.l._.#Q.g...../.$..[.}.......I.a.v...

          C:\Users\user\Documents\UOOJJOZIRH.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CC457B37D9FE32F5C685E011FF92465E
          SHA1:CF773700A9B1166C375CE030B363CEEF5BDE9DDD
          SHA-256:5BB005AB41E5140B270FF0313A0A73224B735C95D173507D5E2E0D1C714757B8
          SHA-512:96764223A30A9FB107688C628C2286E996E0C587E2AA193E2D615A2F06926C62B9FADB90B3E5A08396E8A051713322C10C5A5D65FDCF51453AB91B451067AC5D
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ..k*..o...GGrr...)2...|.....VA.#..OQ+.2...=....t..X{]....U.....I..t.oP..M.b..>].>.9F.F.....R....RQ.|r..2..1..p......`{.,..9bd..W.....vf...z....W'4.....0.s...X.w.....!...[.y..[................a.j.......WJ..?*.......?v8..Y.......J6.y...Q.zFq...6..6.!.....~.l.%..Y...R..O..{....1{...g..}..ql.U.YH.9..+....?#....O..S..].Rl...o.L-.s._38..lMCA....l..&..(........T.^..Z..h.0g....G..m0l(.....O...C.......0#Y....@...KJL.<U..q.o............]...Fs.A.1... ........e......1s..A...x..#.....n..:.C+..z...S....*"P...*...".'.50.q........{..X^+..S.!2td.a...,......uX.)T..X......1....:.......P..;....=.4..l..9.K*hx=..6!V..&^..pH./.@w.A~..... .....&D.FF.f\(....y.....#.,ghe.?hV.9.ISa..x.*..T.aQ.....9..1F..f<..#m?....*=.`U......,R8.G...8.E"<......................Z.p.#.~.E.#[.z}...K....J4MAW%..ou.}.<[l.b.....y....|....V.?u.n..Bm.:..,pD.#..=.Mb^3....[..`.!...^.G..4O...}.V.".=,}.eL.d.Dg...$=....&.."......V...%L..S..xd....4.....P.l._.#Q.g...../.$..[.}.......I.a.v...

          C:\Users\user\Documents\UOOJJOZIRH.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.871131979824714
          Encrypted:false
          SSDEEP:
          MD5:6E01282B6C3233DCCFB622DA594C294B
          SHA1:FDE8C38E6A73AC172A8811F844C54EBEBFB5B8A7
          SHA-256:BE8387DE4F25BAF2A0F0E72AF82C1072C4E0D0DCC0981AB22641D0503812AF3C
          SHA-512:5E69982D36EB47BDC536FAF6814D165E35E03920ECF94A73E3536EABCC7F8811A79755C009E01B8982E39187FFEE6F4EFB59296029D4FAAE6CD4216D2860E2ED
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ}w..;.'c5w.......!.i....t........40...[...?3.2...'..c..Q`_...\XR.5.T..a..i.....x....;...Y......R2.m...c....A..*. ....4..........>.....1q.d..&.]rb.....DJ(..}K..O.F~.....o.&....v.. M".Y.....^*........z..P.>.....96.(.+..%)B|...[....c..^.:..;.I..s.D.y..j.%L&C...]w.A..8..M..s..P.1e..H#...W.G6.uY..UHj......jH.....<......e..D..>..o~7$...+Z..")+]...H_...I.Bh...rz...&_....0..w\...Mmu.~..B....x........Q...._p..>..u...1?.`j..3......O.o{9...*j...4...X..Y]x;d|._....F....<..0=.......H..).*.@....?...Q..-.;tQ.K..C..z..)J.trm..A.1..y...h......v2..G6=.!5..x.V.2..D....m.....-...... ..q..N.(.H..M}......M.Ig.x....*.".N.p......7+. )....'nM.t...l...;..sz8<P....D"...J....M+.........:J..=N7\...}&..f..&_?.!}.2......{.o..h......<....(Q......1=N.@*L.}.8..S.........T 2ISf.....3...h.....A;..*/.J....WH.......J.B8xj.;E^.<.Y..U..Mj......7....H.i.....5)2A.Lx....3.m..M.r-G.n..!w....7EA..x2.4...Q..5...5,P..@.O.|.|.95....C.%..Zu....(.].TH...Hm..@.If..[...a..@.A...%..kJ.....

          C:\Users\user\Documents\UOOJJOZIRH.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6E01282B6C3233DCCFB622DA594C294B
          SHA1:FDE8C38E6A73AC172A8811F844C54EBEBFB5B8A7
          SHA-256:BE8387DE4F25BAF2A0F0E72AF82C1072C4E0D0DCC0981AB22641D0503812AF3C
          SHA-512:5E69982D36EB47BDC536FAF6814D165E35E03920ECF94A73E3536EABCC7F8811A79755C009E01B8982E39187FFEE6F4EFB59296029D4FAAE6CD4216D2860E2ED
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ}w..;.'c5w.......!.i....t........40...[...?3.2...'..c..Q`_...\XR.5.T..a..i.....x....;...Y......R2.m...c....A..*. ....4..........>.....1q.d..&.]rb.....DJ(..}K..O.F~.....o.&....v.. M".Y.....^*........z..P.>.....96.(.+..%)B|...[....c..^.:..;.I..s.D.y..j.%L&C...]w.A..8..M..s..P.1e..H#...W.G6.uY..UHj......jH.....<......e..D..>..o~7$...+Z..")+]...H_...I.Bh...rz...&_....0..w\...Mmu.~..B....x........Q...._p..>..u...1?.`j..3......O.o{9...*j...4...X..Y]x;d|._....F....<..0=.......H..).*.@....?...Q..-.;tQ.K..C..z..)J.trm..A.1..y...h......v2..G6=.!5..x.V.2..D....m.....-...... ..q..N.(.H..M}......M.Ig.x....*.".N.p......7+. )....'nM.t...l...;..sz8<P....D"...J....M+.........:J..=N7\...}&..f..&_?.!}.2......{.o..h......<....(Q......1=N.@*L.}.8..S.........T 2ISf.....3...h.....A;..*/.J....WH.......J.B8xj.;E^.<.Y..U..Mj......7....H.i.....5)2A.Lx....3.m..M.r-G.n..!w....7EA..x2.4...Q..5...5,P..@.O.|.|.95....C.%..Zu....(.].TH...Hm..@.If..[...a..@.A...%..kJ.....

          C:\Users\user\Documents\UOOJJOZIRH\NEBFQQYWPS.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.86018433985575
          Encrypted:false
          SSDEEP:
          MD5:50882416CA0491081FCE1DA5B5701C3D
          SHA1:2CD64843068622790415507D690E7C42E4C613C2
          SHA-256:8A3A87BA742F8143B68C39FACB3FAAFB4AEB183FFE2D6FFF28FCE4E3702CDF63
          SHA-512:3C28EBFD34EB1125B788E6400287D51D6CC9FA07D3706A99B226465BA5DACE85C7292C9F727986E6DFEDDBB8EA507188CB38F7640E126BD98CF0D51A585AB97F
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ.v.P.P'z\L>...z8._.....#.B....t.....'Y.C.h.3.Z....6..;_H%du.A8...M..,,.1.G....N.e.....*...........A.zKc..A..{..U]..F...+$k...A9....#.."...8Bw...>..I>.....X....@..Y....:.#V.?.D.]...I......w...3...J..88..........y.X...;..l+<...S.y]...c&..............\...F.p.@./<.T\..P......kM...&..a...#.d....G.E ..e..U...:Ve. ..Vf.."]?..nF...Nm...y.C...F....2=c.7..C.x\.b.r.Zr..V-Zzr-..S.ik.C.)...Hb...I.@.o..Q.S.[S.;.h..M..\......+.E9...A.{..`C*...0.H.Z.)....x.Z.rOA...*..q|n.._m.....@.*f.....3?.q..$..z.%Q...d..e.dk.E....Q.t'G....)..SC..9.e.X...2..../O...b.....ZxVzz..J..7[x.%..^.Q.hf..4g...r..f!./.(A$M.w.N'.#D(SG....Rt....</...&.......X.5.N.@.....5.F#\$-..........wJ.f.o..r...y..R..}n.....j..KTm..t..}j!.........C9..-t..._.h1..5....S.......J.:. $.N.v....e..:."..R.$......p.4|.7-..O..^.....^..0.....0d>;:...N....s|.s..4E..9..w.f...../.:m...[u.....6......Nw"......n\S.:..Ssd.#......H.*...DaB..S%:_>..]Z0.............q.r...mL....]..r.]..f:z..z.Ru..P.....)......

          C:\Users\user\Documents\UOOJJOZIRH\NEBFQQYWPS.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:50882416CA0491081FCE1DA5B5701C3D
          SHA1:2CD64843068622790415507D690E7C42E4C613C2
          SHA-256:8A3A87BA742F8143B68C39FACB3FAAFB4AEB183FFE2D6FFF28FCE4E3702CDF63
          SHA-512:3C28EBFD34EB1125B788E6400287D51D6CC9FA07D3706A99B226465BA5DACE85C7292C9F727986E6DFEDDBB8EA507188CB38F7640E126BD98CF0D51A585AB97F
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ.v.P.P'z\L>...z8._.....#.B....t.....'Y.C.h.3.Z....6..;_H%du.A8...M..,,.1.G....N.e.....*...........A.zKc..A..{..U]..F...+$k...A9....#.."...8Bw...>..I>.....X....@..Y....:.#V.?.D.]...I......w...3...J..88..........y.X...;..l+<...S.y]...c&..............\...F.p.@./<.T\..P......kM...&..a...#.d....G.E ..e..U...:Ve. ..Vf.."]?..nF...Nm...y.C...F....2=c.7..C.x\.b.r.Zr..V-Zzr-..S.ik.C.)...Hb...I.@.o..Q.S.[S.;.h..M..\......+.E9...A.{..`C*...0.H.Z.)....x.Z.rOA...*..q|n.._m.....@.*f.....3?.q..$..z.%Q...d..e.dk.E....Q.t'G....)..SC..9.e.X...2..../O...b.....ZxVzz..J..7[x.%..^.Q.hf..4g...r..f!./.(A$M.w.N'.#D(SG....Rt....</...&.......X.5.N.@.....5.F#\$-..........wJ.f.o..r...y..R..}n.....j..KTm..t..}j!.........C9..-t..._.h1..5....S.......J.:. $.N.v....e..:."..R.$......p.4|.7-..O..^.....^..0.....0d>;:...N....s|.s..4E..9..w.f...../.:m...[u.....6......Nw"......n\S.:..Ssd.#......H.*...DaB..S%:_>..]Z0.............q.r...mL....]..r.]..f:z..z.Ru..P.....)......

          C:\Users\user\Documents\UOOJJOZIRH\PWCCAWLGRE.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.839762875286234
          Encrypted:false
          SSDEEP:
          MD5:B7C96D31CE809F2CCB68F1986EA22FA7
          SHA1:43A78506425555C03A420DF24B9F573883E0C88E
          SHA-256:0AA7F61035C6489FE9DA4876F72372135F5A74DC2C5CC258177980AF29ECAC76
          SHA-512:39C7B17F0C3C607F3569E5C65303C21B4A324587C8D6DF31B49CBCA501C65B113D34FE746CC13953FDE6EF32905BD7139F26FB8E339F41E628C1CCC501F59C8F
          Malicious:false
          Reputation:unknown
          Preview:PWCCA.........4T.....M^.Su:.a."...S..f...KCaG...+/...p..:...=vi.=..gO..>y..X5l..z..Q..?4>'J&..jj.Rf...,..<?.-..h1'.d.N.4.._E...+c..w]Co~b9,...P).$2?.c4_.A.i..'...T.q )._..-QAvY..Q.&yo.Nl+...?z)G...F..I..>...K.....A.zMC'..s...y^...B._'..G....X.k.b>...........'.....<..."q...Pd.nH..,. ...5.K4...h;.H.K....&..1..O0.....$..}..d..\..r..Ii...S,....].$i...M..[9..g.#i-.@...tEf..f..C..q.t.zf..d....(.u....i.?.4.....I....w.au.!.J...Y../.(..G..:%%4}......j.....G)..`..z..=.C.`.7..q1[.O...{....U....g..!t.....M.?......(6..ve.3>(Jz.]...n..1...n.../*r..a.......a........2^.!cG.....;.-...o\b`s.rA..8W..F....z....R.uJ.L.%.X..C.T..`../*.26.py.2Wp.c.*[y7.Q..FA<..Z$1.D...b.;.W.....j4XKm)J.N[......C...v..n.s>.mU{....0`R..L........8.....w....[.....c..(vN..6..k].v..&..%.q...-...,..M8G26...j..S......3..7KovM8H.T...cI.y.....H..7.....q........{...a#*..N......]P..b.|VP<..7....O..c.RB1.p2....B...I.]../[g...w.u....,.=4RY.#..~f:.o.A.3.<r:q3..z.J.......o.71..e...9w....(.

          C:\Users\user\Documents\UOOJJOZIRH\PWCCAWLGRE.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B7C96D31CE809F2CCB68F1986EA22FA7
          SHA1:43A78506425555C03A420DF24B9F573883E0C88E
          SHA-256:0AA7F61035C6489FE9DA4876F72372135F5A74DC2C5CC258177980AF29ECAC76
          SHA-512:39C7B17F0C3C607F3569E5C65303C21B4A324587C8D6DF31B49CBCA501C65B113D34FE746CC13953FDE6EF32905BD7139F26FB8E339F41E628C1CCC501F59C8F
          Malicious:false
          Reputation:unknown
          Preview:PWCCA.........4T.....M^.Su:.a."...S..f...KCaG...+/...p..:...=vi.=..gO..>y..X5l..z..Q..?4>'J&..jj.Rf...,..<?.-..h1'.d.N.4.._E...+c..w]Co~b9,...P).$2?.c4_.A.i..'...T.q )._..-QAvY..Q.&yo.Nl+...?z)G...F..I..>...K.....A.zMC'..s...y^...B._'..G....X.k.b>...........'.....<..."q...Pd.nH..,. ...5.K4...h;.H.K....&..1..O0.....$..}..d..\..r..Ii...S,....].$i...M..[9..g.#i-.@...tEf..f..C..q.t.zf..d....(.u....i.?.4.....I....w.au.!.J...Y../.(..G..:%%4}......j.....G)..`..z..=.C.`.7..q1[.O...{....U....g..!t.....M.?......(6..ve.3>(Jz.]...n..1...n.../*r..a.......a........2^.!cG.....;.-...o\b`s.rA..8W..F....z....R.uJ.L.%.X..C.T..`../*.26.py.2Wp.c.*[y7.Q..FA<..Z$1.D...b.;.W.....j4XKm)J.N[......C...v..n.s>.mU{....0`R..L........8.....w....[.....c..(vN..6..k].v..&..%.q...-...,..M8G26...j..S......3..7KovM8H.T...cI.y.....H..7.....q........{...a#*..N......]P..b.|VP<..7....O..c.RB1.p2....B...I.]../[g...w.u....,.=4RY.#..~f:.o.A.3.<r:q3..z.J.......o.71..e...9w....(.

          C:\Users\user\Documents\UOOJJOZIRH\QNCYCDFIJJ.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.85752902004904
          Encrypted:false
          SSDEEP:
          MD5:C6250B0C8D9B4DC874D008B590309AEB
          SHA1:B999A98119D655F71FDFEAB142DE0B41601DE8AF
          SHA-256:0DA23001D0CAFB99F5E4CD373134A1968972EFB675FA5183744AF7E9EF8F7722
          SHA-512:899513BD7EAB71EC9668F0CE66E7FBEB720DC7A200A78588C4609EFFE6F182161969CDF10EAD9B9C45AA1E4D913FFDAFAEBD01032F61EBE55184C891EC67E54C
          Malicious:false
          Reputation:unknown
          Preview:QNCYC0pC...8.4..j..U.i..x..$..".....#2ET.....e.M..c~...8.w...J:.PATc...?.g...b..../..S.9p:/.V.FiU..1....g.B:........D..A.a.wD.$u.6...]..,.......7....Z ._h..m..+..D........1.?.b.>.7.Y.j..t.......|@..buo.^.F.{.a...jj..0./.~*...e......^...e......&...3......x...!<..0..4...(.*3"n.S. V{..P.[.c\...$./..$...3..5......>..!..Lb...xAq...{.?..c .;..{..c.e.......H.R2.kK...k...B`.E}.N......[.."C2O..u..r.,:.V.c_......./...3.W(..N,w.D.l.N[.O...g-.'.$r.8..u$.......y................z.....j.03.>..jQx.*I.....SI7.;E.,a.pm._.p....CJ....I.......$.!.......Y."..K ...p..L.gH.?.j........:.]<#..*t......w..._).?.rO.y...{..A..V......b....4h@..$.!...zi...R%.H.B.D..u..BX....&.E..9"H.8j...w...r..I....G.;.x...;]...'x.)....A...|6......Z..W....%...nG....V.|.....9.+..I..SC..t..9...+=./(......E,f.......FP.......ur..2...1w......P.8pfKt8.H,';..m......t.ac..._..A........g.......F.l....R..'F.....w.:...../...o#...0.{....P.VP.[#..~....?..,\.J.1....]'xn6...aCL.y..{..1.z..*#

          C:\Users\user\Documents\UOOJJOZIRH\QNCYCDFIJJ.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C6250B0C8D9B4DC874D008B590309AEB
          SHA1:B999A98119D655F71FDFEAB142DE0B41601DE8AF
          SHA-256:0DA23001D0CAFB99F5E4CD373134A1968972EFB675FA5183744AF7E9EF8F7722
          SHA-512:899513BD7EAB71EC9668F0CE66E7FBEB720DC7A200A78588C4609EFFE6F182161969CDF10EAD9B9C45AA1E4D913FFDAFAEBD01032F61EBE55184C891EC67E54C
          Malicious:false
          Reputation:unknown
          Preview:QNCYC0pC...8.4..j..U.i..x..$..".....#2ET.....e.M..c~...8.w...J:.PATc...?.g...b..../..S.9p:/.V.FiU..1....g.B:........D..A.a.wD.$u.6...]..,.......7....Z ._h..m..+..D........1.?.b.>.7.Y.j..t.......|@..buo.^.F.{.a...jj..0./.~*...e......^...e......&...3......x...!<..0..4...(.*3"n.S. V{..P.[.c\...$./..$...3..5......>..!..Lb...xAq...{.?..c .;..{..c.e.......H.R2.kK...k...B`.E}.N......[.."C2O..u..r.,:.V.c_......./...3.W(..N,w.D.l.N[.O...g-.'.$r.8..u$.......y................z.....j.03.>..jQx.*I.....SI7.;E.,a.pm._.p....CJ....I.......$.!.......Y."..K ...p..L.gH.?.j........:.]<#..*t......w..._).?.rO.y...{..A..V......b....4h@..$.!...zi...R%.H.B.D..u..BX....&.E..9"H.8j...w...r..I....G.;.x...;]...'x.)....A...|6......Z..W....%...nG....V.|.....9.+..I..SC..t..9...+=./(......E,f.......FP.......ur..2...1w......P.8pfKt8.H,';..m......t.ac..._..A........g.......F.l....R..'F.....w.:...../...o#...0.{....P.VP.[#..~....?..,\.J.1....]'xn6...aCL.y..{..1.z..*#

          C:\Users\user\Documents\UOOJJOZIRH\SFPUSAFIOL.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8626391694039865
          Encrypted:false
          SSDEEP:
          MD5:861B2C505716A154E6FF651774C284D5
          SHA1:083DE0E5C4163E282B25AD398B6275B7B564A9EF
          SHA-256:89DF499993FD8558F483365116B711C9FE2909640E690F667439AB7FC46D3F7A
          SHA-512:496A0F775D4115B895656BA32B4BAA5F906FB4C0DD562D6BD7F3CC611F23EDCDAEF136FA939C23DDCC878A3742F3F2D2FA252E93ED500C4CBB123DB78BD3DDAA
          Malicious:false
          Reputation:unknown
          Preview:SFPUSx.......w.?..d,...?1c....,+<..T.s..y..}.d!...z.f./.;).U...y..'....'......zR-...Y.....w.Ca.N.`j.....vj.....X..!'[.|....T.&&.h.S...,.'.9u...o7..lK|q...v.^.!m.f.;..Ub.........."H(......3....3..L...W..,......A."..jGc,pTo..I.?.Vt.9..........K......)4.a.x....%...c._D........[-=....^r'...~..2+...EY.8.>y}.2......<c.O(.Z.r.<....M.v..N..J...H.&)..6....E.U..xW<...Q..unu.F.....tE@GI...d..X......1|.&.pC..#eZ..F..<.f\R..`5..&....\.)...8R..^...z..S?.6.'......#.I..c3.._.Q.o.r5.uZ+.q....jk.N...a.....>....n.......T..c....)...!.W....&.7..a**..E.O.1(..2..VK..hG=.Q...6...@..+.l.|}...I....s*....0.\M.'.......,...o...;Y/....(..J..Y.i.....&.....X.k.m".H.<X.i...^.Sl.D~....y..N(?.&Y....n..&V[..2,..<8....#..^.{.....:e...T....T....W..5B...{....o....w....._t>.X}z..{X.q.e....".9B.#..d..L.=nP.g.....0Tqr^..&..b`w..,7..........xo.o.].B.Q.....$..F.[.K....bi.^u. `.......9..7-.Yn.C...#...^.6....E....X.~....c..._.5\..]..c..c.E.GV....[.(.e..xa./......54......./.

          C:\Users\user\Documents\UOOJJOZIRH\SFPUSAFIOL.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:861B2C505716A154E6FF651774C284D5
          SHA1:083DE0E5C4163E282B25AD398B6275B7B564A9EF
          SHA-256:89DF499993FD8558F483365116B711C9FE2909640E690F667439AB7FC46D3F7A
          SHA-512:496A0F775D4115B895656BA32B4BAA5F906FB4C0DD562D6BD7F3CC611F23EDCDAEF136FA939C23DDCC878A3742F3F2D2FA252E93ED500C4CBB123DB78BD3DDAA
          Malicious:false
          Reputation:unknown
          Preview:SFPUSx.......w.?..d,...?1c....,+<..T.s..y..}.d!...z.f./.;).U...y..'....'......zR-...Y.....w.Ca.N.`j.....vj.....X..!'[.|....T.&&.h.S...,.'.9u...o7..lK|q...v.^.!m.f.;..Ub.........."H(......3....3..L...W..,......A."..jGc,pTo..I.?.Vt.9..........K......)4.a.x....%...c._D........[-=....^r'...~..2+...EY.8.>y}.2......<c.O(.Z.r.<....M.v..N..J...H.&)..6....E.U..xW<...Q..unu.F.....tE@GI...d..X......1|.&.pC..#eZ..F..<.f\R..`5..&....\.)...8R..^...z..S?.6.'......#.I..c3.._.Q.o.r5.uZ+.q....jk.N...a.....>....n.......T..c....)...!.W....&.7..a**..E.O.1(..2..VK..hG=.Q...6...@..+.l.|}...I....s*....0.\M.'.......,...o...;Y/....(..J..Y.i.....&.....X.k.m".H.<X.i...^.Sl.D~....y..N(?.&Y....n..&V[..2,..<8....#..^.{.....:e...T....T....W..5B...{....o....w....._t>.X}z..{X.q.e....".9B.#..d..L.=nP.g.....0Tqr^..&..b`w..,7..........xo.o.].B.Q.....$..F.[.K....bi.^u. `.......9..7-.Yn.C...#...^.6....E....X.~....c..._.5\..]..c..c.E.GV....[.(.e..xa./......54......./.

          C:\Users\user\Documents\UOOJJOZIRH\UOOJJOZIRH.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.866072849077848
          Encrypted:false
          SSDEEP:
          MD5:E53EF63850E15F985D1D9EEAB38BBC06
          SHA1:2FA4A5417FB1E036556DD9971C2D992A3D7C80CC
          SHA-256:939CA0320720414182D0320F6E32511A514E2D2AE161336ED1945BAAA9B325F7
          SHA-512:25AE5172EDD6E5858DE324EE8760FD7C5784C794765ACD22DFA7B37EE4BA74665E1F40397A4A637FAD1BEE7C286E9E697D35DFBD36B3555E0CB056EC0283BA2D
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ.Z8.....,z....0.....+....X..Z..+xM7&..6..5g.t.C..2Y*...hL..8M. .N...;.".^...F..Ls|.yR.C..>.6f...4..j..\Q......j4YIi.....[E.%i.M.Y.2..0.*........h.+pFI#2.......^..... ....<....$.x..-G......HE.Mk.2.!..k.<..wuM.n.H?#T.@<.zM...X2..=...e.|.L.......+.]Q...B...?Pm.|......3.H..@..b..,|n..kma...k' B.Q.r......e.a[.................u1J.^[..>..A...R.....=$...?.........4.R^.~Y.{8]F ...R?..~.X...~..Qz..AUkT...41..q~.f..X.C.T(0g.B....F........*T.d }$...=.:..'.<pi:r.....J..mUb...j....T..,\&e...8.=J]..D1...vl..&....x7...._"EK..2.{.=.8...Y.'@..9..-.....*....Q......8.`..).(.v................DV.DHr.@.P.>..t...Zu.....A'_..4e+"..C.Jk...j..."(...4P}..y..f~h....x'......>.3.,..7..6..2$?.d.wa.;..4..\B .w.h..=.$..).p.4..9.0....u.....#h&.Sr_#....).|...gV.o...../8..l#.8S@.".pM|.h..?sa.O..@..%*Jr.Hh.i........"E.+....&..pX.o.hp.....iT...o.VJ.a.K.7M ....QHY..._.krx.;p.@v.$$.L..B...eWl.3....9k.K1F.;7o.4.4-..m.g..1.6.d'@.....F.a.}H......lCq....i...........z.y`s.n...<=g...

          C:\Users\user\Documents\UOOJJOZIRH\UOOJJOZIRH.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E53EF63850E15F985D1D9EEAB38BBC06
          SHA1:2FA4A5417FB1E036556DD9971C2D992A3D7C80CC
          SHA-256:939CA0320720414182D0320F6E32511A514E2D2AE161336ED1945BAAA9B325F7
          SHA-512:25AE5172EDD6E5858DE324EE8760FD7C5784C794765ACD22DFA7B37EE4BA74665E1F40397A4A637FAD1BEE7C286E9E697D35DFBD36B3555E0CB056EC0283BA2D
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ.Z8.....,z....0.....+....X..Z..+xM7&..6..5g.t.C..2Y*...hL..8M. .N...;.".^...F..Ls|.yR.C..>.6f...4..j..\Q......j4YIi.....[E.%i.M.Y.2..0.*........h.+pFI#2.......^..... ....<....$.x..-G......HE.Mk.2.!..k.<..wuM.n.H?#T.@<.zM...X2..=...e.|.L.......+.]Q...B...?Pm.|......3.H..@..b..,|n..kma...k' B.Q.r......e.a[.................u1J.^[..>..A...R.....=$...?.........4.R^.~Y.{8]F ...R?..~.X...~..Qz..AUkT...41..q~.f..X.C.T(0g.B....F........*T.d }$...=.:..'.<pi:r.....J..mUb...j....T..,\&e...8.=J]..D1...vl..&....x7...._"EK..2.{.=.8...Y.'@..9..-.....*....Q......8.`..).(.v................DV.DHr.@.P.>..t...Zu.....A'_..4e+"..C.Jk...j..."(...4P}..y..f~h....x'......>.3.,..7..6..2$?.d.wa.;..4..\B .w.h..=.$..).p.4..9.0....u.....#h&.Sr_#....).|...gV.o...../8..l#.8S@.".pM|.h..?sa.O..@..%*Jr.Hh.i........"E.+....&..pX.o.hp.....iT...o.VJ.a.K.7M ....QHY..._.krx.;p.@v.$$.L..B...eWl.3....9k.K1F.;7o.4.4-..m.g..1.6.d'@.....F.a.}H......lCq....i...........z.y`s.n...<=g...

          C:\Users\user\Documents\UOOJJOZIRH\ZQIXMVQGAH.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.850373378137426
          Encrypted:false
          SSDEEP:
          MD5:03AB251FA29CA4B90EC84A646CA77950
          SHA1:0DDDC31DB3AD6954C4132E62405888C48AF7827F
          SHA-256:BC9A46B3AAC5A66E9342E419BF12CA49A53391C2543C36AE327D90CB98DCBE61
          SHA-512:39206DF1A3446E382FA136062B74A0853E01B23D1258476640A404A75065E2EC6132225B1016EFE6CCBD70ECF07A02EBF7F3B289271C446901BFEBC39380119B
          Malicious:false
          Reputation:unknown
          Preview:ZQIXM.P.v.J.<OD.{l.).4..V$.GE.....)y..=.3-.v...9U.@MI....../..z...Ee... :.VS.Q.'".~.?|......&.k.1.ME.z#_...Ei'...K... .....".k.g.M....Y5.......a.5I..i}I..y...I.Te;j...?.......,.:..kg*.W.Z.+7.$.'.#..`E...[HC..........G.F+Q..9.1s.Ij......[H...n..,H|.na.$..x.&... .3 \u...+'....^J.["...3).o..~.w#.i!F...W\...UQ.t....[...l.L........o...1.1y.|*.M]... ..4....!N..}!m.....]..[.....Q.[.n...1.s.[R...8...8.f......W.^...y...x^..5.^<...1.n...L9.L..:.....K^M .......0........F!w...#...7.=....".QH.......Ha.1]..{.C*.]+gF..F_?.......5....E...Q.>.z..';....~i.M$;.B.#.......rO.x.8..^:C..)$^.|.1Hxo....Y._6...*...6....(T.V..u...G..KJ-.Z ...m...6.vZ_Gcu7....e.....1V...J..4qW<4'....#Ns[$q.4q..E.:.A2.+....z.z.].. 5t\o. .....j. ^.[i..K.x.o..L...8...yeD......[c.{.~..$...ct...E.. X.z...6c..d.>.d.!..]W.:....I....v....8#...<.X..p.Ih7.o[.z....e3nU>.K...,?2.e..`.../.3J..j.1\.<..l..?\.y...d.s......I..."...(m.......+9.....mVO.4....5+......4j.sl\w...S.._.........N.

          C:\Users\user\Documents\UOOJJOZIRH\ZQIXMVQGAH.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:03AB251FA29CA4B90EC84A646CA77950
          SHA1:0DDDC31DB3AD6954C4132E62405888C48AF7827F
          SHA-256:BC9A46B3AAC5A66E9342E419BF12CA49A53391C2543C36AE327D90CB98DCBE61
          SHA-512:39206DF1A3446E382FA136062B74A0853E01B23D1258476640A404A75065E2EC6132225B1016EFE6CCBD70ECF07A02EBF7F3B289271C446901BFEBC39380119B
          Malicious:false
          Reputation:unknown
          Preview:ZQIXM.P.v.J.<OD.{l.).4..V$.GE.....)y..=.3-.v...9U.@MI....../..z...Ee... :.VS.Q.'".~.?|......&.k.1.ME.z#_...Ei'...K... .....".k.g.M....Y5.......a.5I..i}I..y...I.Te;j...?.......,.:..kg*.W.Z.+7.$.'.#..`E...[HC..........G.F+Q..9.1s.Ij......[H...n..,H|.na.$..x.&... .3 \u...+'....^J.["...3).o..~.w#.i!F...W\...UQ.t....[...l.L........o...1.1y.|*.M]... ..4....!N..}!m.....]..[.....Q.[.n...1.s.[R...8...8.f......W.^...y...x^..5.^<...1.n...L9.L..:.....K^M .......0........F!w...#...7.=....".QH.......Ha.1]..{.C*.]+gF..F_?.......5....E...Q.>.z..';....~i.M$;.B.#.......rO.x.8..^:C..)$^.|.1Hxo....Y._6...*...6....(T.V..u...G..KJ-.Z ...m...6.vZ_Gcu7....e.....1V...J..4qW<4'....#Ns[$q.4q..E.:.A2.+....z.z.].. 5t\o. .....j. ^.[i..K.x.o..L...8...yeD......[c.{.~..$...ct...E.. X.z...6c..d.>.d.!..]W.:....I....v....8#...<.X..p.Ih7.o[.z....e3nU>.K...,?2.e..`.../.3J..j.1\.<..l..?\.y...d.s......I..."...(m.......+9.....mVO.4....5+......4j.sl\w...S.._.........N.

          C:\Users\user\Documents\ZQIXMVQGAH.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.864845177546253
          Encrypted:false
          SSDEEP:
          MD5:AF95D1F6C38746692F22B199FCF953E4
          SHA1:9EA1A030DAE90CBD9DBD92553F2C476B47179FB2
          SHA-256:A0B4769A6F4807E92BB2F563F0C2B9B563C9D511D3CBC58BBE74A37D35C3E45A
          SHA-512:A4468C58D48BA63817FD3CD246F4649DBEF84644A4E5BD4D51B0539628A712AA1A397A3C7C442642EDBFF509599FB35019582E3BBFF4417897A01BCB05F4792A
          Malicious:false
          Reputation:unknown
          Preview:ZQIXM.c.(.RYo-...3@Q...(/...G.#.~...G.\Q.....a.;....6..@.......w..}.....$...j.Z'..._..a"...@.\..1W}.y....o......^...y...1...:A.6..8.....x.......[..W...$..]v..0..}..}.Ww.......#.%*15K...o...Y..6.4...2..7...V..N(..nl...F.%.>X.....fzg.z.!.1..N.M.sTj...1v.K.i..7....mi.N.Q.C{....N..G.q;....8.f.\..8*.1.u.N.....=g6.....'.$.x....-...4.9.|u_x....0..Z....H]l..s..K".$J....5..?...f9.(.gMF]b..]...}.j*.f.::...8.....On...3}.fUX..%../..~..L.$.e..C..1'.......a.....-.......L..!.Z....;7...v}."...@.........z%..,H..10f..8..).....'...TR....G.t3.Tw...=..g}%`j......[Vb..:n+......[...u...#.(...R.|..H.. ....FE...z>.s....xu..1].6.|.4..2....L...]d...=.ME.<.......s.5.../......t.%..-u..A...s..a........r(..a7Sp..p..W...zYY..;...A.H.Zdh*kKT.C.h.Y..~.c....Ss~:.,....H..=.3.%.,...Lt.x./.[N.w.V2C!.sm...x.~W9&....#.Z.{.i...>.....Z...w.+.,.......s...v.}..3S,..HP..Y.CL^...p...8.iA.4.N.I8.+....;....Gg....T.F.....NcU../...hi....+.$.Pn....aO>.3.9.....:.y....W$(..wV].)..A*...I..^f...

          C:\Users\user\Documents\ZQIXMVQGAH.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:AF95D1F6C38746692F22B199FCF953E4
          SHA1:9EA1A030DAE90CBD9DBD92553F2C476B47179FB2
          SHA-256:A0B4769A6F4807E92BB2F563F0C2B9B563C9D511D3CBC58BBE74A37D35C3E45A
          SHA-512:A4468C58D48BA63817FD3CD246F4649DBEF84644A4E5BD4D51B0539628A712AA1A397A3C7C442642EDBFF509599FB35019582E3BBFF4417897A01BCB05F4792A
          Malicious:false
          Reputation:unknown
          Preview:ZQIXM.c.(.RYo-...3@Q...(/...G.#.~...G.\Q.....a.;....6..@.......w..}.....$...j.Z'..._..a"...@.\..1W}.y....o......^...y...1...:A.6..8.....x.......[..W...$..]v..0..}..}.Ww.......#.%*15K...o...Y..6.4...2..7...V..N(..nl...F.%.>X.....fzg.z.!.1..N.M.sTj...1v.K.i..7....mi.N.Q.C{....N..G.q;....8.f.\..8*.1.u.N.....=g6.....'.$.x....-...4.9.|u_x....0..Z....H]l..s..K".$J....5..?...f9.(.gMF]b..]...}.j*.f.::...8.....On...3}.fUX..%../..~..L.$.e..C..1'.......a.....-.......L..!.Z....;7...v}."...@.........z%..,H..10f..8..).....'...TR....G.t3.Tw...=..g}%`j......[Vb..:n+......[...u...#.(...R.|..H.. ....FE...z>.s....xu..1].6.|.4..2....L...]d...=.ME.<.......s.5.../......t.%..-u..A...s..a........r(..a7Sp..p..W...zYY..;...A.H.Zdh*kKT.C.h.Y..~.c....Ss~:.,....H..=.3.%.,...Lt.x./.[N.w.V2C!.sm...x.~W9&....#.Z.{.i...>.....Z...w.+.,.......s...v.}..3S,..HP..Y.CL^...p...8.iA.4.N.I8.+....;....Gg....T.F.....NcU../...hi....+.$.Pn....aO>.3.9.....:.y....W$(..wV].)..A*...I..^f...

          C:\Users\user\Downloads\BNAGMGSPLO.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8413278238960595
          Encrypted:false
          SSDEEP:
          MD5:C0AFCD9C03581A68405EF9757123216E
          SHA1:1755355338DC0EF52AC4415BF729066326905EE5
          SHA-256:A307BD823A93797D9C651AE34CF37269ADD137BFDEE64E6B5E45B69C5D81A51B
          SHA-512:70635ECF1277E92C833AE7017426C30DD3BE48527783560A7F39BC3F4F8AEE7FAC23966C22438BAC8EAC72C48890D50C897D88ECE6868CC07909D8696B47A21C
          Malicious:false
          Reputation:unknown
          Preview:BNAGM...}.A.FC.7....n..[.T..n.Tp.V...T...=.#%...4.!.=;....+(5~.,.u........M.P...L.%....%..5.M..&.;...........#v..l.1..}....T.>..p9..5h..Q.....A.....60P:.a..$i..T..+...q...L"Z.{.....p...F.UA..).....S.....K...<Zi..e.^..B....OZ!...l#...4.*..C5H.j/.1.n.._......z.@.....oV.N...g...+.0....}.m..`..X^G.B......UP.o..G"qp.n......g..^.(.g_O...b.T.j...i./w...H9.<=Pk...%.~..C..n..%n........3..z..r]..*i.sX.*..v8.~.S...w..=J.......U.E.2Ts.y...x.p.?:..$..T.H......,....`...#6.*...O%.o.3.*..'UmcNX.(..!.jF.U.A....N>.V.5..%..-&_Q...-Fg:..5..X......hfh..#..r.:+B...%..g+.....CdX...yl.3S.y.0....E...p......V.#.%_N../..P.....?..^...........U....Rd.9........^1..+.0..wJ...#..j...c...#.z.U$..?.............<C....%u%T.......aA.}e.P.....}.Z..c..Xe...V7......\\.v}..0..............z$.u;.m.#. `.....!j.A.,..%.w.x. m.....qs.......)G....R.%@.....V...k..P.nXR..9.........Ni.R.......p...,..6 D.)..J1...v'.A..@`c.j.....o.....:D*..}m."..wpy....L...uz|..5R..6|..M"N.c..k...

          C:\Users\user\Downloads\BNAGMGSPLO.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C0AFCD9C03581A68405EF9757123216E
          SHA1:1755355338DC0EF52AC4415BF729066326905EE5
          SHA-256:A307BD823A93797D9C651AE34CF37269ADD137BFDEE64E6B5E45B69C5D81A51B
          SHA-512:70635ECF1277E92C833AE7017426C30DD3BE48527783560A7F39BC3F4F8AEE7FAC23966C22438BAC8EAC72C48890D50C897D88ECE6868CC07909D8696B47A21C
          Malicious:false
          Reputation:unknown
          Preview:BNAGM...}.A.FC.7....n..[.T..n.Tp.V...T...=.#%...4.!.=;....+(5~.,.u........M.P...L.%....%..5.M..&.;...........#v..l.1..}....T.>..p9..5h..Q.....A.....60P:.a..$i..T..+...q...L"Z.{.....p...F.UA..).....S.....K...<Zi..e.^..B....OZ!...l#...4.*..C5H.j/.1.n.._......z.@.....oV.N...g...+.0....}.m..`..X^G.B......UP.o..G"qp.n......g..^.(.g_O...b.T.j...i./w...H9.<=Pk...%.~..C..n..%n........3..z..r]..*i.sX.*..v8.~.S...w..=J.......U.E.2Ts.y...x.p.?:..$..T.H......,....`...#6.*...O%.o.3.*..'UmcNX.(..!.jF.U.A....N>.V.5..%..-&_Q...-Fg:..5..X......hfh..#..r.:+B...%..g+.....CdX...yl.3S.y.0....E...p......V.#.%_N../..P.....?..^...........U....Rd.9........^1..+.0..wJ...#..j...c...#.z.U$..?.............<C....%u%T.......aA.}e.P.....}.Z..c..Xe...V7......\\.v}..0..............z$.u;.m.#. `.....!j.A.,..%.w.x. m.....qs.......)G....R.%@.....V...k..P.nXR..9.........Ni.R.......p...,..6 D.)..J1...v'.A..@`c.j.....o.....:D*..}m."..wpy....L...uz|..5R..6|..M"N.c..k...

          C:\Users\user\Downloads\GAOBCVIQIJ.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.874243554706245
          Encrypted:false
          SSDEEP:
          MD5:2378F2B09B086B36B41E192FF7C53DBC
          SHA1:738E7CF66D4B3CA0DE6901B0EF03E130F2F1EC70
          SHA-256:AE5FADBA5C1D52BDBFD83B114FBC15B55D1AF8C45E75D5AF3AA1AC530A2FA3CE
          SHA-512:80151E13D65F7F38F1C416F599DFC65FF0214F1D223F3F5C7BFE89F6BE21AF91331CBCDCE0815BDE6DE7A2372086B0D5494061A6D2136290FB919D40E58CEEA6
          Malicious:false
          Reputation:unknown
          Preview:GAOBCU.S.Z.*..-..y{.|TV......,.)^\n>Z..E*...\.....-...f.....d..+.a.cMn.....f.......k.e...D....Q..-...m...DI`n....).[ep.?.].....3.YF...bS....#q.j..w...=.V......u..j.....=~.l.|I~.....[JS.R*f...............R.AD...$..I........N...}.s./{.......Q...[.o.U...oF.....p....NS..m.8.}.Ut',...<h'|A.5..u9x.&.B.1}...~.$........=j....3J#..6...#..X.^yG......(.........{.:...2.z.!zc.;.<..:}.......y;u.`......^s.N]..r....!..F{...v-.u....8.}wd:..,9.u...../^.X....f.y.J.v. oa..I...../...y.....=.o4....}..!.+...P.Tz.....|.....f...;f..:^E\.R.tn..o..i..tv.!whG9...{,@No=t}.[mP.h6...........>..?>..j..l.j..\...Y=y..-...Q`A <..:....`P.3.(.y!.....r...... ..+.U....5.EP0W..M..V}....R...F..Y.&X...@'....#..c.y.....0oJ.^.Z......>.q.KZ%.p=t....t.....08.C...".6.L...2..7:.J.....9.8#.Y\........Vq.c.....@......g..q.S..".S)n.., ./..RN...K........9I...@..ynp#Of^9..\d.......qH.....d.... ...,6q..`..po..q.c....)..8..i$.>lb.O;.o.)...n9M4m.]....U+.G...7..!..n=xxI.~]:..'.8...6N...#.[....

          C:\Users\user\Downloads\GAOBCVIQIJ.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2378F2B09B086B36B41E192FF7C53DBC
          SHA1:738E7CF66D4B3CA0DE6901B0EF03E130F2F1EC70
          SHA-256:AE5FADBA5C1D52BDBFD83B114FBC15B55D1AF8C45E75D5AF3AA1AC530A2FA3CE
          SHA-512:80151E13D65F7F38F1C416F599DFC65FF0214F1D223F3F5C7BFE89F6BE21AF91331CBCDCE0815BDE6DE7A2372086B0D5494061A6D2136290FB919D40E58CEEA6
          Malicious:false
          Reputation:unknown
          Preview:GAOBCU.S.Z.*..-..y{.|TV......,.)^\n>Z..E*...\.....-...f.....d..+.a.cMn.....f.......k.e...D....Q..-...m...DI`n....).[ep.?.].....3.YF...bS....#q.j..w...=.V......u..j.....=~.l.|I~.....[JS.R*f...............R.AD...$..I........N...}.s./{.......Q...[.o.U...oF.....p....NS..m.8.}.Ut',...<h'|A.5..u9x.&.B.1}...~.$........=j....3J#..6...#..X.^yG......(.........{.:...2.z.!zc.;.<..:}.......y;u.`......^s.N]..r....!..F{...v-.u....8.}wd:..,9.u...../^.X....f.y.J.v. oa..I...../...y.....=.o4....}..!.+...P.Tz.....|.....f...;f..:^E\.R.tn..o..i..tv.!whG9...{,@No=t}.[mP.h6...........>..?>..j..l.j..\...Y=y..-...Q`A <..:....`P.3.(.y!.....r...... ..+.U....5.EP0W..M..V}....R...F..Y.&X...@'....#..c.y.....0oJ.^.Z......>.q.KZ%.p=t....t.....08.C...".6.L...2..7:.J.....9.8#.Y\........Vq.c.....@......g..q.S..".S)n.., ./..RN...K........9I...@..ynp#Of^9..\d.......qH.....d.... ...,6q..`..po..q.c....)..8..i$.>lb.O;.o.)...n9M4m.]....U+.G...7..!..n=xxI.~]:..'.8...6N...#.[....

          C:\Users\user\Downloads\IPKGELNTQY.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.858764711613369
          Encrypted:false
          SSDEEP:
          MD5:CA22BE4EE0F4B9B91D54DFCC02850755
          SHA1:BED4BDC1B9E02A372FDF0DE7D8B0C1341EF23682
          SHA-256:5D61D3A14F9C4A210AF80847056723372678991FB7D37EC0218095BACF5DDD89
          SHA-512:FDDC722EA294368ADFDAD39473AE623C75948E2984D81162FF9A792DBBDE230E1C200A15C39DC9B67028A1E6087559A2E3CB421C31B14AFFA0AA04B96F8F84E0
          Malicious:false
          Reputation:unknown
          Preview:IPKGEE.K..^.m....Q..+.,g3..3/...aTn...[b...\.YEL.2.....w_..R>=.K7Go........$d"3U.{.....h.bA......|.....{N+......B..$erdP..JI.4..$.G..RDF&......@.....:....xJ.........5.E&..sx.$..W..".QoqS.)E....&~t;...9..;.R.\FE...t...7.....37.......g..$X...VA....>..b7X\^......0.;...AL!......uF.#.Vk.).S ....:Y>...z...I.@.o.U.C......gw%..f".tN.a..#<B.!M...E...]..U.QX.(.....z..........Z..w..,.QF...\........a2<uw....j<..bC.?[.P8T.X.:D..Q..x....5......d(TaaS.F.T...0^....7.8(y...2.g..B[y..B...b....<.)....vt.N..K.........]......w....L......2..'..~mp8q./o.-../.,...=[..02$...X..<$%DJ..>d.........+f....u .}.aA..H..t...dNj.`..j...K/.dPd..%.].S.....o...._.S....m..Ii...Y.....H.......|..p.Ro.......F.'83&e.D.aqV-.O1.:.........3..>ct43l..LQ.@z..3[......{/Y......P..K[...p.5Z..-.2j6.Y.F.g.>>....d..Rk.....WY.Z......B.Hm...Kv.....6.&.a...+..:)G.'..p.H.v.HO./......nt.-.ug..K..z..W.....n.,W.....@K....yr..N...?H...z.o.F.wO...../...7.K....0.....qZ...0...r..5.)..)m8....2...j.

          C:\Users\user\Downloads\IPKGELNTQY.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CA22BE4EE0F4B9B91D54DFCC02850755
          SHA1:BED4BDC1B9E02A372FDF0DE7D8B0C1341EF23682
          SHA-256:5D61D3A14F9C4A210AF80847056723372678991FB7D37EC0218095BACF5DDD89
          SHA-512:FDDC722EA294368ADFDAD39473AE623C75948E2984D81162FF9A792DBBDE230E1C200A15C39DC9B67028A1E6087559A2E3CB421C31B14AFFA0AA04B96F8F84E0
          Malicious:false
          Reputation:unknown
          Preview:IPKGEE.K..^.m....Q..+.,g3..3/...aTn...[b...\.YEL.2.....w_..R>=.K7Go........$d"3U.{.....h.bA......|.....{N+......B..$erdP..JI.4..$.G..RDF&......@.....:....xJ.........5.E&..sx.$..W..".QoqS.)E....&~t;...9..;.R.\FE...t...7.....37.......g..$X...VA....>..b7X\^......0.;...AL!......uF.#.Vk.).S ....:Y>...z...I.@.o.U.C......gw%..f".tN.a..#<B.!M...E...]..U.QX.(.....z..........Z..w..,.QF...\........a2<uw....j<..bC.?[.P8T.X.:D..Q..x....5......d(TaaS.F.T...0^....7.8(y...2.g..B[y..B...b....<.)....vt.N..K.........]......w....L......2..'..~mp8q./o.-../.,...=[..02$...X..<$%DJ..>d.........+f....u .}.aA..H..t...dNj.`..j...K/.dPd..%.].S.....o...._.S....m..Ii...Y.....H.......|..p.Ro.......F.'83&e.D.aqV-.O1.:.........3..>ct43l..LQ.@z..3[......{/Y......P..K[...p.5Z..-.2j6.Y.F.g.>>....d..Rk.....WY.Z......B.Hm...Kv.....6.&.a...+..:)G.'..p.H.v.HO./......nt.-.ug..K..z..W.....n.,W.....@K....yr..N...?H...z.o.F.wO...../...7.K....0.....qZ...0...r..5.)..)m8....2...j.

          C:\Users\user\Downloads\MXPXCVPDVN.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8608340502903085
          Encrypted:false
          SSDEEP:
          MD5:71B67C161E7A961A6B75B38B7EC05015
          SHA1:600928AC2569176D5DB30AA5F2F2E5E7D5001AAE
          SHA-256:D80F2D65C1B760E337F052FEF5A1EB46795A396F891174001531E14BE358543A
          SHA-512:4F1944FAFF68EF14011202AB9A637FD1498387DF89F224ADCE75BBE1D0D2DB1015CF5E5EFB12472F49A3B6C3E7C71A266ABA48C904A0837F77C2977F335FFBDB
          Malicious:false
          Reputation:unknown
          Preview:MXPXC.".........B>......tK..i%O..,\...9....:<..C.!..mx7./Tb.3,.../...bg.=......_.w3.x,\1.: ?[pYZq...aDap.W..;#...s.z.......O..g.......B6.?....y.|Y6.~`.Y1..Y.R.$......^.k.G.........P.9.`........v>D......P|...I..`.T..>.o..k..9m_..(.o..$?.f.......:K..J...(....xV.....g{.E.fm...lZ*.Y..u.q..i.>}._.....+.w...x..x..uq......:.J..o.`./H.MT.`N............t...t|...i..B.....;.".j.<z...{.....\'R.......)JE...K)Y..5>P+..B....:'..]..o........I3-..H..;C.........^~e.......8O.R.....%. O....*..,.Fa.4....n......N...N.B..%.f.c..7y.eS..r..){M%W.?U....=ZJ[........|~.&g.8q.x.3,D<54...$KZ...;...>.\.x...Y'#.X.....a?=u. .\......'G1.<.nl8..@.YT.....S....q...;...>9g.*.7..O...CD..&.f...;F.......;U.....=`.\...".....I.V...n..t.G.@sQmQWM.}..^.U%.d. ...6....9i.?.15^.Tj...kl...,1F.U...7.h.N@.$.Bx...V..u.ch..... {...=d.T......c.F<..I....(....f...m.C"..x...L..^|.."<W$r.@q$..l..>........V..%%......Y.j.....+0...ne..*aC.x..f*."-.s...}W.1.P^.....V&..&...........O.....z.N..A.r.2...t...

          C:\Users\user\Downloads\MXPXCVPDVN.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:71B67C161E7A961A6B75B38B7EC05015
          SHA1:600928AC2569176D5DB30AA5F2F2E5E7D5001AAE
          SHA-256:D80F2D65C1B760E337F052FEF5A1EB46795A396F891174001531E14BE358543A
          SHA-512:4F1944FAFF68EF14011202AB9A637FD1498387DF89F224ADCE75BBE1D0D2DB1015CF5E5EFB12472F49A3B6C3E7C71A266ABA48C904A0837F77C2977F335FFBDB
          Malicious:false
          Reputation:unknown
          Preview:MXPXC.".........B>......tK..i%O..,\...9....:<..C.!..mx7./Tb.3,.../...bg.=......_.w3.x,\1.: ?[pYZq...aDap.W..;#...s.z.......O..g.......B6.?....y.|Y6.~`.Y1..Y.R.$......^.k.G.........P.9.`........v>D......P|...I..`.T..>.o..k..9m_..(.o..$?.f.......:K..J...(....xV.....g{.E.fm...lZ*.Y..u.q..i.>}._.....+.w...x..x..uq......:.J..o.`./H.MT.`N............t...t|...i..B.....;.".j.<z...{.....\'R.......)JE...K)Y..5>P+..B....:'..]..o........I3-..H..;C.........^~e.......8O.R.....%. O....*..,.Fa.4....n......N...N.B..%.f.c..7y.eS..r..){M%W.?U....=ZJ[........|~.&g.8q.x.3,D<54...$KZ...;...>.\.x...Y'#.X.....a?=u. .\......'G1.<.nl8..@.YT.....S....q...;...>9g.*.7..O...CD..&.f...;F.......;U.....=`.\...".....I.V...n..t.G.@sQmQWM.}..^.U%.d. ...6....9i.?.15^.Tj...kl...,1F.U...7.h.N@.$.Bx...V..u.ch..... {...=d.T......c.F<..I....(....f...m.C"..x...L..^|.."<W$r.@q$..l..>........V..%%......Y.j.....+0...ne..*aC.x..f*."-.s...}W.1.P^.....V&..&...........O.....z.N..A.r.2...t...

          C:\Users\user\Downloads\MXPXCVPDVN.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.846055761466295
          Encrypted:false
          SSDEEP:
          MD5:E9B746553A89A4A8B500B6D90EED39D6
          SHA1:AB9F5E45EE55E7A3FB100913B61A07146BBE691E
          SHA-256:2AD28830669CD728F91D12D6171594A831E7E8524E205828445C9F3F1910E26E
          SHA-512:AEE3E5CC9AA2A9E8E1EEDCBDF56203A5098556635D33C860E6778490DDBC08835CDF576ACBE49C014414B438F91CD474CAA031C46C9F8BD7D1073AE8B40964FA
          Malicious:false
          Reputation:unknown
          Preview:MXPXC...W...{.j.G....m:>t.Lp".H..l.dg...1..C.G..C.9..%6.....*cO.Vg.v.S......(An^.S..l..F#..7^....Z...q.4D....}l....2..W...B.5e...Zg....."?.....P...f....'|...I....0.r..G.Qh]8..9..&.Cz...E..^.......>Dh.R>..kUt....../{mQ.9)..?.B.]z......OUd..B.q..N..z;#h.{....J9.. .L~&.....N|.\.5...0..E ..6.1..{8..,......R...<>.,4..U.....l.....1es.........W....;.....u...Cj4..T..\..$NM...$../..P...gV3^y.-.*m...<./.2....B...n..hH....J2...Hl-.t..{..'U.p.9..D...%........s.1_.P.d....n._..rv..)..}..[..R.X..n..p..:.e.....l..Q.Z.a.NZ7)"O..t..x.}.D.S.....?\. .P....Zg.:._.h...1R$'......i....bl0.r......q..P2gPT#U%(.]F.*'....y........$..[b...<;..g...Y..d.49g-f....Sm...........I......Xf....^5,..X.....).,.T..zTaDd...$(_AGd..x.%..T...9Q.s.%.7|u..<....,u.c..QlL<|[...n.B;.......em....b.0H<....Y.5p........x:.D.;.X.x........T......<]...B.u......YjE...gxh.T....."+..2.Z...iS.?.S.C.kt..,#.dM...\.a.d..]."..).-...."..^..?.T..g&s?5...^ca.]J.>....P..|%*X.L.l.+.......me..;...T

          C:\Users\user\Downloads\MXPXCVPDVN.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E9B746553A89A4A8B500B6D90EED39D6
          SHA1:AB9F5E45EE55E7A3FB100913B61A07146BBE691E
          SHA-256:2AD28830669CD728F91D12D6171594A831E7E8524E205828445C9F3F1910E26E
          SHA-512:AEE3E5CC9AA2A9E8E1EEDCBDF56203A5098556635D33C860E6778490DDBC08835CDF576ACBE49C014414B438F91CD474CAA031C46C9F8BD7D1073AE8B40964FA
          Malicious:false
          Reputation:unknown
          Preview:MXPXC...W...{.j.G....m:>t.Lp".H..l.dg...1..C.G..C.9..%6.....*cO.Vg.v.S......(An^.S..l..F#..7^....Z...q.4D....}l....2..W...B.5e...Zg....."?.....P...f....'|...I....0.r..G.Qh]8..9..&.Cz...E..^.......>Dh.R>..kUt....../{mQ.9)..?.B.]z......OUd..B.q..N..z;#h.{....J9.. .L~&.....N|.\.5...0..E ..6.1..{8..,......R...<>.,4..U.....l.....1es.........W....;.....u...Cj4..T..\..$NM...$../..P...gV3^y.-.*m...<./.2....B...n..hH....J2...Hl-.t..{..'U.p.9..D...%........s.1_.P.d....n._..rv..)..}..[..R.X..n..p..:.e.....l..Q.Z.a.NZ7)"O..t..x.}.D.S.....?\. .P....Zg.:._.h...1R$'......i....bl0.r......q..P2gPT#U%(.]F.*'....y........$..[b...<;..g...Y..d.49g-f....Sm...........I......Xf....^5,..X.....).,.T..zTaDd...$(_AGd..x.%..T...9Q.s.%.7|u..<....,u.c..QlL<|[...n.B;.......em....b.0H<....Y.5p........x:.D.;.X.x........T......<]...B.u......YjE...gxh.T....."+..2.Z...iS.?.S.C.kt..,#.dM...\.a.d..]."..).-...."..^..?.T..g&s?5...^ca.]J.>....P..|%*X.L.l.+.......me..;...T

          C:\Users\user\Downloads\NEBFQQYWPS.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8164873174360725
          Encrypted:false
          SSDEEP:
          MD5:B3923FD4A5915EA23414887F23F0E6FD
          SHA1:E188F920551137E3461E0E37E05578F0BEA97721
          SHA-256:EC977FAF8C0D43108202C8296A81FCC4E1BD0F804C8939F5D775AA6575CBE988
          SHA-512:F586CD4C7D458FD359082DAE2A74009C05C787199289C1EDFA05C541CED7D9FB01AE3C92B05E09E5EFB57DAADF10FA762287853AED2CB3F58D14DC1B8BC397ED
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ..KO....#7g....{<.X#.S.R.f.K.x...xr.m.c...'a....c..a..b..D.....m.$?.ubJ.._.h..o...S.(.r{...Qfq..8$M1.]..B.o.GQ~D,=..3.......5..m].....^..+-}j9`\d.....8..J.....(O....cQ.1[.q......s.{.1U..U...F>.......A.$j.....G...f.Q!s..,u...O]<......F.b..l....#....C`...k.....#..."I....,i.....e@)`...2j`....#^..S..O#e......I.....K~.0...k.....y...D.K9u..II.nQI.i...c.......p.^i...,.'.+.'N-...1_..0=\...t'[.l......U.U...nn5...A54.....X..C..........;...~y..g..C./...B....H...M1.VK.0..}...6L..fY.7.......d..j...F....m.fQI8..u.s.....=.......f.]..\..ZiS..D.."......aRW...:.i.u...c.Ts..4....i.d.2....s...LJ4,....aA.!..'..2..z`@....N.3.H....xJ.Ik.5.'.hR ..r.....nn...O.....`r..p};...*j.W..h....0....h..Oq.....Ru5.60.h.~..*..y.QJ.nA..x~.W....u.D..\1y+I..}........]......U>=;.~5"Gx?....R,.i..m(.&..s....f.M........0..&.....*(.D}.5..m..[.RKT..g.......y>d.?....1..........W..g5.-S..W..".x.m.....f...[..5..yd.h.vB.e..&.u..;.f...r..{..]...Z..}.;.........$.Z[e...|....

          C:\Users\user\Downloads\NEBFQQYWPS.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B3923FD4A5915EA23414887F23F0E6FD
          SHA1:E188F920551137E3461E0E37E05578F0BEA97721
          SHA-256:EC977FAF8C0D43108202C8296A81FCC4E1BD0F804C8939F5D775AA6575CBE988
          SHA-512:F586CD4C7D458FD359082DAE2A74009C05C787199289C1EDFA05C541CED7D9FB01AE3C92B05E09E5EFB57DAADF10FA762287853AED2CB3F58D14DC1B8BC397ED
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ..KO....#7g....{<.X#.S.R.f.K.x...xr.m.c...'a....c..a..b..D.....m.$?.ubJ.._.h..o...S.(.r{...Qfq..8$M1.]..B.o.GQ~D,=..3.......5..m].....^..+-}j9`\d.....8..J.....(O....cQ.1[.q......s.{.1U..U...F>.......A.$j.....G...f.Q!s..,u...O]<......F.b..l....#....C`...k.....#..."I....,i.....e@)`...2j`....#^..S..O#e......I.....K~.0...k.....y...D.K9u..II.nQI.i...c.......p.^i...,.'.+.'N-...1_..0=\...t'[.l......U.U...nn5...A54.....X..C..........;...~y..g..C./...B....H...M1.VK.0..}...6L..fY.7.......d..j...F....m.fQI8..u.s.....=.......f.]..\..ZiS..D.."......aRW...:.i.u...c.Ts..4....i.d.2....s...LJ4,....aA.!..'..2..z`@....N.3.H....xJ.Ik.5.'.hR ..r.....nn...O.....`r..p};...*j.W..h....0....h..Oq.....Ru5.60.h.~..*..y.QJ.nA..x~.W....u.D..\1y+I..}........]......U>=;.~5"Gx?....R,.i..m(.&..s....f.M........0..&.....*(.D}.5..m..[.RKT..g.......y>d.?....1..........W..g5.-S..W..".x.m.....f...[..5..yd.h.vB.e..&.u..;.f...r..{..]...Z..}.;.........$.Z[e...|....

          C:\Users\user\Downloads\NEBFQQYWPS.pdf

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.845911989820223
          Encrypted:false
          SSDEEP:
          MD5:9259F36CE24CC6A813A6D3579FA14665
          SHA1:4C5BAAD3C2FF1B0EAD5A356576883E9D22029AF4
          SHA-256:520DB1E8C6FCE115A057182E9EECF35A801D2F82FE99DB97DA7FE6B348EF0EBE
          SHA-512:95172ABECB54DD345FCAAC91A086F771DF68EABFD0AF7724E7A55BD1B8D5D0946BA02EBE2FA45F70B2328E213B6842A86DD54859AFDE977D8C16D26E0B696294
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ.y...=....SN..tnR.WU=.:[....j..&....r<(..y.}...u.gX.._.....Y..o............D.......^d..../)..H..O..!...y.,...?............3.K........($I........z..g2/....)..3.M. \.U.Y.l...qyA.....{../8.].=J,.H..#]w".R...8....tc..........S...o..(.NSC.W...|M.g>..l..t.7.u.....I+B...hk.....G.HL..`.n.91wk....E.r...XY*<.y.\.x...9.h.4.....Y..Ef...k...M.k..x.......r.."...u..C....yJ%...*._.}..C.^X../....LT.H..t..g..M.=......'b.5.g.!..3...5(......l.^$p......?/tQ.d..K.....o.}P..9...xU.28...f.9. .@e...%...`.....RxQ..Wr.dkn.BX...k................,..."...s.)..u..Ft9R....q..).K...8R6wz.......@..'C..g.....7..i..l...aN..4../...O.....X,.f.MPL].....U.oi..{,...veS..l......m..,........Q.......n&.ce7..g%.?.3.].z[7(....).+u.>w.n.......d..nW.y............!/....Sr...U...".K)1..p.u..a.h.}......5f`..{.vv..>...H.......yr.?..O.>...).Q._....w;....@W.O.%k..U..~.../. ..9......;}..}......%K......08.z..s......S...P...E.K.....Hv.d......w/..cf.~...D4...x^Zl.5)..%k...>....

          C:\Users\user\Downloads\NEBFQQYWPS.pdf.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9259F36CE24CC6A813A6D3579FA14665
          SHA1:4C5BAAD3C2FF1B0EAD5A356576883E9D22029AF4
          SHA-256:520DB1E8C6FCE115A057182E9EECF35A801D2F82FE99DB97DA7FE6B348EF0EBE
          SHA-512:95172ABECB54DD345FCAAC91A086F771DF68EABFD0AF7724E7A55BD1B8D5D0946BA02EBE2FA45F70B2328E213B6842A86DD54859AFDE977D8C16D26E0B696294
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ.y...=....SN..tnR.WU=.:[....j..&....r<(..y.}...u.gX.._.....Y..o............D.......^d..../)..H..O..!...y.,...?............3.K........($I........z..g2/....)..3.M. \.U.Y.l...qyA.....{../8.].=J,.H..#]w".R...8....tc..........S...o..(.NSC.W...|M.g>..l..t.7.u.....I+B...hk.....G.HL..`.n.91wk....E.r...XY*<.y.\.x...9.h.4.....Y..Ef...k...M.k..x.......r.."...u..C....yJ%...*._.}..C.^X../....LT.H..t..g..M.=......'b.5.g.!..3...5(......l.^$p......?/tQ.d..K.....o.}P..9...xU.28...f.9. .@e...%...`.....RxQ..Wr.dkn.BX...k................,..."...s.)..u..Ft9R....q..).K...8R6wz.......@..'C..g.....7..i..l...aN..4../...O.....X,.f.MPL].....U.oi..{,...veS..l......m..,........Q.......n&.ce7..g%.?.3.].z[7(....).+u.>w.n.......d..nW.y............!/....Sr...U...".K)1..p.u..a.h.}......5f`..{.vv..>...H.......yr.?..O.>...).Q._....w;....@W.O.%k..U..~.../. ..9......;}..}......%K......08.z..s......S...P...E.K.....Hv.d......w/..cf.~...D4...x^Zl.5)..%k...>....

          C:\Users\user\Downloads\NEBFQQYWPS.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.85468349675879
          Encrypted:false
          SSDEEP:
          MD5:3E37E71CD11EA5DE9427EC675CA5A4C1
          SHA1:59AFF55FA9AB568246CF3FA9F2797C7725236065
          SHA-256:12C2534041DB384788E893D767BB77297385DF1DAE2A424626449AF4FC782380
          SHA-512:18B1DC9D2A0CEB5322B57254E25E08FAFB50B2A5518627B576A27DBAB89F6A75477AC20BCC2262C3951DBC2D63B210E03945A31D14977FD4EE87E2C855E9A252
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ......x...x[$.[..../.8.......W.......3..W./..>y...>.?....N?N......._.......~g.W...h.....;..a.O...h)].0..88r.?4<.pL'......^.g...I.`......Ex...[%..H..?..rk....y*...p.u.^...M^..v...w.&RI.W.....H.t)I..Wh.....e...^..'.\.K.+ ..9.oF}.`t.#..e.).....g....^.u..(.I............Y.#...X.*C.8.....K.R.g...s..i<.TA...J...7f..j.`..Pq.e.5....v|..j..$.XX.O"...Q.I,.8..2...@........j..,.51hp_.9-.b.|./.....5.j. .<.i3.)....... .kh....1N....?.Z_0^...?H.'n..+.0z......>..<..N.9...Uz...81z_kF.$.$.5Q.F....e....l...}.a./.m|.....(.....R."B.,*.i,.W..'.Jdk.....}V. .y....y.4....yv.l`c?.#.T.t@...o.K.......:F...R..NM..&...E>.../.....3..!Ml..[...Yn./.9[.#:'..~o..k8O.....W>...NV.l.6.......@.h.L.f.y#.a..T.l.....4m"3.v=..n..^k.....s?.....T!j.....,..+&1........6.q.'C.0@E.C{...%JG...H\.~..c......z.A.T..E.Tfg...v.!.....u-v..h..+..o&l;|..b.H.&:....(o..[?.h.u...!,w~.G...47.%}|.R.c.U..!Ow.o.Z.=...7..7.....k.Y..c...b#i..n.b...RB.R.7..R..{.....00b>..>(^...QK......L.DT.

          C:\Users\user\Downloads\NEBFQQYWPS.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3E37E71CD11EA5DE9427EC675CA5A4C1
          SHA1:59AFF55FA9AB568246CF3FA9F2797C7725236065
          SHA-256:12C2534041DB384788E893D767BB77297385DF1DAE2A424626449AF4FC782380
          SHA-512:18B1DC9D2A0CEB5322B57254E25E08FAFB50B2A5518627B576A27DBAB89F6A75477AC20BCC2262C3951DBC2D63B210E03945A31D14977FD4EE87E2C855E9A252
          Malicious:false
          Reputation:unknown
          Preview:NEBFQ......x...x[$.[..../.8.......W.......3..W./..>y...>.?....N?N......._.......~g.W...h.....;..a.O...h)].0..88r.?4<.pL'......^.g...I.`......Ex...[%..H..?..rk....y*...p.u.^...M^..v...w.&RI.W.....H.t)I..Wh.....e...^..'.\.K.+ ..9.oF}.`t.#..e.).....g....^.u..(.I............Y.#...X.*C.8.....K.R.g...s..i<.TA...J...7f..j.`..Pq.e.5....v|..j..$.XX.O"...Q.I,.8..2...@........j..,.51hp_.9-.b.|./.....5.j. .<.i3.)....... .kh....1N....?.Z_0^...?H.'n..+.0z......>..<..N.9...Uz...81z_kF.$.$.5Q.F....e....l...}.a./.m|.....(.....R."B.,*.i,.W..'.Jdk.....}V. .y....y.4....yv.l`c?.#.T.t@...o.K.......:F...R..NM..&...E>.../.....3..!Ml..[...Yn./.9[.#:'..~o..k8O.....W>...NV.l.6.......@.h.L.f.y#.a..T.l.....4m"3.v=..n..^k.....s?.....T!j.....,..+&1........6.q.'C.0@E.C{...%JG...H\.~..c......z.A.T..E.Tfg...v.!.....u-v..h..+..o&l;|..b.H.&:....(o..[?.h.u...!,w~.G...47.%}|.R.c.U..!Ow.o.Z.=...7..7.....k.Y..c...b#i..n.b...RB.R.7..R..{.....00b>..>(^...QK......L.DT.

          C:\Users\user\Downloads\NVWZAPQSQL.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.857056588865544
          Encrypted:false
          SSDEEP:
          MD5:69025B4BB2DC2E75EE541BABD05E7967
          SHA1:A76D4E3330A0865846041802C067751E562E8971
          SHA-256:9DFC0057B202C8936B77C2735AC45DF0C9A43C29AE1E3826E81C8C0551F5BACD
          SHA-512:4524C9D16AC1CDC621CF3C0FCB86A44A0E11662705271F152E6AC859358BD93E3F79184CEB892716249E9E1D554ABD1880F9BE424F4B70853D8F61A9C0B394C4
          Malicious:false
          Reputation:unknown
          Preview:NVWZA!.t..9.... .......F.]RC]...k.4.....mn.c0.7...lr..n..q.c..W.e.....*.t....XwJ.....Bf!.....SJGT.y...Qm..[..4.Y]..Z....w.O3nyR.ak.....[.@...@.0...-..<.....+.ov....dX.n...>.K....y..k.]P=....rV6....k}...64`icv./.......IK..B...T.....^..7H.......X..'$.9...U...m.Y7....t1.N....p..>.9.y.V..m.U.i..@.~@,O.1H*...u.i.<......*]./.. ...=<...D.....!.P......F.......|.G.H'.VYg..i.;....8.'.C.f.hR..w...v...3+.:.Vyg...n^`#z......"P...V....n..'.5<M..rr.`.t..~..q3..K.\.....a.^.7....~.i.LP......].~.!.....F.MHH7....kbyb.......rz.j[.K.....2.F..;.^.G.k9.]1.&.z..%&q.dCd!Av.....>.~WF..$.+d.......8W..r~/{d.Jl.B..\..g...R.#!.Z6.|..6@NMN.......X*.N..>..P..Fb49@3z............54......&}.../.H.....7=$.r...E..m..".4Ow:MJ\)_H`Q....v..A..q..X6..0.\..B..2..OM.|.^v...{`RR ...$bN...@}4e.X..VE..Tw%..y..".y...D....s..._.RW..._m....[.2......!..#p..0\...G7...?...9.!....%..:..Wl_...o..(.r.zo .2...p.....%.X...;3.....Z...x--.{....rK.m.K...u...R!..7.......h.."......[.8.<T...~nd

          C:\Users\user\Downloads\NVWZAPQSQL.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:69025B4BB2DC2E75EE541BABD05E7967
          SHA1:A76D4E3330A0865846041802C067751E562E8971
          SHA-256:9DFC0057B202C8936B77C2735AC45DF0C9A43C29AE1E3826E81C8C0551F5BACD
          SHA-512:4524C9D16AC1CDC621CF3C0FCB86A44A0E11662705271F152E6AC859358BD93E3F79184CEB892716249E9E1D554ABD1880F9BE424F4B70853D8F61A9C0B394C4
          Malicious:false
          Reputation:unknown
          Preview:NVWZA!.t..9.... .......F.]RC]...k.4.....mn.c0.7...lr..n..q.c..W.e.....*.t....XwJ.....Bf!.....SJGT.y...Qm..[..4.Y]..Z....w.O3nyR.ak.....[.@...@.0...-..<.....+.ov....dX.n...>.K....y..k.]P=....rV6....k}...64`icv./.......IK..B...T.....^..7H.......X..'$.9...U...m.Y7....t1.N....p..>.9.y.V..m.U.i..@.~@,O.1H*...u.i.<......*]./.. ...=<...D.....!.P......F.......|.G.H'.VYg..i.;....8.'.C.f.hR..w...v...3+.:.Vyg...n^`#z......"P...V....n..'.5<M..rr.`.t..~..q3..K.\.....a.^.7....~.i.LP......].~.!.....F.MHH7....kbyb.......rz.j[.K.....2.F..;.^.G.k9.]1.&.z..%&q.dCd!Av.....>.~WF..$.+d.......8W..r~/{d.Jl.B..\..g...R.#!.Z6.|..6@NMN.......X*.N..>..P..Fb49@3z............54......&}.../.H.....7=$.r...E..m..".4Ow:MJ\)_H`Q....v..A..q..X6..0.\..B..2..OM.|.^v...{`RR ...$bN...@}4e.X..VE..Tw%..y..".y...D....s..._.RW..._m....[.2......!..#p..0\...G7...?...9.!....%..:..Wl_...o..(.r.zo .2...p.....%.X...;3.....Z...x--.{....rK.m.K...u...R!..7.......h.."......[.8.<T...~nd

          C:\Users\user\Downloads\PWCCAWLGRE.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.850301644184233
          Encrypted:false
          SSDEEP:
          MD5:A7D3D33BB191322C629330210039333A
          SHA1:E366533ECFC5553F35963B2B2B1DFD835E62AD8F
          SHA-256:F799C86FA31318EFCE6A7030AAE3F0D3128CC45DE94B83232D120695BA2B443D
          SHA-512:D5A7B623A492AE93993A14CFF83E051CA086D2ED5C0AD5BD30ACAF59B20287CE5A9B9DB98BD371371E11D23AC458DD15A480A3E133ACE9F14A49E84D2BC03F67
          Malicious:false
          Reputation:unknown
          Preview:PWCCA)\o.y.R.!*.J..q.v.....HO^l...\91`.a.N..5..|@xsF.1}9By.N.L.!.H.M\_.....g.I....*..c..bv..h....v.t..q..Z..........8....'%} .b.:..H...e!.y.!...[%M.t./.....y;.G.....B~..G.^.V........N..!..W.6..>...q.p>.....~...........).j..g..s.o...\V....s..H...d....v...j...\...l.........<5......m..._........,.....4c.......^.}.X@_.Y...?6.-:...+.>p..;dH'..)"B.^t.S.{h........[.d.B&...S.d.........x.t.......W.Y.g.o...X.h.t...}...Cc..z:hT..v..}.......].3..m..+)...VO..P3GP...74]j.t.M.'...-43..i&..,.QZA...T.+..dw............".{.}1....e..#|.?.... i./.....<.\$./.#E..Q"F...'ZI...c..b......]Pg...<H..._......fg...!..."....L.npE.p.y1......jo.5i7.f..".v..iH....B....?..C|...(#................'....&j.t6Ev...v.]..XM.7...O.....6..xZ .(.Q.SKok.......D..l...p....".$&..~j5n.T..ln.o...vU:RQ.D.QJ....I....@$.....D....6.......&..i".o.[e._.4..:.U....>W...l...}...B..n....NJ.B..L.R......P.'cc...,i,tq9.._.\...X..i...*h.....1{,.)......e.#E.&.S.El.z.}.8.b......._...+....2J.7...

          C:\Users\user\Downloads\PWCCAWLGRE.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A7D3D33BB191322C629330210039333A
          SHA1:E366533ECFC5553F35963B2B2B1DFD835E62AD8F
          SHA-256:F799C86FA31318EFCE6A7030AAE3F0D3128CC45DE94B83232D120695BA2B443D
          SHA-512:D5A7B623A492AE93993A14CFF83E051CA086D2ED5C0AD5BD30ACAF59B20287CE5A9B9DB98BD371371E11D23AC458DD15A480A3E133ACE9F14A49E84D2BC03F67
          Malicious:false
          Reputation:unknown
          Preview:PWCCA)\o.y.R.!*.J..q.v.....HO^l...\91`.a.N..5..|@xsF.1}9By.N.L.!.H.M\_.....g.I....*..c..bv..h....v.t..q..Z..........8....'%} .b.:..H...e!.y.!...[%M.t./.....y;.G.....B~..G.^.V........N..!..W.6..>...q.p>.....~...........).j..g..s.o...\V....s..H...d....v...j...\...l.........<5......m..._........,.....4c.......^.}.X@_.Y...?6.-:...+.>p..;dH'..)"B.^t.S.{h........[.d.B&...S.d.........x.t.......W.Y.g.o...X.h.t...}...Cc..z:hT..v..}.......].3..m..+)...VO..P3GP...74]j.t.M.'...-43..i&..,.QZA...T.+..dw............".{.}1....e..#|.?.... i./.....<.\$./.#E..Q"F...'ZI...c..b......]Pg...<H..._......fg...!..."....L.npE.p.y1......jo.5i7.f..".v..iH....B....?..C|...(#................'....&j.t6Ev...v.]..XM.7...O.....6..xZ .(.Q.SKok.......D..l...p....".$&..~j5n.T..ln.o...vU:RQ.D.QJ....I....@$.....D....6.......&..i".o.[e._.4..:.U....>W...l...}...B..n....NJ.B..L.R......P.'cc...,i,tq9.._.\...X..i...*h.....1{,.)......e.#E.&.S.El.z.}.8.b......._...+....2J.7...

          C:\Users\user\Downloads\PWCCAWLGRE.mp3

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.862551653360901
          Encrypted:false
          SSDEEP:
          MD5:BC44912CF8EC99FA594990FBE9FBF688
          SHA1:26B8FD64727063E04E6BDA5B78ED836A424A5C8C
          SHA-256:6822A2563E3CD15B2B41A899A3EB3A9650E584AE6C5E5F36BAEA284749359B45
          SHA-512:26D93AB0AA1BDFA11CB3A0E33F9629B3084E3D68E6136DE7461C1AAA544FB645C92675B3D1F2B07AFCCF3FA7AABC5BB8F8991240FBF191E3A7C0377A9B08F732
          Malicious:false
          Reputation:unknown
          Preview:PWCCA.C1..DY..E...~.R..W....k..6......?vW...?5;.[.5i.j..~H...........,F1.3.9+^...;w ....'&..R>.....i.z..C..3..`.......^..b...F....<U...h....r.s....D1G|..C....."..8.>zF2E.....&.G..)2..fI.@p....y.Z.oJ....... ^.VA.@X...4T..). .X.^..$.f.........%.I....\.<'...w.'.:..!I...fN..o.b.EDi... ae..(xs...!..K..S....9...Z.`.......6.....B....\N7O]..D......6F:..\t.U+..9...%...c.Kq...nNR.R.....~,..v.y.N....).\(G"&8(.z'..z{..../.......,...5..Lh;\..U..5.u..=.,.......n.i.{.W.z.:.Ol.X.n..v...k.Mt.4....#..{v...d.k.....!|*0..2..K.........K..].....1..'.wT....?"#....2.1.i.i.......uH.#.~.Z2.C......?..?.tn/......z.qO...... ."..X!z.i.).....G..<...ymV..F\.........x.8........S+.....,.[.....z.....F.d....l..`...+._.i}X..Wk...n#.....sOw.=k6.e.....=E........8..t.I..;...%...Kk.N....N...`.`..h.?..9./.jg......;.c*tWvl..]X!.k.|.....y]2..Rq..".Pie*...W.e3.<..z....V.....{.Y......9. |....n.R.p.+..[.K..J.ZY.1._"H.L2-...`.............f.rc.......U..uH..]..#..L0.J..|..|...

          C:\Users\user\Downloads\PWCCAWLGRE.mp3.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:BC44912CF8EC99FA594990FBE9FBF688
          SHA1:26B8FD64727063E04E6BDA5B78ED836A424A5C8C
          SHA-256:6822A2563E3CD15B2B41A899A3EB3A9650E584AE6C5E5F36BAEA284749359B45
          SHA-512:26D93AB0AA1BDFA11CB3A0E33F9629B3084E3D68E6136DE7461C1AAA544FB645C92675B3D1F2B07AFCCF3FA7AABC5BB8F8991240FBF191E3A7C0377A9B08F732
          Malicious:false
          Reputation:unknown
          Preview:PWCCA.C1..DY..E...~.R..W....k..6......?vW...?5;.[.5i.j..~H...........,F1.3.9+^...;w ....'&..R>.....i.z..C..3..`.......^..b...F....<U...h....r.s....D1G|..C....."..8.>zF2E.....&.G..)2..fI.@p....y.Z.oJ....... ^.VA.@X...4T..). .X.^..$.f.........%.I....\.<'...w.'.:..!I...fN..o.b.EDi... ae..(xs...!..K..S....9...Z.`.......6.....B....\N7O]..D......6F:..\t.U+..9...%...c.Kq...nNR.R.....~,..v.y.N....).\(G"&8(.z'..z{..../.......,...5..Lh;\..U..5.u..=.,.......n.i.{.W.z.:.Ol.X.n..v...k.Mt.4....#..{v...d.k.....!|*0..2..K.........K..].....1..'.wT....?"#....2.1.i.i.......uH.#.~.Z2.C......?..?.tn/......z.qO...... ."..X!z.i.).....G..<...ymV..F\.........x.8........S+.....,.[.....z.....F.d....l..`...+._.i}X..Wk...n#.....sOw.=k6.e.....=E........8..t.I..;...%...Kk.N....N...`.`..h.?..9./.jg......;.c*tWvl..]X!.k.|.....y]2..Rq..".Pie*...W.e3.<..z....V.....{.Y......9. |....n.R.p.+..[.K..J.ZY.1._"H.L2-...`.............f.rc.......U..uH..]..#..L0.J..|..|...

          C:\Users\user\Downloads\QNCYCDFIJJ.png

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8788624412930925
          Encrypted:false
          SSDEEP:
          MD5:0CB1D55279F265052A3E329DD8D392B0
          SHA1:70205EF4A9EC54880412A93A6FDF7D19B547C202
          SHA-256:85A59583ED52F035E6F71AB4E38B958172FF58EFF40787ABDAD03F3713CEF811
          SHA-512:5DD1662E4FEDC483FBDE6DC280CC319F37413D3ECB0D27C31AFC2287FA72D6111EEF9E240566CE5B291E651213CD52B2AEACBF429569A4535AA121EC3AF011FA
          Malicious:false
          Reputation:unknown
          Preview:QNCYC(.(...3.R.e..3.]R.......vj.t9...@.9.....P^.E(zA..*aD.P..>...b....2......f&.5DIFsiI.5.56Q.....w.. .....#l.c.F,....n9gk6'.......R..L....|v'..Q!q8..gB..3.0-=.[..,...,..".V.Xw.... ..E..XD .PI..C!..p7...K.Q/9.RZ...CX.;.O...T3.Z.N....^.........]vd_'.M.n?.Sb&u.N(..1.;7.5..fz..............K.......9o.....w....2....j..lI......E.H....#.....\Co(_.a...X..i..T...C0.".3_B5J.......#.B.$h..;.'..c.rz^..N.k.[O.y........+.&~.~@.......x.?.y...7.u.82.y.U&.d..w+E...q..../y.)..r...iu4.W..........{p...@u:..x..Sz..:.i.k{.(.....I4.'.XC../A:.>9..R..H.y..9z.B...T.5kg......X.<.^..vt.rs..Lq{P.'@......s...^..r.....:_.x.....83v..a....6.........%>.5...P...@..:...t......A....U....#...o.G...g.;en...o9...&...r...>.A.*.......z=d..).J.....!..y.....D...y;.Qh....0.....@7.R"i..K.^.D}...-./.5......o.EU(..:u.&:.r.4....~t#...z........!0oe\....eW..._..a....(..[cb..0.M?....?...)....`..;...../..".._6..D.nr....G1....j...'....I..u%i.UR...~.W...4:.{..te,.E.Q..s...n3........~.

          C:\Users\user\Downloads\QNCYCDFIJJ.png.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0CB1D55279F265052A3E329DD8D392B0
          SHA1:70205EF4A9EC54880412A93A6FDF7D19B547C202
          SHA-256:85A59583ED52F035E6F71AB4E38B958172FF58EFF40787ABDAD03F3713CEF811
          SHA-512:5DD1662E4FEDC483FBDE6DC280CC319F37413D3ECB0D27C31AFC2287FA72D6111EEF9E240566CE5B291E651213CD52B2AEACBF429569A4535AA121EC3AF011FA
          Malicious:false
          Reputation:unknown
          Preview:QNCYC(.(...3.R.e..3.]R.......vj.t9...@.9.....P^.E(zA..*aD.P..>...b....2......f&.5DIFsiI.5.56Q.....w.. .....#l.c.F,....n9gk6'.......R..L....|v'..Q!q8..gB..3.0-=.[..,...,..".V.Xw.... ..E..XD .PI..C!..p7...K.Q/9.RZ...CX.;.O...T3.Z.N....^.........]vd_'.M.n?.Sb&u.N(..1.;7.5..fz..............K.......9o.....w....2....j..lI......E.H....#.....\Co(_.a...X..i..T...C0.".3_B5J.......#.B.$h..;.'..c.rz^..N.k.[O.y........+.&~.~@.......x.?.y...7.u.82.y.U&.d..w+E...q..../y.)..r...iu4.W..........{p...@u:..x..Sz..:.i.k{.(.....I4.'.XC../A:.>9..R..H.y..9z.B...T.5kg......X.<.^..vt.rs..Lq{P.'@......s...^..r.....:_.x.....83v..a....6.........%>.5...P...@..:...t......A....U....#...o.G...g.;en...o9...&...r...>.A.*.......z=d..).J.....!..y.....D...y;.Qh....0.....@7.R"i..K.^.D}...-./.5......o.EU(..:u.&:.r.4....~t#...z........!0oe\....eW..._..a....(..[cb..0.M?....?...)....`..;...../..".._6..D.nr....G1....j...'....I..u%i.UR...~.W...4:.{..te,.E.Q..s...n3........~.

          C:\Users\user\Downloads\SFPUSAFIOL.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.8441617561283765
          Encrypted:false
          SSDEEP:
          MD5:0E941097FF0EECDC1F8A6287190BC6F3
          SHA1:3B23856ABB171279C70C6D298D4FA06BAB6465A7
          SHA-256:582B9019FF6E8CB11D8168B70093A364078556A51EFDA2F1D21D6224124624A8
          SHA-512:4F48BB82930F6DC59A33F4C858297FF1CD97E5AC7E3B812B645F5DA26398A87F657D37455F849C70E3AB8C97ABB8EE3B16E60140FA2FE00D560FDEC6C1BC9489
          Malicious:false
          Reputation:unknown
          Preview:SFPUS..........R[0r.Y-K!..a.R.....iF.7.x...0..../W..H.%.......D..K..L....s....#2).L..62W$.S.u...a0w4.U0g...P...H.. ....{....mU..O2...E.=.K...D.C..4. n^...6..../......1H.c.]..m....d.`U..N.a8.:.e...q;c&Ko..OLj..;r...)....!#5..o.C..u.1..N:I....Gr..f<.b."%..z.]..K.....6...E.....=s.`..R.8..g.(E..P}...q0^..=.0..FN(.$P(........3.p.................[(9.......!.&..g.~z.......x...8....+.`u....T.'......nT..P)..5......N.....KA*.............&.6..^..f.......oiH;d..>|..}...l.v...Mw....6......g..TQh@#|......M..*..rsN......oA...`8#D.P,!.o...9>k..gB.M..>....w..].|%.*.1>..,~M..-....-uF.VX....lX9.... %t_.Y(.7!....W.....!j*f.L7e...qo,........k...2^.t..F;..,.....w......u.Y.H..D8rkl[.I......Q.c....b..l..vXK...bqZ.........-..S.....%..r0j.B....?0...Ln.-.|.AW.^....+8..?u./..J)..j...G{.E.H?.NW.D....G..{IF......U..:."..u....}.....6...s.B.....7'A...R.q.^Q.X.[.ipiN."z.>:9...T.Sn...P..4J5..4.B6...=4.(@'./.....M..cP...d~7.S....`....,.rW.Z0..~...3..NN..#g'.;.8.^6m..`,/.

          C:\Users\user\Downloads\SFPUSAFIOL.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0E941097FF0EECDC1F8A6287190BC6F3
          SHA1:3B23856ABB171279C70C6D298D4FA06BAB6465A7
          SHA-256:582B9019FF6E8CB11D8168B70093A364078556A51EFDA2F1D21D6224124624A8
          SHA-512:4F48BB82930F6DC59A33F4C858297FF1CD97E5AC7E3B812B645F5DA26398A87F657D37455F849C70E3AB8C97ABB8EE3B16E60140FA2FE00D560FDEC6C1BC9489
          Malicious:false
          Reputation:unknown
          Preview:SFPUS..........R[0r.Y-K!..a.R.....iF.7.x...0..../W..H.%.......D..K..L....s....#2).L..62W$.S.u...a0w4.U0g...P...H.. ....{....mU..O2...E.=.K...D.C..4. n^...6..../......1H.c.]..m....d.`U..N.a8.:.e...q;c&Ko..OLj..;r...)....!#5..o.C..u.1..N:I....Gr..f<.b."%..z.]..K.....6...E.....=s.`..R.8..g.(E..P}...q0^..=.0..FN(.$P(........3.p.................[(9.......!.&..g.~z.......x...8....+.`u....T.'......nT..P)..5......N.....KA*.............&.6..^..f.......oiH;d..>|..}...l.v...Mw....6......g..TQh@#|......M..*..rsN......oA...`8#D.P,!.o...9>k..gB.M..>....w..].|%.*.1>..,~M..-....-uF.VX....lX9.... %t_.Y(.7!....W.....!j*f.L7e...qo,........k...2^.t..F;..,.....w......u.Y.H..D8rkl[.I......Q.c....b..l..vXK...bqZ.........-..S.....%..r0j.B....?0...Ln.-.|.AW.^....+8..?u./..J)..j...G{.E.H?.NW.D....G..{IF......U..:."..u....}.....6...s.B.....7'A...R.q.^Q.X.[.ipiN."z.>:9...T.Sn...P..4J5..4.B6...=4.(@'./.....M..cP...d~7.S....`....,.rW.Z0..~...3..NN..#g'.;.8.^6m..`,/.

          C:\Users\user\Downloads\SFPUSAFIOL.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.858697449423943
          Encrypted:false
          SSDEEP:
          MD5:24A0886B89331C510ABB812AED87F34B
          SHA1:A5AF8E8520AC1411D890EAA179FC3B1C2D2849FE
          SHA-256:D2658F658540C283CFC970CD4B783EAAB47F109BACD8E0241FCDD3989C72CE65
          SHA-512:80E40904895D5652E67BCC3D7B35F6B41C6E8EFB471EC6241F26735D3766677C383A23B7C31AE2C8E85EB396E44FD4CF2816AA3648B82320C3DE649B2D362150
          Malicious:false
          Reputation:unknown
          Preview:SFPUS.........A.._4-%.-\Q+.I.=.....8.j.% ...g.i.{.XQ....P....HD.kL.b....N.+fs......7IS.k....v$...o$......;#...;..z..v..i...ab./rnQc..U 'x.|F.'*....7...Q.P....U<..Je..d...@l....V.e._=4../ ^ ..w..j_...f.&.f..(.. Y...pE]...2.&PO....St...=..w....#.lR!.?.+&..L...&Z..(n.'..N.S..Z..9+.yF.Qk....n[Z.../O(f._{...T...X,.frW..]..J.....2.Q..8....+.hP..{.^:..6....e..{.....'|...D.h....gM....).&..U..t_.L..w.5....y......j..`..&..H.r...%...^.B.L9U..B5....p......u...Li..K{...............2...`IAO.p.....?.j..../]....G..Mgz........H..mUh....9.'.S...e:<.."v....$U...o.j.)....9W.S]8...........0....3.q]!.i..W+C...,$!.....J..g...ei1......+.....<.m.m................).u..*>,.zQ.pB....s.k9..@....r...3.=k...ya.E`wo..}.p......x.].&..@!.z}....p...Xr-.FS8....b..1...a..=.Q.$.c..BZ.....*v}.%.y....z.\)g.....GNiI..(...wL*.!.........n".`.n......;.Le._S...B........L...4,-....r.8.2.,..w..x..grv^...eX.o...5.9..0..r.=jy....{......U...,g.?F.......'.jt.."....K;=.

          C:\Users\user\Downloads\SFPUSAFIOL.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:24A0886B89331C510ABB812AED87F34B
          SHA1:A5AF8E8520AC1411D890EAA179FC3B1C2D2849FE
          SHA-256:D2658F658540C283CFC970CD4B783EAAB47F109BACD8E0241FCDD3989C72CE65
          SHA-512:80E40904895D5652E67BCC3D7B35F6B41C6E8EFB471EC6241F26735D3766677C383A23B7C31AE2C8E85EB396E44FD4CF2816AA3648B82320C3DE649B2D362150
          Malicious:false
          Reputation:unknown
          Preview:SFPUS.........A.._4-%.-\Q+.I.=.....8.j.% ...g.i.{.XQ....P....HD.kL.b....N.+fs......7IS.k....v$...o$......;#...;..z..v..i...ab./rnQc..U 'x.|F.'*....7...Q.P....U<..Je..d...@l....V.e._=4../ ^ ..w..j_...f.&.f..(.. Y...pE]...2.&PO....St...=..w....#.lR!.?.+&..L...&Z..(n.'..N.S..Z..9+.yF.Qk....n[Z.../O(f._{...T...X,.frW..]..J.....2.Q..8....+.hP..{.^:..6....e..{.....'|...D.h....gM....).&..U..t_.L..w.5....y......j..`..&..H.r...%...^.B.L9U..B5....p......u...Li..K{...............2...`IAO.p.....?.j..../]....G..Mgz........H..mUh....9.'.S...e:<.."v....$U...o.j.)....9W.S]8...........0....3.q]!.i..W+C...,$!.....J..g...ei1......+.....<.m.m................).u..*>,.zQ.pB....s.k9..@....r...3.=k...ya.E`wo..}.p......x.].&..@!.z}....p...Xr-.FS8....b..1...a..=.Q.$.c..BZ.....*v}.%.y....z.\)g.....GNiI..(...wL*.!.........n".`.n......;.Le._S...B........L...4,-....r.8.2.,..w..x..grv^...eX.o...5.9..0..r.=jy....{......U...,g.?F.......'.jt.."....K;=.

          C:\Users\user\Downloads\SQRKHNBNYN.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.853101364114744
          Encrypted:false
          SSDEEP:
          MD5:45A727EAD3C17935263028F022ED124A
          SHA1:2113F9EEAA7515127B999D745C105561C17A8E0A
          SHA-256:DE32655B74ABB251D65B55726EC7624074AEF4CB40B22C104523D9973FCC6E4F
          SHA-512:6A5A4158A459C428D8664F1CE8AFA5BFA6CC00CFE237FD7143E8C6C10B6323F6838EF664C0C306B13E67E102BC9F31FBE7F3CC8E1675D73FF52DF9F7F8DBF27E
          Malicious:false
          Reputation:unknown
          Preview:SQRKH..D..=.X.u'S .Bz..g.w...v.&k........M/..d.......I.../@-o...":.l9......).Y...L....B.....:...<...V._..6..[b....)u(|....W..J...8...-h.%..r...*Z...N.h.....T{.......+..[....a..%O..:\"....y.oc....N2u.I.FMs...c.......1...kTU<'.f........y.4.L.z;#.l..,..oPgp..|.Ga9o.....Mw..Cq5.}....r...6B...l..v.3..&X.'...km;.8..Y....g............Q.o...|a....X.$.D..O\.95.Xd.C.DQ.4.q|.d.^A..1}e.en;wb..D..(..)..@.....s....z2..E..8......t>%.r.,.i)...9...._t.!.n.-fj...D.>..(+.A....@T....`c.!...n.>..F.f..Z|...[E)[+.V.Xl..|c......f.&...$...35J.0l&OW.u..p9u.t^[.G.V^...r...D.s.....K.....o1..._......~....~.j....T=..v...<.?~.vF......H+,.Ey....$..q....p.&.S.P?.....q{Q(..;.r.^..=h...F..E(......FK.8;^7v....e...0....1-..#......../k.....83:.`..!i..\W..qoam..M...;'O....O/^G........,......-?...(..k4.Y..O.p..f..C.(M........T$EPE..T...u.S.T.(8..H......P..........~..}.(d.X.kU2...Ka..^.8..;..Gm..H......H...\6..I.].. ...l;.Q.W..J...63.....s.....d...T.{.].}......E...O].

          C:\Users\user\Downloads\SQRKHNBNYN.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:45A727EAD3C17935263028F022ED124A
          SHA1:2113F9EEAA7515127B999D745C105561C17A8E0A
          SHA-256:DE32655B74ABB251D65B55726EC7624074AEF4CB40B22C104523D9973FCC6E4F
          SHA-512:6A5A4158A459C428D8664F1CE8AFA5BFA6CC00CFE237FD7143E8C6C10B6323F6838EF664C0C306B13E67E102BC9F31FBE7F3CC8E1675D73FF52DF9F7F8DBF27E
          Malicious:false
          Reputation:unknown
          Preview:SQRKH..D..=.X.u'S .Bz..g.w...v.&k........M/..d.......I.../@-o...":.l9......).Y...L....B.....:...<...V._..6..[b....)u(|....W..J...8...-h.%..r...*Z...N.h.....T{.......+..[....a..%O..:\"....y.oc....N2u.I.FMs...c.......1...kTU<'.f........y.4.L.z;#.l..,..oPgp..|.Ga9o.....Mw..Cq5.}....r...6B...l..v.3..&X.'...km;.8..Y....g............Q.o...|a....X.$.D..O\.95.Xd.C.DQ.4.q|.d.^A..1}e.en;wb..D..(..)..@.....s....z2..E..8......t>%.r.,.i)...9...._t.!.n.-fj...D.>..(+.A....@T....`c.!...n.>..F.f..Z|...[E)[+.V.Xl..|c......f.&...$...35J.0l&OW.u..p9u.t^[.G.V^...r...D.s.....K.....o1..._......~....~.j....T=..v...<.?~.vF......H+,.Ey....$..q....p.&.S.P?.....q{Q(..;.r.^..=h...F..E(......FK.8;^7v....e...0....1-..#......../k.....83:.`..!i..\W..qoam..M...;'O....O/^G........,......-?...(..k4.Y..O.p..f..C.(M........T$EPE..T...u.S.T.(8..H......P..........~..}.(d.X.kU2...Ka..^.8..;..Gm..H......H...\6..I.].. ...l;.Q.W..J...63.....s.....d...T.{.].}......E...O].

          C:\Users\user\Downloads\UOOJJOZIRH.docx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.839969187527356
          Encrypted:false
          SSDEEP:
          MD5:F17266CF26D68566E74D91DDF5847E61
          SHA1:FBE553D65A88120EB01001F04177F1F3500C4B38
          SHA-256:17F48C2E7C345BB2908E9AA3B27AAFF9A27DB1C20E5BECAA86F05E84D84EC95B
          SHA-512:05255FA641AC5F41EA618834DBC5228371091A17D38459E00885C6118225DF59788812F4EDD73736723D3D632B2AD1F00332F92B400F87557C4F8C91BF3751E9
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ....,.5...@..8..?..i....T.Dj....z_...8R..$.4....Q.../.RL)....Z6...+.t.G.2..C....s^;..Q<.Lq.(. ..T#..S....`..(...p....Y`\=...V:.b..y8...{....DE..Q?........'...~.U..`!.J..Y.....>........*...]s[-..QN.5...c!.D.W....k.D...M..X!.i.G.M\.".....~..6.9w...9Q.|.k8J.?...$.W(..*.......H.R.'.N....=6i..j.....9.6(..K.7<.......m.E.q4....3P.V-..#...o....X..".^...H.x.....2Sn.OZ.....z..". .Q"#...[%.jO......^.N....}...b.r~.4.On.<+y..%.Tf..IG..8sT,....~#..ad.]..x..q.Y..S+K.........L:.Ht..1..q.L.....Q..y.c.t.(3..|z...".(L%.......#.........Vu..^..VM2..{.7...mc...U..;..U.n,.R...d.....<...x.c.qFR..q7=.Ec.P.R......U.H.QE.TS..9.c43f`.Q...V..#O....."A)[.~.EW..7...9..z4......%...XT[CB........."|....@>.Q...,..7..:...H..6`..)*..}.{...........@.].!..L=.J....aoT..~".......p....*Clk...J+...L.nq..7..V.1y2.!.........ML.`dJAo./..@M?..\........=.(+{...<25E.i>J....)....\;..Z.Fd$....-!M.. ..aC..;G(.....D*....K.@.u.......ljO.......r.y&g.^0..J..+..t...+.|.n1..d(...5c....$.~.

          C:\Users\user\Downloads\UOOJJOZIRH.docx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F17266CF26D68566E74D91DDF5847E61
          SHA1:FBE553D65A88120EB01001F04177F1F3500C4B38
          SHA-256:17F48C2E7C345BB2908E9AA3B27AAFF9A27DB1C20E5BECAA86F05E84D84EC95B
          SHA-512:05255FA641AC5F41EA618834DBC5228371091A17D38459E00885C6118225DF59788812F4EDD73736723D3D632B2AD1F00332F92B400F87557C4F8C91BF3751E9
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ....,.5...@..8..?..i....T.Dj....z_...8R..$.4....Q.../.RL)....Z6...+.t.G.2..C....s^;..Q<.Lq.(. ..T#..S....`..(...p....Y`\=...V:.b..y8...{....DE..Q?........'...~.U..`!.J..Y.....>........*...]s[-..QN.5...c!.D.W....k.D...M..X!.i.G.M\.".....~..6.9w...9Q.|.k8J.?...$.W(..*.......H.R.'.N....=6i..j.....9.6(..K.7<.......m.E.q4....3P.V-..#...o....X..".^...H.x.....2Sn.OZ.....z..". .Q"#...[%.jO......^.N....}...b.r~.4.On.<+y..%.Tf..IG..8sT,....~#..ad.]..x..q.Y..S+K.........L:.Ht..1..q.L.....Q..y.c.t.(3..|z...".(L%.......#.........Vu..^..VM2..{.7...mc...U..;..U.n,.R...d.....<...x.c.qFR..q7=.Ec.P.R......U.H.QE.TS..9.c43f`.Q...V..#O....."A)[.~.EW..7...9..z4......%...XT[CB........."|....@>.Q...,..7..:...H..6`..)*..}.{...........@.].!..L=.J....aoT..~".......p....*Clk...J+...L.nq..7..V.1y2.!.........ML.`dJAo./..@M?..\........=.(+{...<25E.i>J....)....\;..Z.Fd$....-!M.. ..aC..;G(.....D*....K.@.u.......ljO.......r.y&g.^0..J..+..t...+.|.n1..d(...5c....$.~.

          C:\Users\user\Downloads\UOOJJOZIRH.xlsx

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.856630024385101
          Encrypted:false
          SSDEEP:
          MD5:4BA0B86F060935F539D96AAC51660F7C
          SHA1:F95E356EE9E7E25B9AFFC5EF3AD62EBA78F0876F
          SHA-256:9AC61839982B8731EDFB34EB3BC394D376C1FD3BD0690E3D656871E1F86B594A
          SHA-512:B3DC0CAC7B362D03FA97D440AFD912712265DF27EACC0799D43F6D7686717761DC2DDD04C556D900D681F6D5AB45C1CC517B59D2EDAEA717AE72C55DA6C29134
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ..b"L.g(..&..?.:.u5.6......s.a.~%.....9S...Sn,'].l..0.O..lYl..j.;?..../.n...$.l..4..-....9U.e...nfM..k..<....j....f....k."gv.{`.c..)li.......Xn.f9.y..n.4Q..`z<oL.X.R..-.8..B._........T...4R.s.[.>....7...%.9>...,$T.X%..am%...F...z.ET.As U..b..6b.. .3..=#.;...EZo_cA.E...*.._.J.Z-....+....1....5.(..........rSv.1.....|....%~.0._..QUb..........I!.,$....n...)......a^..Lc....d.5%.../o..R.T..B.'..)&...7...G.]?U/.Y.Ha?W...?.......W...s}..m...R|.,....QL{.D.....D.,.......).$..O.....{.5#...........w.G..1..`-.+.........}...?Ea..".;.J.s._...................]W/......|^*.C..........3.(..).L..C.T..-Lu.t.L.on...pz.....9...C.<.J....,..>.7.4....2....+y6..y:G.<@M0...%...7...1.'?.........<?.U....a..9...{L...`.....o.m.w.<.......l....].....y......+..I.s...U....wz#.../...A..^../.T.W...a.9..Z!.%.y...H2.W......8..-..._...,3....W.5.......&.!..\...........S..x~.,(3".[..u..e......A..1....h.a..W./G..f.$.....k..8u&.y...gfi.[3....J.pD....v.m..v....G.?}.%5..P0..

          C:\Users\user\Downloads\UOOJJOZIRH.xlsx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4BA0B86F060935F539D96AAC51660F7C
          SHA1:F95E356EE9E7E25B9AFFC5EF3AD62EBA78F0876F
          SHA-256:9AC61839982B8731EDFB34EB3BC394D376C1FD3BD0690E3D656871E1F86B594A
          SHA-512:B3DC0CAC7B362D03FA97D440AFD912712265DF27EACC0799D43F6D7686717761DC2DDD04C556D900D681F6D5AB45C1CC517B59D2EDAEA717AE72C55DA6C29134
          Malicious:false
          Reputation:unknown
          Preview:UOOJJ..b"L.g(..&..?.:.u5.6......s.a.~%.....9S...Sn,'].l..0.O..lYl..j.;?..../.n...$.l..4..-....9U.e...nfM..k..<....j....f....k."gv.{`.c..)li.......Xn.f9.y..n.4Q..`z<oL.X.R..-.8..B._........T...4R.s.[.>....7...%.9>...,$T.X%..am%...F...z.ET.As U..b..6b.. .3..=#.;...EZo_cA.E...*.._.J.Z-....+....1....5.(..........rSv.1.....|....%~.0._..QUb..........I!.,$....n...)......a^..Lc....d.5%.../o..R.T..B.'..)&...7...G.]?U/.Y.Ha?W...?.......W...s}..m...R|.,....QL{.D.....D.,.......).$..O.....{.5#...........w.G..1..`-.+.........}...?Ea..".;.J.s._...................]W/......|^*.C..........3.(..).L..C.T..-Lu.t.L.on...pz.....9...C.<.J....,..>.7.4....2....+y6..y:G.<@M0...%...7...1.'?.........<?.U....a..9...{L...`.....o.m.w.<.......l....].....y......+..I.s...U....wz#.../...A..^../.T.W...a.9..Z!.%.y...H2.W......8..-..._...,3....W.5.......&.!..\...........S..x~.,(3".[..u..e......A..1....h.a..W./G..f.$.....k..8u&.y...gfi.[3....J.pD....v.m..v....G.?}.%5..P0..

          C:\Users\user\Downloads\ZQIXMVQGAH.jpg

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1360
          Entropy (8bit):7.85064738717633
          Encrypted:false
          SSDEEP:
          MD5:CA0478E67A8ECA57E7C5735D18240322
          SHA1:D03F59ECB71597630B3806FE8191AEFFF0346176
          SHA-256:9778B5E637E4962892F5784518579F500D5DFFD3EB0B524DD2E615CA12EFD4F6
          SHA-512:0274DF1F2B347444223820080ADE10651DD9FF28B8822547878CC88A558EF33F3734CF202510C3C9551B863DE79BF2578F3043A7C91315BBE779A13CBF563325
          Malicious:false
          Reputation:unknown
          Preview:ZQIXM...8.<O.,C...*.d.......JH..(.{K.....g.).Y.`.9.......z......... .'r...ty..Lah....h.<@-....@sB.....2d%7H.2k..{m......;v..-)....*...zjCE....+.DsTv,...J.......*..`...^V......b..cqs'..J.....tL.2.....(!....[Ae.......c...7........J...F...H"ES..P......Cx.......]%..$........F...w.!..$..9...b../....G;'./.1.*'...-..r.>.....9z.$.r.J..o.O.(..,.o...Pj.|.Wq......S....$...l..GrJV.........S.m.P.`bu..=/.z1..ZiK.#.&...2...Ez....2WJ:.p......n.fY.:./!.....ch~.....C......T..w..nx.#..P.r.....L&.$6..&.s.0..B..8..?2.4lp`....&...h......`XH:.P.3..@.y ...x+...tJAk..sk*...j.6....}Q......f8..i.j.n..G.3.s.;...Dp..2....] ...&f....*|K.V(..<.a....cK.....\.{......T.v.$.3.t.7.)d0i.....v.bE../<.&...7.8..|$Md...I...b.W.........F+..E..g&.4..'..^.ml.I......a.X...n.....F..x.U<.Y.Q.9..n....;..L'.....l5C....Q.....@....0Z..}.L.....>l..(.P{c......_E.dT....!S...W....L.."c.`....s..m...}..{..4.c.]..;-A..{>n..A'...#X....jL.`-...v..:p;.....,.;.....b...v......=f........p....

          C:\Users\user\Downloads\ZQIXMVQGAH.jpg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CA0478E67A8ECA57E7C5735D18240322
          SHA1:D03F59ECB71597630B3806FE8191AEFFF0346176
          SHA-256:9778B5E637E4962892F5784518579F500D5DFFD3EB0B524DD2E615CA12EFD4F6
          SHA-512:0274DF1F2B347444223820080ADE10651DD9FF28B8822547878CC88A558EF33F3734CF202510C3C9551B863DE79BF2578F3043A7C91315BBE779A13CBF563325
          Malicious:false
          Reputation:unknown
          Preview:ZQIXM...8.<O.,C...*.d.......JH..(.{K.....g.).Y.`.9.......z......... .'r...ty..Lah....h.<@-....@sB.....2d%7H.2k..{m......;v..-)....*...zjCE....+.DsTv,...J.......*..`...^V......b..cqs'..J.....tL.2.....(!....[Ae.......c...7........J...F...H"ES..P......Cx.......]%..$........F...w.!..$..9...b../....G;'./.1.*'...-..r.>.....9z.$.r.J..o.O.(..,.o...Pj.|.Wq......S....$...l..GrJV.........S.m.P.`bu..=/.z1..ZiK.#.&...2...Ez....2WJ:.p......n.fY.:./!.....ch~.....C......T..w..nx.#..P.r.....L&.$6..&.s.0..B..8..?2.4lp`....&...h......`XH:.P.3..@.y ...x+...tJAk..sk*...j.6....}Q......f8..i.j.n..G.3.s.;...Dp..2....] ...&f....*|K.V(..<.a....cK.....\.{......T.v.$.3.t.7.)d0i.....v.bE../<.&...7.8..|$Md...I...b.W.........F+..E..g&.4..'..^.ml.I......a.X...n.....F..x.U<.Y.Q.9..n....;..L'.....l5C....Q.....@....0Z..}.L.....>l..(.P{c......_E.dT....!S...W....L.."c.`....s..m...}..{..4.c.]..;-A..{>n..A'...#X....jL.`-...v..:p;.....,.;.....b...v......=f........p....

          C:\Users\user\Favorites\Amazon.url

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):445
          Entropy (8bit):7.47148512005782
          Encrypted:false
          SSDEEP:
          MD5:CA658AAB990F1B265888FD243FFDA1B5
          SHA1:2AF1CD730C618C4DF2FF8172A8A8CDA24B169C7F
          SHA-256:3AFA578BA5036FBFB5B581B1F9E14AE15EB1764F000D3AA7C75AC854DEE414E4
          SHA-512:9DCE96715F930D525238F804F69BCDF904DF1B43F6F6B3A61B27501A22AD335ACA19896465976C6F0A8D94777F2C7A8EA1E516BBC273D248EFB306AB206B55C8
          Malicious:false
          Reputation:unknown
          Preview:[{0002@......D..RE ..M.eMPy.06.Q...R...J...:LHI....D..Z..w.E$W....:{3..!%.....C|/.-o..>.'.(.R.0..!Zu.~.I...6.<O..L.!m.E4.Y.9..NVdE.0..2W....Ze...U\.4.d6...|..n.. .DF.._.......k........E...'..VW.....u...9>]....~O.-...vc...."c....N...7`....AX@^.F.........Vu..".<O.|....lh.....ryW^..........$-.J.b.....8...^........:.0..\.N.a...,|j....#.......}9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Amazon.url.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CA658AAB990F1B265888FD243FFDA1B5
          SHA1:2AF1CD730C618C4DF2FF8172A8A8CDA24B169C7F
          SHA-256:3AFA578BA5036FBFB5B581B1F9E14AE15EB1764F000D3AA7C75AC854DEE414E4
          SHA-512:9DCE96715F930D525238F804F69BCDF904DF1B43F6F6B3A61B27501A22AD335ACA19896465976C6F0A8D94777F2C7A8EA1E516BBC273D248EFB306AB206B55C8
          Malicious:false
          Reputation:unknown
          Preview:[{0002@......D..RE ..M.eMPy.06.Q...R...J...:LHI....D..Z..w.E$W....:{3..!%.....C|/.-o..>.'.(.R.0..!Zu.~.I...6.<O..L.!m.E4.Y.9..NVdE.0..2W....Ze...U\.4.d6...|..n.. .DF.._.......k........E...'..VW.....u...9>]....~O.-...vc...."c....N...7`....AX@^.F.........Vu..".<O.|....lh.....ryW^..........$-.J.b.....8...^........:.0..\.N.a...,|j....#.......}9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Bing.url

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):542
          Entropy (8bit):7.50707692658389
          Encrypted:false
          SSDEEP:
          MD5:08B0D95EAA5C29DAACA263CD8FA551FA
          SHA1:F28263B2CF105744B8F50BC7DA98BBE225157AEA
          SHA-256:D3A94D0838655C21C0444E2E05C654423FEC01BB84BEDC02BC06567506302B1C
          SHA-512:EF1C0EAEBACC1A011F409F6345560ABBC31504DD9C394BF044E02D177FA86F9A02F642472908CDAB3B9A509C913709CA426F12FC83AAF923072EAC821B3EAF2B
          Malicious:false
          Reputation:unknown
          Preview:[{000p.....of..Z?.AJ)R)V..mI...h?...n..b..o4.q......gl4._^...xpI..#/M3..f.?o.J.[.S]..'s.s..A..lM.y......-..u-...-..{/a..i..E....k.........u.&...(...U....Z^.0w...!...L.._..n..r......F.{..O..(D..`..`.0..{.{..N3.wZ]._.T.7.I'...0.5u.G..5..*v..Z.`.J7.....f.&..g...u%.%u..@...#.....}.E.1X...K..y....A....I.`;.m.......~;.P....x.....w.t.P....r12...E.\.R.}x!Ra.=.7}.u....../.".........Q...u..C..}bV..Qj.e.slO....../.Kl9........z.x.....2..A.....".........a9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Bing.url.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:08B0D95EAA5C29DAACA263CD8FA551FA
          SHA1:F28263B2CF105744B8F50BC7DA98BBE225157AEA
          SHA-256:D3A94D0838655C21C0444E2E05C654423FEC01BB84BEDC02BC06567506302B1C
          SHA-512:EF1C0EAEBACC1A011F409F6345560ABBC31504DD9C394BF044E02D177FA86F9A02F642472908CDAB3B9A509C913709CA426F12FC83AAF923072EAC821B3EAF2B
          Malicious:false
          Reputation:unknown
          Preview:[{000p.....of..Z?.AJ)R)V..mI...h?...n..b..o4.q......gl4._^...xpI..#/M3..f.?o.J.[.S]..'s.s..A..lM.y......-..u-...-..{/a..i..E....k.........u.&...(...U....Z^.0w...!...L.._..n..r......F.{..O..(D..`..`.0..{.{..N3.wZ]._.T.7.I'...0.5u.G..5..*v..Z.`.J7.....f.&..g...u%.%u..@...#.....}.E.1X...K..y....A....I.`;.m.......~;.P....x.....w.t.P....r12...E.\.R.}x!Ra.=.7}.u....../.".........Q...u..C..}bV..Qj.e.slO....../.Kl9........z.x.....2..A.....".........a9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Facebook.url

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):447
          Entropy (8bit):7.442908748462789
          Encrypted:false
          SSDEEP:
          MD5:5022833CB86A8F7BBCDC104265BDD3E9
          SHA1:EAFC4FB501CA051D1D80ABBE08C9E34447C1F29D
          SHA-256:0898487E585A0A6A96C196F81519E93173E67C7FBFFA08145304801EA5109FC3
          SHA-512:A37D5F42E48F69DAF2642D88EAB4F46C40D20F439343C86697DDB176797F24177BF8B3F3EA6632449BCFC26C7F7E6059483B855D12783A181F36B21B8CCCE446
          Malicious:false
          Reputation:unknown
          Preview:[{000..KR.a."B]....4.s..G.\.AO ...@..|..n..#..J..8....4....h.....CU+.....h6=.....U.).pm...P.p......b.m"B3}.-I...%..=.:.....M`.....Du.%@h.*-..,80M.1..#..J5.....)b..W)...f.o...vVT.R..>Mx./F.ukh.5...tH._M.Gs.(..|...{.V...S...h....^...<.Zp.1F`.......Q....z.<...kR@.I...X....)..]Dx.8t........Q..g.&...=...a&)..tg..b._...Y..5.V..Pme:..DYwU.e.^.%.3G..(.K..].9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Facebook.url.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5022833CB86A8F7BBCDC104265BDD3E9
          SHA1:EAFC4FB501CA051D1D80ABBE08C9E34447C1F29D
          SHA-256:0898487E585A0A6A96C196F81519E93173E67C7FBFFA08145304801EA5109FC3
          SHA-512:A37D5F42E48F69DAF2642D88EAB4F46C40D20F439343C86697DDB176797F24177BF8B3F3EA6632449BCFC26C7F7E6059483B855D12783A181F36B21B8CCCE446
          Malicious:false
          Reputation:unknown
          Preview:[{000..KR.a."B]....4.s..G.\.AO ...@..|..n..#..J..8....4....h.....CU+.....h6=.....U.).pm...P.p......b.m"B3}.-I...%..=.:.....M`.....Du.%@h.*-..,80M.1..#..J5.....)b..W)...f.o...vVT.R..>Mx./F.ukh.5...tH._M.Gs.(..|...{.V...S...h....^...<.Zp.1F`.......Q....z.<...kR@.I...X....)..]Dx.8t........Q..g.&...=...a&)..tg..b._...Y..5.V..Pme:..DYwU.e.^.%.3G..(.K..].9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Google.url

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):445
          Entropy (8bit):7.430561716234273
          Encrypted:false
          SSDEEP:
          MD5:9AC22A38FCD6D00BE4472F3186A0B9B3
          SHA1:67CF1DBA2264A9063B2F0AA6E4263BF4B8D16709
          SHA-256:5C3B933D23D54D9E39AC11D5AC99E379D0AEED56FCFEBE4326051455C23E931F
          SHA-512:85A8099AAFB5893742402A8966D2F92B71477FACBA3362DA40EDD34DC962BD6414FD63750193C9C61A7BE05F576413F2AF911A5DB3F8D741E9BBD67F0737B0D2
          Malicious:false
          Reputation:unknown
          Preview:[{000tT..p~|q>'....&....s......<.E.M...:...+...)..B......2L.5S....&........*..>~..e6.l.....>.^...E.`.yU%.....6..s..."Gl...I?...W.G.r.^.8..d..&gZ:".k\..G.:+........NL.&..Q..G.d..I. ..~.WF.. y...=~.....^..2...8.v.^=..k| . .;.f...U..f..G/.5...}...XT.o..]..:p.G(.By..vJ.....6H.s.>...ho...E.g...$...,-u.1."...!U..<.......S.V.^.?.*.o..+....^..O=9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Google.url.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9AC22A38FCD6D00BE4472F3186A0B9B3
          SHA1:67CF1DBA2264A9063B2F0AA6E4263BF4B8D16709
          SHA-256:5C3B933D23D54D9E39AC11D5AC99E379D0AEED56FCFEBE4326051455C23E931F
          SHA-512:85A8099AAFB5893742402A8966D2F92B71477FACBA3362DA40EDD34DC962BD6414FD63750193C9C61A7BE05F576413F2AF911A5DB3F8D741E9BBD67F0737B0D2
          Malicious:false
          Reputation:unknown
          Preview:[{000tT..p~|q>'....&....s......<.E.M...:...+...)..B......2L.5S....&........*..>~..e6.l.....>.^...E.`.yU%.....6..s..."Gl...I?...W.G.r.^.8..d..&gZ:".k\..G.:+........NL.&..Q..G.d..I. ..~.WF.. y...=~.....^..2...8.v.^=..k| . .;.f...U..f..G/.5...}...XT.o..]..:p.G(.By..vJ.....6H.s.>...ho...E.g...$...,-u.1."...!U..<.......S.V.^.?.*.o..+....^..O=9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Live.url

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):443
          Entropy (8bit):7.426191637186021
          Encrypted:false
          SSDEEP:
          MD5:E46E6CAD76B11C50AE0438F66CD72358
          SHA1:AAAC1B8630B9115C9321EFC9C5A61714AA760441
          SHA-256:212275C3AB6DE9B138D2A0338B35A2D985623E3481C4D2342620D3D53605A49F
          SHA-512:7D64A2BE67B7DFA8FA4B026B12684F70E595DB12007C1FFA8059BF42902CF2FC34E451F07AE18C29A6E863046FD27653F53DF6F8625C08CD1E48445AC2755A62
          Malicious:false
          Reputation:unknown
          Preview:[{000$....T'.=..(.].C..'..|J^...$...r...V....T+*._.5K2..-%......L[.~.?..N....|8Y.q.zzm.. .G..M.....K....7......S`/.......(.R.NL.....fj..,...A.'.$J.TZ.F..hg..Jt..:.M.^..P..//5.. .L....SH.o..au.d.'d....T4...x...xA..{....>C.(. ..q....ZZ.c7.}..5^'.y..|;a..B....|.V.M...r..B.g.:E.V=.;-j.Y.F...F...p....E...N.`:.......}L.[z.\..0q....[..>.Y| ..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Live.url.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E46E6CAD76B11C50AE0438F66CD72358
          SHA1:AAAC1B8630B9115C9321EFC9C5A61714AA760441
          SHA-256:212275C3AB6DE9B138D2A0338B35A2D985623E3481C4D2342620D3D53605A49F
          SHA-512:7D64A2BE67B7DFA8FA4B026B12684F70E595DB12007C1FFA8059BF42902CF2FC34E451F07AE18C29A6E863046FD27653F53DF6F8625C08CD1E48445AC2755A62
          Malicious:false
          Reputation:unknown
          Preview:[{000$....T'.=..(.].C..'..|J^...$...r...V....T+*._.5K2..-%......L[.~.?..N....|8Y.q.zzm.. .G..M.....K....7......S`/.......(.R.NL.....fj..,...A.'.$J.TZ.F..hg..Jt..:.M.^..P..//5.. .L....SH.o..au.d.'d....T4...x...xA..{....>C.(. ..q....ZZ.c7.}..5^'.y..|;a..B....|.V.M...r..B.g.:E.V=.;-j.Y.F...F...p....E...N.`:.......}L.[z.\..0q....[..>.Y| ..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\NYTimes.url

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):446
          Entropy (8bit):7.411116214236014
          Encrypted:false
          SSDEEP:
          MD5:141AB5709DA6F095F0291646AD7E897E
          SHA1:25A01A370D7F8597FCCED709C9CC63C1499F6FC4
          SHA-256:CC8579251DF26EF394F047DDFE9A646AAD5A05C1AFDB9046C7E94342E92E5076
          SHA-512:E8364AA05D2F540CDC3A73780A17B738E4459350D9CCA4AAA97C39A723610518B13C6B8484B0751E036B96F932BBDEC8C004CDDB43E0100FEDCD2C640D3ED4E6
          Malicious:false
          Reputation:unknown
          Preview:[{000..Xo..z..n*O..Q..ALw.zPM.a!-...=>.;!..V.2.....;.@s...uj;..dFOn.D$...x.f.....i.....f.7..B!.(./!........,V.R.d.-.].....*...__.2....:dy).}../..p.^.A.}v.....7.....+...Z2. ..{.zu...R*j..iU.9..........azA..8.`.kL.+4....0..6..?...T*.../,...........&...yK1.?S..w.RM......y|..s..&.....t.,;<&.A....f.....G...Y.4Aw.?.o.c=u^F...#...4..=@......D.t.=.P_=.vE.m4..,9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\NYTimes.url.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:141AB5709DA6F095F0291646AD7E897E
          SHA1:25A01A370D7F8597FCCED709C9CC63C1499F6FC4
          SHA-256:CC8579251DF26EF394F047DDFE9A646AAD5A05C1AFDB9046C7E94342E92E5076
          SHA-512:E8364AA05D2F540CDC3A73780A17B738E4459350D9CCA4AAA97C39A723610518B13C6B8484B0751E036B96F932BBDEC8C004CDDB43E0100FEDCD2C640D3ED4E6
          Malicious:false
          Reputation:unknown
          Preview:[{000..Xo..z..n*O..Q..ALw.zPM.a!-...=>.;!..V.2.....;.@s...uj;..dFOn.D$...x.f.....i.....f.7..B!.(./!........,V.R.d.-.].....*...__.2....:dy).}../..p.^.A.}v.....7.....+...Z2. ..{.zu...R*j..iU.9..........azA..8.`.kL.+4....0..6..?...T*.../,...........&...yK1.?S..w.RM......y|..s..&.....t.,;<&.A....f.....G...Y.4Aw.?.o.c=u^F...#...4..=@......D.t.=.P_=.vE.m4..,9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Reddit.url

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):445
          Entropy (8bit):7.336883871414221
          Encrypted:false
          SSDEEP:
          MD5:2CBAB48D843546F452E523C05155D36C
          SHA1:8561F238C96237B9CC342E42CB9F06770A64B7C0
          SHA-256:0CF6B3728BA84E950EB25A8172EA5E173C96B0C31E0A5F524099F7E38198A45C
          SHA-512:03762C9F07EB57B46018B68C9FD78DEB006C9449D24E90E1D14086E92A74EC91C8F8C24B7A9D0966AF86AA8E677F01A304798FEF716BCEAA954EF14A9EA43401
          Malicious:false
          Reputation:unknown
          Preview:[{000...'k.:.]W@5..Q.V..G..n..S..a.)...%.'.[]A^.....}....p.....0..._.c......%..#...#.._.... 3...N...U...h9a*..xjQ|.K.T..7.......K..v..N+..#.n.0......T.,..C..|n...-.-FC|..sH.....<...i*.y].74..+Ns^..%N.\P.v....(btG..{.go...}Y......0H..\.AiI.K.3....;n..B..!...S.s.!....LQ.....X.|y.....y.U._.^hW7.2.VRX..VWH~..,~(.L=10O\KQ.U....Iy....X.....eu.......!9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Reddit.url.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2CBAB48D843546F452E523C05155D36C
          SHA1:8561F238C96237B9CC342E42CB9F06770A64B7C0
          SHA-256:0CF6B3728BA84E950EB25A8172EA5E173C96B0C31E0A5F524099F7E38198A45C
          SHA-512:03762C9F07EB57B46018B68C9FD78DEB006C9449D24E90E1D14086E92A74EC91C8F8C24B7A9D0966AF86AA8E677F01A304798FEF716BCEAA954EF14A9EA43401
          Malicious:false
          Reputation:unknown
          Preview:[{000...'k.:.]W@5..Q.V..G..n..S..a.)...%.'.[]A^.....}....p.....0..._.c......%..#...#.._.... 3...N...U...h9a*..xjQ|.K.T..7.......K..v..N+..#.n.0......T.,..C..|n...-.-FC|..sH.....<...i*.y].74..+Ns^..%N.\P.v....(btG..{.go...}Y......0H..\.AiI.K.3....;n..B..!...S.s.!....LQ.....X.|y.....y.U._.^hW7.2.VRX..VWH~..,~(.L=10O\KQ.U....Iy....X.....eu.......!9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Twitter.url

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):446
          Entropy (8bit):7.4392729418696515
          Encrypted:false
          SSDEEP:
          MD5:7DA36B12E77193D81ACEA1B8C738E7C9
          SHA1:51F57AE9FDCD70FD5AC0113E94FC61534D9178AD
          SHA-256:2C042723C87DCD69D9859DE7D701CB35788F99ACD20F92E6CE9FD39B61B4BB9E
          SHA-512:B5B06CF2198C9331FFAB37E94EB96B451DD0724724CB47D806BE288787DCBC3931ACAD01FE660E1479C0AACD8CCF2E09300B6E55E26075D7F883F8ED154E5610
          Malicious:false
          Reputation:unknown
          Preview:[{000...D2..C.Bb&!..O..V...QzU..i..z=W.(,}.._!.U..Y?k.@......M.z|......Ix...M7*...o..L..F.cd$A....8.Om.=......L...U....s."..>@.eouV..xZK.%W?Lm..4.c..t.<.9....FK....M.W...oh..a.....L6..L?z.FHc.{..m..7....F..:........U.._...9...D..x...G.*.).0...kT.4.....b......!.I.Z..|..[...;.Z...!..U..3.0/?.m......(....k.........K$...d..K!p......T.aOJ......v..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Twitter.url.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7DA36B12E77193D81ACEA1B8C738E7C9
          SHA1:51F57AE9FDCD70FD5AC0113E94FC61534D9178AD
          SHA-256:2C042723C87DCD69D9859DE7D701CB35788F99ACD20F92E6CE9FD39B61B4BB9E
          SHA-512:B5B06CF2198C9331FFAB37E94EB96B451DD0724724CB47D806BE288787DCBC3931ACAD01FE660E1479C0AACD8CCF2E09300B6E55E26075D7F883F8ED154E5610
          Malicious:false
          Reputation:unknown
          Preview:[{000...D2..C.Bb&!..O..V...QzU..i..z=W.(,}.._!.U..Y?k.@......M.z|......Ix...M7*...o..L..F.cd$A....8.Om.=......L...U....s."..>@.eouV..xZK.%W?Lm..4.c..t.<.9....FK....M.W...oh..a.....L6..L?z.FHc.{..m..7....F..:........U.._...9...D..x...G.*.).0...kT.4.....b......!.I.Z..|..[...;.Z...!..U..3.0/?.m......(....k.........K$...d..K!p......T.aOJ......v..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Wikipedia.url

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):448
          Entropy (8bit):7.430883913818767
          Encrypted:false
          SSDEEP:
          MD5:3558D22F9CA881C10976C89BDAB6263B
          SHA1:29003C334A3B9C8E970E8867CEE8713C624DF7FE
          SHA-256:B7D246DCA2E94059BF9C858107DA5308EF9153754F864F7389DD4F73FBAE26F3
          SHA-512:897D83B39E7295A549F5037BB9DD9DAFD1F0FC78BD5DF36FA934DE6CB5D9A4C02FC317691684919626243EA588A79D15A58AE5E46C315BF2E2CA38CACB7EC4B2
          Malicious:false
          Reputation:unknown
          Preview:[{000..W.D.HG.ngr.{.k...U..rZ.%.,..Fk4{xm..E....d...JF...x.bZf`...h.o......\ O.6.n.D...AO^....JES..P#;G...].o..5.=.../[....Es...........9........$..'..z..U ......".+.`.T.Kt5.!.V......i9..!*.V.*8..s.m`..C.!........B..R..g...yv.....ny.rH<....._p...........o.Q...z.K#.+..{.....F4..ZA.........w...f...9=...&f....fP.9F0....D..,.*^."7..if?...lF..."..!~.y!{.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Wikipedia.url.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3558D22F9CA881C10976C89BDAB6263B
          SHA1:29003C334A3B9C8E970E8867CEE8713C624DF7FE
          SHA-256:B7D246DCA2E94059BF9C858107DA5308EF9153754F864F7389DD4F73FBAE26F3
          SHA-512:897D83B39E7295A549F5037BB9DD9DAFD1F0FC78BD5DF36FA934DE6CB5D9A4C02FC317691684919626243EA588A79D15A58AE5E46C315BF2E2CA38CACB7EC4B2
          Malicious:false
          Reputation:unknown
          Preview:[{000..W.D.HG.ngr.{.k...U..rZ.%.,..Fk4{xm..E....d...JF...x.bZf`...h.o......\ O.6.n.D...AO^....JES..P#;G...].o..5.=.../[....Es...........9........$..'..z..U ......".+.`.T.Kt5.!.V......i9..!*.V.*8..s.m`..C.!........B..R..g...yv.....ny.rH<....._p...........o.Q...z.K#.+..{.....F4..ZA.........w...f...9=...&f....fP.9F0....D..,.*^."7..if?...lF..."..!~.y!{.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Youtube.url

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):446
          Entropy (8bit):7.448280883917807
          Encrypted:false
          SSDEEP:
          MD5:96944169AAEFB97FAE636577C5E6CE6D
          SHA1:9667EBEFECA0EB99B94B95C111FD7072C2CC928B
          SHA-256:7D5F34C06A4BB722557846C9A411EEA7D3FF13236423F20E4BDBA5261AF82AAF
          SHA-512:C43DD2AD32A83DBC7ABD654247E29F3705BDFD5F558986393F57801E174937AF5DC7ED81CFD29EEF7B564B745AE3929F6DEEC75AA35A99F93DBD1E4274963121
          Malicious:false
          Reputation:unknown
          Preview:[{000.|.0\.l;..B..b.#..D.r...m.z.....}..y....u.;$...Hx..V.)V.........7.>@....vZ9...S..z...EH.P..7..yfu...J..r. .'..0-.9....0.Pw0.Uic.@...mE...l..G=....|..Y..m.N.9s&!M5....._..).^....w....j.Z...D...[A.YK..I.|&....Z....L....X.N&.3.`..@....)CW..i......y.p.....z.k.8......1f....V.e.U..P..~..A..6u.:i%)3..A+..n`...TLp..g.D..azV...l}...K...k#(..o...GV.}.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Favorites\Youtube.url.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:96944169AAEFB97FAE636577C5E6CE6D
          SHA1:9667EBEFECA0EB99B94B95C111FD7072C2CC928B
          SHA-256:7D5F34C06A4BB722557846C9A411EEA7D3FF13236423F20E4BDBA5261AF82AAF
          SHA-512:C43DD2AD32A83DBC7ABD654247E29F3705BDFD5F558986393F57801E174937AF5DC7ED81CFD29EEF7B564B745AE3929F6DEEC75AA35A99F93DBD1E4274963121
          Malicious:false
          Reputation:unknown
          Preview:[{000.|.0\.l;..B..b.#..D.r...m.z.....}..y....u.;$...Hx..V.)V.........7.>@....vZ9...S..z...EH.P..7..yfu...J..r. .'..0-.9....0.Pw0.Uic.@...mE...l..G=....|..Y..m.N.9s&!M5....._..).^....w....j.Z...D...[A.YK..I.|&....Z....L....X.N&.3.`..@....)CW..i......y.p.....z.k.8......1f....V.e.U..P..~..A..6u.:i%)3..A+..n`...TLp..g.D..azV...l}...K...k#(..o...GV.}.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\.curlrc.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:336AAC72871824AB83303B43106BF0FB
          SHA1:1F955081424FC351B8C0531A8EA289630ABE25CE
          SHA-256:FC73C113844B478199D133ADBBC0815150EA227A62364F56579A2FA5208BB8B4
          SHA-512:F9581ADA7652C54062A0583AB4DEAE3EC33E67C2C31FB90C4731CA3266F81EB2D130F0C47CB656D794A33CB6F0C46E3493D45CB7F76FB97613562E8DBB90FC46
          Malicious:false
          Reputation:unknown
          Preview:insec.izk L.&..Ock..2.0W.....,z(.......%`...1.&.h?>.0*..8.'`z%.D......O....B.gh.?:.O.....i.;.w...\>.T2$w...s...M...b....9...J...:.io..ni....d..{...q.(...~....FbK.N.......JlP....m!.E.Sg.K.r.hX1...d.....YE.I......=.Fs@....F.69..;.W.........a.3O .bQ9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\56554587-8dd7-478c-81eb-46ed5e155f58\Wm0uFsapfrnONF16Njxegq7s.exe.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B3757B09ED2150CE857F446C0C61363C
          SHA1:04536100A4A8FC27DDE91E006F4E2EA6B398B65E
          SHA-256:4BB311BA0E479264B1D3C7DEAB5BFB44B0C1FB100D82AA7D605369B0AC938981
          SHA-512:C7FB0EFB95A96177BCBC50A60F2D900F4F7328A0A98A64EAD6FC6E00F52502C904815E1E0A8B309A764C77DB1FA65A8E5DA5104593E0D987FB6BF3F794A82119
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V..............!............... ....................%.....................Rich............PE..L......c............................d ............@.................................K........................................7..<.... ...............................8..............................x1..@............................................text............................... ..`.rdata..f0.......2..................@..@.data........P...L...*..............@....yug.................v..............@..@.ruwuvohF............z..............@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................

          C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeCMapFnt23.lst.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F6678171902812967BDE1773D77B00EE
          SHA1:0291FFC31B4C1688D612D9C01D93574224AD5342
          SHA-256:DFA34F19410C60D6E06602FB5D9F97061F9CB9E6D02E4D43C05CF4412E0F0BCD
          SHA-512:3C4C4A7FD0A034BC42E38F1F309C06B73AD105AD4253DF6BA3FF0DF179B7A9F66E5067310516891389F961D2A67DBEFEA155CE8EB3A434B97150D29949CF7C44
          Malicious:false
          Reputation:unknown
          Preview:%!Ado'.?..L.@4v.59.P,.~T.u.]..j....EB.&..5.VX........Y..hc....$.'...J$.9..jA...5VbWNj.n. ..z.5/..{...7;X.iZ%.],...Y.<....2..sS.8[......e..H...x.4x....y.....g....4..,...._..\0mq......cQ.*...`}.&04..sO.....!.9.9..!.K.&..K..!..9.h...w%.3..p.Dhe...{m...i..gr*.'.a0.s..fG..K..._...L./...6...J..M..V....;N).U..{.m..'.;....b.g?..] /.&/.x3..l.V:........|.G9.Q.B..~0..Q....}1.-2....u.4a,.eF8:.J$.0..Zo..0A|..[g+...(Q.gF...iN7...K..0+-..vk......>...jr.q..X..<\C"...;.E.......9..&l.DI...w..lK..|..7-a.W.......=..D..d..8-.v.VE 8[...M..>..\gQ.o.E...z...^^.....9..O...;.~.RK.b..j.k..P..w..27&..!w..<.&.?..a.....>al.'..............K-.......1.0..R.[#R...5...k.@....B.....I.......q&.X...y...T..Z..5Z..H....,t....Aa2...Z.1M..jv.t.P....9U.&q.xG..z.......|P.fU....}.2S.G..qJ...Z.`G..^i;....<cz...il........v...r..+F...C-...fyR...O.r0..Az....t.....S_>.q.....Rt.(.n...d........U.M......m....9.GV.D.....[*-......T.l..~. ...J."pEX?..7v(..Y..=.7..[.!......@.......q..=../4

          C:\Users\user\Local Settings\Adobe\Acrobat\DC\AdobeSysFnt23.lst.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D956D38F7A84943FB58DD3BD9A4FC928
          SHA1:2FAB247A5016FC07C30BC3758E70C34317625989
          SHA-256:E475C19E38557543020FA90AE9FAEAB8E7FCF12CF9C213864E02CEE6410E4F33
          SHA-512:F2B68465386320333C2A6BF577D43C9CB91B77AC8872BD4DBA3C5E213C38E7FE2F09A9D2333137294E22F4CAA6FB88D4B4519F9D1DD975174A128C55462994FB
          Malicious:false
          Reputation:unknown
          Preview:%!Ado......H<..?..\8..=..fF...@/..j5.2._..@2......q.....(G..fJ......cs..L.&_^l.Uo..k.HW...eD[...V......il.4..}.H..BG.......%..{....g...g.G.g.....^..d..X../...b..^..R.'5..~+.7r.......S.".+k1.....27y\@.(n.....e..f.*..."..........14B..B.|.......7....1...|.....f.......u.c......c(".C..I..&..,.Z......)%$..K......?...>..7....O.-.W.w....1%8l.-..j.VL.IO~.1.%H*K..p....3|.............I-....Q....N......he......=R.$J._b=T...........#....F..._..k.JH.....P..]...4.RB>..."~H...b...^...B.z.0~....(......X..g ."9.1;......rk..pv-.Y.3...c*".A...WG.=KG.~.g..=.....`{...=.<..D....J_$..2m].Gnfa..)j.....V.]I..=../x..."..G..S^..tK...I..$P.H0x.b$%..q.......2.%.W"\s..z...w.=..j.......P[..-%n....o:.....by0.&...u.....Q.U.N.}.)]......"........$.'..s..V..d.p.J.q..vPw...#.g.y.0..\.;[.o.ZR..*a.\. i.>.VoS!.\.K*.Q......D7.|.Y.^........];.$L...4.;...s....2I/..j#B..r.%_^.#V.k.u(..Cn...l6..V...N..S...$..y....S...l....D..d.IT.....a.+bX...b.3=.Q.I+}6.;.....2.....)O..l .

          C:\Users\user\Local Settings\Adobe\Acrobat\DC\Cache\AcroFnt23.lst.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:PostScript document text
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C746281D2317F907B128D76EEF728483
          SHA1:09B3D4ADFC52330CBE7BB9D10E0F06BDF2D0C88B
          SHA-256:03E3A36C71ACAFB4D07E6FA992AD2B9C38827349A862951070FEDD73FD3F7790
          SHA-512:378E761D6AB88D0206848B068996339B07EDB0C4003F8053E94F0644A88EBA6F291CDE443EF09DC14FAF96BDF6841CBD9B21DA393D91E524790EB1742035FBAE
          Malicious:false
          Reputation:unknown
          Preview:%!Ado.. .SlY....rP6zPN....6].....-..E....T<T0..."....qO2S.j}J......]..3.+..4..5..C..>.E.......f5!.*...}.....4pjGT......U-u....=..%..f.!RV...#.eQC2B..f.;`...\...6..w@.`..%..v..k..*2.L|..,...R....C...#Z..e...t.a....'...l.7..m.51..........nv.Kq]..`..2q...f(.......5.l.h@....PQ..H...ScV=.v>.6....H..tQ.yu....p!.....L.'40Z.2Z..>...#..U=..7~5........L.h...nkp.Mj.g.P%:s.GK/[9W.P%...N....jD....gy...NH$._.i.\..e..W...a.0..$>..1@....'..D..d...m..Sq..#L..s9....5.;...~.r*....k..+..c.Cr.?.....,..!8..y].#..J+....0.8y.)...`..jP..;...*.N.e(..xi..........H..U..5i..&.b..e..;.Dc.\.(.T ...3...T.....R.r)...5T.2p..4.hZ.m...g;..J..v..... A.Y.....U.p.......Y..(>.J.Jhb..`.'....\.......3.j.......!A..Rb.7_...o..#...9.6eF.~g...A........(....(...|i2.>..;.f~....9../s..3...].h.r.......].5.`m%.........(..*g..Xip...`W.(..@\Sw.0.J......b...J....D@._...F.Nu.}.6.....M..yZ$..}.;........R...d...O.......?...K..ri(...0`..g.r.n......~...:...OR........(... O...9..%..Q.$.>N.

          C:\Users\user\Local Settings\Adobe\Acrobat\DC\IconCacheAcro65536.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:77A4A7CFAB223C6DFDC6338F99F3AB63
          SHA1:31BD3183B96D82D2A5ADF947B4CBF36587B1CF9C
          SHA-256:CF18533FE8023CF15DD9477B09C3C767DB75937490335584BD818CAF0FFA548D
          SHA-512:8F7272C69A2ED8D83083F54A4DC51CFD8E1F8FFCF1D56AE248004D29F09C6F7F8ED2ECA17826C227CFD996FB4A6812727B46EA8729EC695FC25619F6602E2FF5
          Malicious:false
          Reputation:unknown
          Preview:AdobeZ.Z8....g..1.c....hJ...,U.|....$..F....'#.4|...................5.^~.a..P..a..@..[n.o.....}_.GG........~..\5....]....L_.a<.........f.N..........4<YEzU^{.5.-..s......1'q.da7...Z......,eD..._.G...W...(..-.......6.TA^V-.....%......O#..D.7..+..u.\;.v..w....SO...Q..T.P..ieF..E..Lyz.2A....t..nx..*..\9w..(u+...8..8..4..),B.....d7..Q.8...H.....Z....5K...?h..F~!.cT%.;.}.Z)Vb.pU<k..ty...\J.....".`.ZRj#`..9r...]..........h......dqXRQ.....Bvj....k9."J....6zM......_T'...5...R....'..a.Yl.g.RbM+......WU<.Yi.h.4...kK.~...?...........).7\...[.......?$.+|........6......n.....6....U'....W./...#....i...T..M...P.i.,V.Z(.U1t2..a.............lY.+*.L_....}.W.o....$-kh.qhM#.{..*............;.j..a1.(....`..8[%r..7.d....)...em...$.X.....:.D6.....Ko.I2......3.._....G.\....O..J..W...\#..l.f.....'....VW....I.W.=.Y..Hx...A..e.F....d.....bK%...Q...x2e.2.7.I....1{.0..4^..Y!..5u.K.q3.,.\..^.1....3...;'.=..8y..Z._P......I.n.>HA..?....x....h......~...x....E._2Y

          C:\Users\user\Local Settings\Adobe\Acrobat\DC\UserCache64.bin.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5607DF563BC5A6A86BF9737A403194F0
          SHA1:3DE1198E69FAF27A302D3EB2ED2BF4139B44C7F8
          SHA-256:4AA0797EE8B48AF61DA22F10ACA4BE41F65A49FA5DF7840BF36D82C542D13718
          SHA-512:C3FE3B45EC8B1680681733E147D224CA2A7035DC2E5C17ADA0F8F5C96A6151D7B18F5773757FE9AB3A269C8956A42160DDC940812910C1E1B33D7F9D0553A419
          Malicious:false
          Reputation:unknown
          Preview:4.397..@x...:.]..!..]...k..-\D.E.,.5Z....B...&C..e..wQq....m..!.pxAL.~.P......|..b.....`....?W.Gx.Ig.,.....>..E.o..Sr7.>.....J..5.\....T.w.Y.7^1.N.....U.a..-.s3.PB......."...p..@N.......c-...G...Nu8.@:PI..2.Fo[f]......3 .Ha${.K.W.......^1p....lI.....|...........R/....nv.G...:,...5`1.......5.d..c.........$.........IR....*....N|DA.....u...=B6.LE.qw.....]8...*X...6c.~..fx..1...>}s...)t..j..wy...u.\.X..u...Nu`.r..v..t..tH.[e>~.QZ...2.AUk(.....=.|.r....L....P*Lo...p~g..1..-.n(....e...;.E.x.i..+.(z..].N?..#.y...F>...(!'rc0.r.|."..7..ey..........].N.....`..i..G..:.....+...K#..}.s..`..x......@....q+..{..Q,...@d.g.}pF.y...=}...`.7.]7B.9..m.$.HHb..8.VY...K.!|"i...Mn%....n<..S..f'.gM.B&...j......4.WK=...u...m...../...F........I..t..j#-.%-n.(....G.....HJ..X..aV..4.Igf...y...[y3.$?.I..v.....U.8.i.....M>+.,...`.....^.6.<..v.......G}...y.<s)i.9c.E"..RfO.R....|...abqM.>_....|...P3g....E*..7......"p.W.5O0..._..u.5.h..o.8.<..XG.p..|%.^....y7!8.;.(.g.

          C:\Users\user\Local Settings\Adobe\Color\ACECache11.lst.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:52D53BF561C22AF3FF6723DDE853BBFA
          SHA1:DE41AEFFD71187634F4DC79974CD2A6227888CED
          SHA-256:25976F965BB73049A98C05C3643B9E652D9EF0B7B055B4B496F9ACEABF170171
          SHA-512:5EF4A379E33737FEC933388BA5E4D72DD1A2630F404EB5F3A40B411C4E6C18D31D124E9AD8928B392E1DFCADE3A797B93312EE93FA36330827263C2D5AADDE7D
          Malicious:false
          Reputation:unknown
          Preview:CPSA.A ...[F..==.c..i/kZ..|.M^.kc.^$.gy&...*[LY....0(.'+..8w..*...N).............T.t8/.x....$...>.Lr.... mSvA3.T...4...k.yp..,.Q.M.'p......Iw2...,......Q7F.......p..U.C...W5....;..$J'g...S..~..t.8..:S#...+T..x.&C.q...../.I....<._.L@.....c.......d........,...5.Pf.f.y...........B...V...E......i......*1.Xx.l.9.G..?..w4`...+R..T._..J....B.......v..<..l.{.Y...GE..9(.U......./..A:..5......"...eD}....VO...Kcp....t....T.Li.V/$"..?..U.Y....\.....g.M...t.t...xh.I.m@.].L'j_J.XnG4(....\.E..2...\.w}..B..4?.n;(...>...,....[.>..S...gF.V..DN...Q...>...............o.<.y._...H..+N...3..&...w..KeN.+(:gA.~.W?.}...8)..@....1....;...D..tn...H..M.5...z..W..w.,)..W...mf...8..m..&....~M....S../....[......e.@.F..ugY......A..]...}.^.E$...E..m..+3MY.A...1y+........*H,.?5!....'....x...,...`...\]7._.>.........2.Q&9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jcp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:627845FA0CD7AD0AEDC4EFF779F3E0F9
          SHA1:D3C14D0E73FCDD66203573D5659873B8C8F07EFA
          SHA-256:1289DBD1D3FA71E8EF778AFC96EB9FE4B1AD6C1CF7341FAB16871D89804CB684
          SHA-512:8667A3F43D3D0AF96A8AFF14C1AEF7956590F980229B7B16B37F2F3E9A1531FB8F48B3EA240C593B011462BB9C54EF958F45AD48BA17DDD5E7A8A0533B7C5B98
          Malicious:false
          Reputation:unknown
          Preview:...t..d..e.-\...-N=P...<4..`.'.@..Z.X.Nhf+. V...W.`.|v5[...:..|&.!...u)...G.p..;....)...V(........o..2Z\&..J....].P....@.....z.XW.....kwsd%..B.@..4.G........a...6.*..{\.<3..+a...RF}..dhy.g4.{hU2z.r....B.W.R...E............U.|..2c............"F.ny...x/03...e.w#{....L.n...dw....."..U..G.~..+...@".SCQ..+e......>.[Np1*l...5...Q+...R....%.f..^#uf$!.m+<~0......!.Y.N3...4.}B.Y_.S...8/.b.G..|.....f..x?.:....Lm....A.^...1>..&....fZbc.\....1.:...9"..4EOw..........3..i.....$.....L....We.7I.i.N>.Ph3.fY^#Q .....#U..S....Z..+[SE...........^.L*.u.8.aU.d9.yI........Y.2.r.ce.\ ..q..n.<V-.Pa..!pq.I\.:....Y5#...##N....'...}.......g.2.x&.0...m><.`.u..g...t.}.A.:.U.....^./..2.!.1...H......."..?)r...:..D.Q...%..RjC.r.....DY.Db]....p.f....8~:eQ.NJ....n72c...."?...v.".....c..{JTB...._..h..1d.n.|...D....Nwv.-.&..T.O$J...RWV..N8.........Y`r,.9.bPf.*9...z.w.B.H..b..wOw.,..."...,..!..o?...p.C.ky`M.....(...Y.Vvl...A*'....Lv...5R..k..Q?2;T...7.....K..'l6.....?.y...

          C:\Users\user\Local Settings\Comms\UnistoreDB\USS.jtx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E3CD6D862C27409650DC2881A8227D6B
          SHA1:CBFAE6078F0DDC46C08E10B3E5ED53DBCB3F9AA2
          SHA-256:15FAED6D607B5B1783952880E047316BCDF2244D96DD7FC66714ED7170A64C96
          SHA-512:915A59F24E9066D31ADE06FB382A54C760C71EDA3135194CF7682E1F4942974B6502432B60BA836801AF4B1697282D659D6A7F8B53A10B69F2BA5A353E280F67
          Malicious:false
          Reputation:unknown
          Preview:.j.o.o..&.:.L.cza7.[a...EZ1.#..zWt+v.u.j..}.P.T.N......F...%.\..j.;..y...>e..FV9V.,.F>.p.....E."P.U.K....D.jPm....B...<$5M..,..6.Bw91.M.6.k...d......gA..6..../...2......I..3.i.4...2...m.+e....)..PB1,X.^.^..T.FL.hR...d.....?}.?k.z<$..b1.q\......e.3^.rm.....Z....T..CR.:...Q..P.e....9p......P.P-.R...~...Y..G....*.....B......*/2#J:..g..).*...Z....B....P.......y.v...L........7..~Smr....Y'B..0....c...I.,{......UB...j6..?s...-Me.v..0..E..D...?a.S...S.z...........F.>.U..0....H... .wV.S....V..c% ...@.&../.8-..v!M.~\S.s*N..].@.e.K....)..-..:.9..P.OI9......v....K..:t.....e.y.'.o.B..N*.z.Dm.v..5.j.[...Q.s...{.m..C.6s.....a'=d..=u.../F........RSD..4v]m...........5H<S............b. .b.h..t..)O..<........]..`8....Y......i...]... .~.[J..Pc/.6F.%./.g/...&..j..ls....Y....smM.-.&>.S...... ~.N9.%":.....>bM."..P.$.dj...s...(..f......].45....h.t.HF*..&U.....~...(.C...c.@..y...Zn\q.%.#.C.0}....k.....}...dP.Q.....\.".pN..c1z.:U.#)...T..."t.h..s..".|.^.

          C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00001.jrs.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4CE7DD5AC739132C4F83F79D9642707E
          SHA1:4CD7BFBA0562AB19AFA52799CA0FF9187611444F
          SHA-256:9E2E535AC4B3AEFC9F2DE6BFAD20B8AA4567E407FA7A425993C641ABA2B52465
          SHA-512:852BC57D25171DF079297A25D04E99EA4D7DD91E11F4C1806FF6F48542B9BF31126CD07CC584B8408BA05CC3381FB3F8E6B687DEF8E63EA540394A5CB5D2E4AF
          Malicious:false
          Reputation:unknown
          Preview:.......v..........~Y.....x.i...Q5o...$.S.d...9....8.s.. ..'....|..aR.....t.yQ.+.L..D...O..99/N.L......I.}..L@..T.......6.y...D.4.On........v.kh.Z.!e...R.4=$_X...Q.<M...2.7..`^&..n<..V..c.E7...8DS.#.'.......|..c...D[Xf.........`..n#...:.0UZo...,..6....Tm h...nd.......V..........NH.M.6.... .c.i...)..7..R.2S;.|w...&...Y...Z8.J%..W....%+.A.....(j#.d5.9sJ.+Or.z.i.)P1...k.5_3sY..g.K..w.x_.......~.<.H=%.U4.1.......C..v......%.j.@.[.."..`Pp..b.....bc......vj..t.A..W..Q.D..W#..>.6.......F..Yl.2.Y.cf."...!jF...(rQE......V...$.P..QG3."..;,l...+.{.2.M#....@.dDl.l9.....nxi@..k..e.ctx..w..}&....*<D_..8./......2.Q..p.h........B....L..B7..\..cQ,v.9w...'*...Bwq...Tgt.u.L.5 wZ...h.vH+y..[..'.....!.K...9@.w{K...KE....[.I.)5..ez..p.q.tGL......!.....?....l....S... lZ ....2....Fz.....>.-.X.+..hJ<...X.~.J.k....SCG.S......6."p...z].O..F.P....~T.....s.$u.T.l....2....m..C.......E..."......\l..3P..g/..p..={&..J9../..XB.n.....".v....? P..d.<...Z&..U.5

          C:\Users\user\Local Settings\Comms\UnistoreDB\USSres00002.jrs.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:724C595095E403E6BA896DCDC42DA27C
          SHA1:57DD8B370A13883F6653AEDE9AD0FDEB6E89BA22
          SHA-256:70705997D2AD5F3D05B3C00FA549798FC39B82752E9D4B0EB918749AA837B241
          SHA-512:6BA30719B14A24BA63CED4508105962AD894FD2F1E5B95E5664179F8DC8FF65020012BEC27B69E3D3FD1C73214B016F4B3855ECBE838E592182FC1F724974980
          Malicious:false
          Reputation:unknown
          Preview:......O.. 045..d{4.M.t.:2.H.1.{_d...-..o.....-...P`!$7..._.n.....P..0..........4.?.1...y....H..Y.7.O........!........&..Y....y..|L.^......i.]s.ntx...c..t\`.I..e.>..g.FDi.. E.......(:.^,L....b4......'.,.......bD.:.....N...=..G.$..I..r.'49..u.k....4[P..j.l.(.....C.."...,.h..gF...T.x.$...a..0....T.n...v&....V.&......P...^@....6N...c...'...d.....!^/j...tc...h2...+.l.....>.O..&....|#^..J.f........,.")\s......*=.VG^.@..%...N.8.S..D.>..j..P....E$..[.`B...-.....H2[9g5*I.u.....by..d...,hx.]+(F.nz.e...~`9...lK.....0...lpk.....^...^.3.~g.(....A.4.Yl...[R....6C3.(....X....m.Z.m...R ....%.+..=]..@V....A_h.~.W..i.b....j.........1.N.{.....6...&=hy.2#.....ts....M....!..j.....R.%.z.Ce.;...y{..2.M....w[Q....y....[.mx.X..a.]......S.).EC.'.H..&C.A.,.=..Za.2#.E.nF.o;..Fi.l*o......s..;M......}.?.k;.b..|.__.....(.x.z6....B..Q..J.*C.A.0.h.+b....jnBW.G.....q..../.'-....y..P.qE!.\..I..=`*L.@%f....s.n.c...g.@..75x.V..?.dfE..Q.y....Xui....Q.........lb...U&.

          C:\Users\user\Local Settings\Comms\UnistoreDB\USStmp.jtx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:BC0950CF0967FA09A062F5A3A01EB84F
          SHA1:1EE31618DA9B31A809F6478B3C353832416A8344
          SHA-256:BC3B859F10D1C280EF0C2A37EBC5417EAB9C9ECCEDEF4A1756E0C09C3E7B7307
          SHA-512:C4DF853D63DFD9FBE194D32D441C9CAA7B58885E266923EEB83B24E199C2F415601FD7B3AEA786E8C5EFE65CF336EFC4206306269FB4899F3672583BB54662B7
          Malicious:false
          Reputation:unknown
          Preview:.....[H..n.>.....g.FBR..;`Q......m...J.MN............e..........Y@....../.I.....x..a..?.#6....W..=........A3..7..M..`e....O.a..(.?v.r...<.....`C[).x...H.r.n.O.{.6..........q..L.~`..K.....qI...6...W..O.E-~...UzOo.M..pUt..azi.=..v{3..1.B.nV&..*.V..R.. .I...O..^<e.[.&...|D..x.....6.NG....{...T}..7..8.LSE..T..m.......g. lZ.!:....0i..L...C..p......z.5).ui..(....d(l...d@A..56...2.d7.^2..G.5...T*......!......&.."....ST...2........P...c......`x..Z.?./...A..w.....>/.s..o.I...4..}.=.$I...>..0..Eo!..L..~uv...K"'K...q`..k.4!..r....g?..R{..x.W-..._.......R..gvWX./.b..\.p.Ln$]...4..?.P_a.q...n=JK...{.....A...!...7..i..X)....%...^.H.n..#...9,.].....=O.CVk.A.<._7...zTKy...N.....;'.~.....W{......y...xQ...i..6.B..L.#C........K"C.l.2...........lF.....@....zE^...vK........#..=......n.V&b.. C>.."+A.=$.(.d...{5Ti..r..~..oO.".../..'....II.eS..U4.P....).H..ji...gPA..:#*.|.e...S.........k.4gf....i,.4.L..Wpw<.U.._.va..Z...f..F..@.X.. ..}...\>6l~(.g..ln...(.l...

          C:\Users\user\Local Settings\Comms\UnistoreDB\store.jfm.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2E09F8F39C32E943D218D8ACFD67B4A4
          SHA1:6A8FF67DE42A5F147A05E29EA52C6F564B3B284A
          SHA-256:C586F712350F979EC1458444C4A84801C2938B26B417ADE3CE45CE166801E95C
          SHA-512:E5D438F373EBE9150533B9CBBDBE6B3C0A631007924B02DB62A19F69B82C9C5B951778C09057DA857F4C04C18E96FA215E9472E590DAE83AD28EAFBC4E8745F6
          Malicious:false
          Reputation:unknown
          Preview:<b..!em..^.Q.....r..h..a.)..>..e[N..q.h3....).y...l`..N..1......bK.g..^.7~...;q.b.....u..\./.G@....#..VA..m..CQ..TKF.x.z../t.4..-.k[.k"...4#.r..].C_...:3.I..D(8.c...<.P..`...&.........E\9.b.@%..[...\.k.*...uA...ni.....c.%......t....$&.%y..=.......=......,.N.8)W.h/s.r%.".....,...o.DO..n..>B....%......:.......u./...B...-...X...L?.t.k.5l..d.?..H...W>../.........7=k...m.X.=....FM.h\.......&....a.R....)...21...kw.cR.L.........`..J..u..!.O.."...).4.....n...a..v.G......{.h8.B....XL.b.. u...9.?.....hx..F..!..?.K!..`k[q...<%.L...;h...0....g9[y5.@B....}Z...(YL..8Rp...S...T..:wl..5.K..axi.......m...#.qY..4..q.{..{.....uf.(../.bXM......+..........t..1.n....V.+. <..x3z..S.U....+IdK..7Q....mM.Z.u=..4<7M.'.E.|.k.w...H.....-..N...A..$...51.F=......2...[...#..| .>...t["d.PU.TO.:..lG.....z.6.(e.MJ.S\.x..f.x...!.f..%#...J.Y.W.....n#.<.....$O....8<.L.Z.... .A.'./<...v.....LP...h2g..jE_...p..{."j6=g..i./x...,.9...".o..k.x.K..<..<0.t..&.=......K...*....2.+.

          C:\Users\user\Local Settings\Comms\UnistoreDB\store.vol.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:38296FA94D89A4130CB306D7CC01ED7D
          SHA1:D8D09DA7BFBDD280626E076D54C1954E9416D0D1
          SHA-256:42401F9803000DDFF139ACB55A1F22866C2107C4D2C9C0165C96149E0BEAD6F1
          SHA-512:39B525666ADD10D0C9BFDCC5B17F10AC476A85F0F19AFA8D550DCDC1451ADACD9FC664E4367D8F5944213FE3263BEFF54B0A6DF56D1C9225F8C5424020F8CE99
          Malicious:false
          Reputation:unknown
          Preview:.&C..o#i.....b.1.M.......@;b..z...v}b.......R......{U.Q......w.Z6l...f.Zv.m..G.+.#q<....LN..J(`.+..!..L3r.F.9.,....:./9%.!.u.....M..9N.m.:...G[.P;a...*......v.D..~..YG....%.....]ydrI....ez)/.s.p...v...-.....*.......I8.?P'^q..h\p......-...:.Jhq8_D!...}.c....5j.X..+....8..c.&..]....2.kk.......A+.*).Ms#..VLju....a.su...>.$......X..o...L\.U._Y.I.$B....\B...1K..r.4....A..k....Q..b5.D..O...Y...F...t<%..;..#.....S....k.z.CA.rS.Bl.N...Z'8}..)<Z..._.....|.X..@\...G.I.%'.n|.c).=&...#....G\v3v[...Nj.{..L..cF'..%....5..?.0....F.ZT.b1...H....n..S...<....xr.....:.3%...*j..1...$N...*........D.....M.DQEzC..Mp..o.4...A..:&..F..#....d.v.T..w.....WK.........D./....!. 3F....A.z..MA.......m.*.....=.<.....a.o.;..7:T...m.y,i..j|'....si. .p:..U..J.W4/.I.T-.....w.......v.L.(|S0..|tk.(..h.2.m.@S4D....Q....I0....@...."7P6..xjnXF=.p...&.~. .yI.F..m.H....D[.;V..7X....#P.)....i..V...2np.V..-.$...Nsk.....J..o.!.Zs.h..<<.Y. ..}..*#'..+.....W.qws.#..v...O.2.....

          C:\Users\user\Local Settings\ConnectedDevicesPlatform\CDPGlobalSettings.cdp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D044288877BA201DB688ECEA6738CEA5
          SHA1:451C312E4E1A71DDDD0F114242DA7665A1A08B41
          SHA-256:ACAD7C31CD92327C0D56AEBCC020BE970637B63F0AFA281DCE88B60300A376FF
          SHA-512:E2203A225494EB0CDE7886357E6E0B81DF1086BC6C44BBFCA9F24DFC48526056D1949400E787840BED24CAE64C45266DE2A158F1C8099622C67C5642FBFF1B13
          Malicious:false
          Reputation:unknown
          Preview:.{.C.^..t....f..H...[.9.W.bJ,.Ht.....;.wP/J..4.~.~....0..H..S...m.a....5.M>..:..:..%......P:C.p.<Cp@X.w7Js...Uq$RC..[o%bkv.k[#.m.E.s...Rz/.....?~..~...%.g.w.ne-....d..6....C*T..O.....P/f.T..dS..m...DO%]b.......*h.l........N.......K..^`....=.n.K y|6EV....C..........R.[.a....#.j........I@.w.J...K...A...U.|..HP.E.e.j........m.y.b.....5vx$..>Q..,.z.A..y.Zef.7.?tf...;-#.. ....L..RZ7....H........0..$.....c-U..I!.\Q.Y8L}b.W..T.Q.#._.Zj.&.........=x=..D.2.u.w..-nQO.(e1....J...v+...%....c?*<......^....hq.O.#[...B.z.Sd...e.(..w...G.(.....{..f...D.......p.....KbI.W.&S%..m....H!.......t...G..]l.5......OQdY...~.ci....O....=z).%#\......?^..p......=.\....m....f).......*.......iJ^f..&9.<..E..(.q.A......Oq<.d.....U...9..r.R....D?......[..;XF...[z.jq.....ff.a.4.....z"...dnd'...8 ..*-..Ui.....Z..`/^ol..]........[>O.,.$F....S-..S6c............_=-.2Jpmq.6.....(......\?.Gb...:.*....$D...wjV.mEy..u.6...{@....@.0.//I..x..........HT.]9t.Y.;..\....r. .|n.D.....

          C:\Users\user\Local Settings\ConnectedDevicesPlatform\Connected Devices Platform certificates.sst.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9026FA374AC1CE96A5A25E85F25B8E8F
          SHA1:9A7E0CE4A8E6E7D369250A9F1EC6FF7BBCE11C6D
          SHA-256:2B90B1502D048746837D67BF3E259DDA5E0395D9A02296216BAAA1437B4E30FC
          SHA-512:DE4AA0DAFC69B574453EBC472C102B416C75F2CABAC81A471344D8CAC9FA7C49DDFEAA8030E4DB7A8D23B0DFE1C0FF01C2AC6F8449EF0747FC07B396DC4D38CD
          Malicious:false
          Reputation:unknown
          Preview:....C.B..0.....H.....l^.Y...!yCj....>.'........O7....-.rY..EsK.*jPF ......G<...:...X........,I:;..Cr$WQ.......S..u.J....B......^...}'.[...........Kw.$.#.d2&...S...b.E....W.>.....$. ...J.e.<...u9..#j...OQ.......H.9.0)..6.|u.i....X.{..1Z3%...w1.|4...=....PI..)d..+.I..0I..X...Qs.F4......z^.XGj{_..,..;... .......j.''l..P.7.....s.8.......@-.....g..C.?...jC.t*.....s@..(z.G....N.s...)......7i...8....1...l...b..4.'...25..m..C.AU..,..p..2....r.*.\i......C.DP...*.Xc........q<]......E.i$.M..#..0'Z.A$.HL..a..K...$....6v.o..,...........A.pIu....J.9..`.:.9......@.l...04lYX...|.97.....|02o...G..%..(...U.cTP...8>....^i5....sQ.....Q.HXJ...M.v......-....zo...cf..da....6q($?]...IL.qJ....Yje.)%..p.....,..mHN...JFa.w..R..[.B...'L5.......w&..2.?pMS ......1...VZV:...X.r...$`j...-*..s1."Q....a.P.,#..i..S.`.A....F."'B..!6.........,.e..H...yl.u..O..1..{..}.~l..t.).:9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\ConnectedDevicesPlatform\L.user.cdp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3ED331089574E83960C3BD9939C81ADD
          SHA1:70D60DF8748F1CEE1C908DDF276486261B2378F7
          SHA-256:2AC21E8A954588C77618973FA9DAD444F101D3AAB7C5F3404F19753F232382E2
          SHA-512:ED0E89B8521B464237A2A055A5E978DDD6E28EECB16CDCE4046ACD9912903BD28B5F4573F8A86CD737FC552E177F587C681A1EED24C8029652AE70BCD0547FA1
          Malicious:false
          Reputation:unknown
          Preview:.{...b..5xx...A|F....Kv..sv..h........H......Y...U..&-i.)L..n...pg.B.o.<0b.n.....s.%.?9Z...>...W0......._.&..*...(..0....I.mC.....o.....w...efU 9.;,Ps2*..i.)${..t..s...Q.D..<.e}FQ.ha..$w&..;.$.U.....2.)...5.N..+{>x.3-.t.k..&nx:..R....tWqO..o..p.......E..[..A.H=.....".,.F"...8.LtJ../w..S}f]S~M.u.).J.;...'..Qx 2.5...$..D8..y....s.....L4].\t.1.....!l.......T.zK..P.(`...i..Q9.<...RP..w.yOF......v.i.V..V./..S..X....5.!.....&C..r....E....OW.....lwM.o.8......YoX..8W..+'v.N1..'..!......#.....%.RX{]..........T:r.........q..2""C...qf"..Ir{B......V..FYw.Q..7.$V.c#..w.l..6..o'z.vs...9>.....|f...D....>7.p....\(`....O.-.(.Q.......?.#i.G......z/Z..#.2....jJ..s.e^..s..-..iL.._.1.p9....._Y2.:...D..F><rP..`..1:.:.5...%.%.B..L0...N.F.s..:.WhHN..*...u....9....\.a...w......5MQA..{6R.........BE.4.R_.P].VE...5.7.Q9.{(?..N,...&......%.l/.z.7.. ....#+B.u..`&.z...,.`.....@.`_pV3..i.Jq^.P. d1j..[...x$..Z.G......~......(........`...#i....B..%A..I.6J.C..~F.._..QF.

          C:\Users\user\Local Settings\ConnectedDevicesPlatform\L.user.cdpresource.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7B2CD6F8628A7DC2AEAF5F6B29587FDF
          SHA1:DA898786377E8C119A012A200920F8281B873461
          SHA-256:7B757EF44F072E2AACB1C095D7DC548B378EC413DEFF6BCD8BE63DE9E5E8BDF1
          SHA-512:9B3AC5AC81851C6EC54F1E0C1A41E27C1137FD45627E0B9AC96322DDC33313CCCEA4FB5065669B721053F9B3BF83E6A1E900D8799D547D344CE55A2B9F115E3F
          Malicious:false
          Reputation:unknown
          Preview:.{.I..s..e...F.... ..G.^....M..8@...KU.......Jb3....a....h.{_.^..!..&....._._5.FJ:.P..W.....<...S....g.v..BF....:..oi.P.me..a....4.........m7..0lEb..VXO.&.cQS{-...........g..I].......j.....4Xj.*u.l..B.6.?@.N?...!....{..(..._..jOh.^|6.V..W.(....!..b...d..>.'.ggr.}q..>SjJ......9...w.i9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2EF2B5324C72EFD7BA0EC0AEEDCA02B7
          SHA1:3859DD0E34359B3F8C1F09933846BE101090B4E0
          SHA-256:FFAA3D41BC9A14453E1127FF6E7E2DE0934F40129F05EF9AE616703358B415D9
          SHA-512:31D1EFF847445A44A8DD320FD7977265B22019739FCF4E169852353A7CCA63A6B9EDF90DFE9424AA1FEB35A4D4DEF5518933453D3F971011773F63858C845735
          Malicious:false
          Reputation:unknown
          Preview:...S.....Z.w.<...-.....(%.].O.....u..p....E.f..d!..{........<rk.`..l.?.Cj../......m..K..y..qs'..;H.,&w..MK;DK.4.....r..w.c..y2......!......."9........Z...........j7.0....J...s.=.fa..v.<......x...FqC.rV.(r....GCn............b0.........mW..s."..x.f.MQD..,6.....0|~V.S...":...^.c..p...7T......b..F+n'o'....`.....E....*...8O.x}..(.'\..I....J(.*2.}:i ..s..!...b....7...F I%.LG}/....uv..N..#..'h../..F1.J..0.0........9.aD...Ti`V..@.t...#...7..=....D..g...`.#t'vq.m..r{,...j.1..w.<...V8V..kH..|._%hap..+.&..^y.......v....^".U~.2.9..L..t.g...... T..D.Q\....=..9...|.o........?.73I......nB..7tR.......5..e....Nn.......N..tih.a.d4...AJ.A.X.u...&.P..%. t+.T...G..%3.^.4...9.'.kX.B.C...L..XK..6UY-87...3.tV...Ld.*Z.m5k>...]......L.R..>N...F....NW.C..&{u.b...)`{uS.y^i.Y..x..%f....G2.0.d.%!.Fu..s..U@Uq..q...Q...6:P/....q.z...[.f.8[.. ..l.'.la..UJ.m."..!1n..<.-^...A8L.^...0)...I.}.J..>...L...a...N..6...UQ.|.....>I.x.....A.{.._fk.....jX].J...^..;N..X.p1.......f.w@...

          C:\Users\user\Local Settings\D3DSCache\f4d41c5d09ae781\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B6EE61C3C349F30C1A12805477E10840
          SHA1:23C0D238CDC75F828668D696EAB3EAC85D701D0E
          SHA-256:5E445581FA56BD054A669DBF7610A3BFE6BBBC7FE192D6640F92B4B007C1D917
          SHA-512:62D18B6126A1DFF9FB5EACBE309FD96254DA4A84B0A419426E96E40FBD76EBA6A78B9CDABAF663E662C56649591F62F82C52D4B7454AE58A66FAB23BE614ABE0
          Malicious:false
          Reputation:unknown
          Preview:......UD;.G.I...<....u6.Y..3.._I....u.&.il.,..._..ZC....X...=...b~..U..".OPS. 0...u...xd.....%.#v.....Gbg.......V....F.... ..*.A.F@....bq.~m.44!j"z.....]........Zf..b.Dr.." ..l.)..{N..G&...M.l....-g......+f [....@.*.3........(.0..fMt.....325.i..0..sYhBJY.(..^...7.A...7.U...........\+.g.hom.).@....Q..k..).5.a.z.....w#........,V .....AB..;.......d>2,o.e....YA+....^I..?Gt..I5.>......!."...m..E.^f...F.\j..qvOH..!....(......r.....;_2...\.5.W..........V...k....jz....../LW..H....&;....Y....?w.......E~X.. |...L...o{...b.f.l.`m.r .)..k..:..z.F$...d..V..m"..v.a.v......w]m..../vy3.[I.&.7R^..p.,.1Kd...O.-...GR?..g.|..%.Bl,>..(. .N..y....jWA.....^.R........<.s..?..|.....T...T`i.h..|...."w7...y..g.....R_.....nI....m#wuL......mi..L......P...P.c....ky.....::Scvh...Z`.jn~.K8..V..{H..:..CMwE...()l:2.u.....+Q..5.6.._7......b....DC..#P.H..E2.. k.+-.J8hGj....y.R.m...?.r....F.S}...hN.K,N..5..Su....F8.....p%.V.z....[......^..VZb.pc...;..0.4.(....atX.F3P.-..

          C:\Users\user\Local Settings\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651FD787-1288.pma.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:07C79DC79E87A7BECFD67DBAB3E15E26
          SHA1:1AB48A7DF8C877BCF18A14253697A138062DCA09
          SHA-256:1148709BD257163E98E43E421EB148AFA0A680AA055EDAFBFEDAC564E0C101D2
          SHA-512:C1504436A6E30F4CBC5C4147FACC2C24ED6BA1ADB313BF367728F08D31A659E224BD8D1032FABCFED5993C55C70FBEFFC38B56F07022CCD996DD7F89D25817D3
          Malicious:false
          Reputation:unknown
          Preview:...@.c..4..ABp...Q...$.l....a.....Kf..(,Z...;..i..O..X]..Q?[.),.W.......r......]..p......@+V.,..H..%C....A.2..II.t.>.$....B......n...pEc......'W..!d.....G....O...Ml........n....R.1..tE.S(nfa....oY.l....Y.S<.C..`.xC..lf#..\....&...a.(..}....&..``.7D)........1..o..N5.8..is.W;.....N.1............1.i8. ......1.%jt.[.W^.R"_.Q.....If....U+.E..a..1.b. ,...!.....)....=%..hX8.}`........H.....[..z.<.Er..8Z..o......F.>.P$b...%.......Y..$.v..6.u.......O...<q...~y0..d....mo........c-8.U....M+.n.J.f..C...P....pm........N-:....I..$@..R.J...............F..<w.}..A...:8e>.V.......V.......`.....T[Y.FN....btqX...R.....g..e.F..}..M.j..... ...$.b....aP.Q..H....t.[w B..&..R..Y..l...L.fY.....S.........f.V...i..).-I..,...QF.......f.0o.R.b8.<.+....X.Z..u$.r.$.KNYh....-b.....Q3.P..s%...9a...T.$.......]jL?.J......]@.V.+..9..I..:]d...'.P..IZ.'ZxH.I......5.............m/0..r....=6.&W.!.%.SG.\j.....o..3..'!.20.......IJ~.<.Mcja.....J.$........<..8?^.G.u-.M.!../}..x...._.E(..w

          C:\Users\user\Local Settings\Google\Chrome\User Data\Crashpad\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2C4A8E9610216F523155EE375816287A
          SHA1:159810244339FACC6CEF6DCA47384ACFB21276C2
          SHA-256:E9D0CC6551109BA487E6E45C1BC07C6A5EEB9AC1109F13FE2BD402460637DFE7
          SHA-512:5A2688BBEAFF08C30BC741FE36CDF4522FA84AE89838204894B5B5402716B3D00A0FD04CF79437890CD17A9E8343065E2AA10A666895198CE83D217BB9D11427
          Malicious:false
          Reputation:unknown
          Preview:sdPC.h.!..(.1cb.@!.4...Q.N..9G.0..%Z..TZ.5)`.|...V.#Q..0...(JQ^s.i.O....y9.N_...}....A8-. .L...d...&..!.I.......r]Kwv.~.G./i....;'.{...%...F...m.!.B....$.(Q7..9&$.".. ..."../#h.#.^W.m,?..[5>.. .Q..{....._.4...`.M......z.N$/..gM.f.@o.J {.C.L/...-....+.Q..zW.;...N..8.j..9. ...i}A...64}:.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Google Profile.ico.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CA95D89BEA0EA6C9332500425933D3EA
          SHA1:4D0447F178CA7DF35F115C3D5699F80D80D98AA0
          SHA-256:58EDB6684DD8E37F722ABE2076A94C4DE03C0CFA12B84F38D78BD1477AC586D1
          SHA-512:95C091772A5A06AAD2EDE7431B2AFCF039B95331F4AC7DBF37A6D3F23033B4F2A499975F3C4B78CDA0A7C833B4560276A227051E12306E57867D4D3A16A010E4
          Malicious:false
          Reputation:unknown
          Preview:......}(.'..r5.b.YY..y..rc.9....y.6{$.x....[:S....9..N...../:g....n|.m.55.....@.q.OW.e.G..X.C.....&}...T...c)]/.oz.K.o........x.m.3.$..,|.Q:L..]...._......b.).....z.t...`.:..H.....jD......^.Y.C..9.+.r..).E.x..H......e~J...8.$.D.f..;...T.;e..xo~.x......#.o.....A..{u..?..Q...[\c..o*l.......r&b....*g@....n.....5 ..[...........'.u.....].ne.T".t........Z.}p.:3ym.W.]....o..+5x.0.>R..B.*`/....N.S.m...{....t...0.=..rlg.p...'h9.;..o.y>..6$...48c...<.t[....n..x.....0x.+T.vUuyV..h..}.N4PE.2]....Ur....h...G.s....?....4#...;.. ...F.F-;.....0....p.$...r5..V9.A.}~......./)..K...f._P.....*...A.....E....C...K...BM$.8..b..8.t.PS.s#j&....BJ;..^.......n..j\...mnO...4W....q{{......0...dnd%.t.{d..c3V..+~....9ub.._.&.93........]p.:.?.qI-.....[...F$......%rUr....d...Bw%..-....}..Z...$*.Llx.aD...Q\.....Il.|.fBg8`\..am....T.Q..s....e..[:&.-Q=.t.......R@|z..F...sDE.r.m8....+.........A.j.?u.C........4RQ.;....M....c.;-_.qr@...z.....0.`.J..b.2.......[.0.."R...y

          C:\Users\user\Local Settings\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B6AC643B8EFF9BDA8027BB1D46C0CB77
          SHA1:D84C3B0EBC2346FD0C49539DDED713F20F7131F4
          SHA-256:1A697F5241FEEE8CAB519F002D91551739BC3667631FECC7C63D2103E7297F15
          SHA-512:A711AB26985CB0FB9491788323C89C083F24BD43A5E9394F87E28BC975C97BFC9EE69C4652EF41A82C0DE83E37724F2346575B3260D420E6DB6D08FE9857DDD8
          Malicious:false
          Reputation:unknown
          Preview:SQLit.#.......o....~Yw.....l...,g.....]M...O2..8..0....K.l...._..k&&..aO...._...F.|.*.W..O.3`d.._....3.e.b........E...Z.>.......m7E.T.{j./.I]....,2{L...8cyJ.E.A.`......xN`.e.;w'n......b/..+(\.......x.?.L.n.z...Uq......B.u_...6W.W.^a.(...B.1.gr.....1..._...?.9@....%.s..pY.l+.g.!..u...7..kj..!|m.U..G.H&01(...)_.8....U.{....JP...c..r....v.T.>}.hc.d...O..Y.yvl$..z+..P.}%.....<..-.__..N+m.}..2...C.#ASLq....J3G?.3.8.,.3......c".....{.za6(K%#..'.+....7...X..o.]0........w,`s.Tp" y/L..u+<...a?..K.Z.%iTJ......B.c2.]q.K..{^F m...)..).K....#..._.W..^I....v.&...v...a?.......w....m.......u:./..W...cd!........(...Y.4v.P....Z..e...4. ..c...2.o........Q..Ii-{6.7....c..e.C....G..n......N.....7Q~gbJ......X.|........xV...?(`..D..{s]=...~K...s..!m..=r..1a...Y.wOG(S.....gUU..;T....j.........]K....`.9V.,_.......F.B^.S.i.@.Ri(....n.o...........Z...^.4.".Pp..2...T/.g.....+..6;.Fs.`...Z[.Z.$L...XDC.5h.@6....,...j.x.=a.fi..1~.n..gR.....i..I......EeN..j...S.. B.Z%.......

          C:\Users\user\Local Settings\Google\Chrome\User Data\Default\trusted_vault.pb.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F8FAD852181B03679DD2A842DC7D6346
          SHA1:B29C7EB7E310FCF9BE3B4999C24FBF28542DF499
          SHA-256:605863A8557ED40DC2356F8105CA633B9275E519F07E9F6DB34F054A2D7C03FA
          SHA-512:B867062911C1C29CD6051CEF858DA84A2B74ADC3872F6027B90F22D8E835F7D0F6AB6AF3784FD20D0FCA919AC387F43BE1BE733EB85F33DD33B27C5B6C64096A
          Malicious:false
          Reputation:unknown
          Preview:.....~..2_...V.gh....zq.....i..M..[....4.d..lo=...mt.....%.^...:....YG........._[9...e..H...;...x.i...9^.C[.*".........(....x....3SH...Y.e-...........`\6...[..si....m'~..45...~j.{..8]......*..B..{..b.Gr....]+..j.j..A....I...:!.....J...59wi.....n......Jm.r..-..L.x....3.!.7S..?`29pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Google\Chrome\User Data\first_party_sets.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3EEE52D9EE9F9D21D02F10AC6FE481C0
          SHA1:ACAA737C72502324DAA569A4289F48D8457940F0
          SHA-256:DB97756369D0206922A4E2C206D79FBB28771EE5FA73CBB46A19BF4CE677836C
          SHA-512:77AC3F90B8FE8CD49438A49CDEFBC0A12550A49C899AEEFD2387F3A18CFFCEA2A87BB32D408F6679A0AAD1DE0BE1276D2470BB86359FA3BB961AF8E2AD26C7B2
          Malicious:false
          Reputation:unknown
          Preview:SQLit]*.#.J....NBQ.|../..|4i......y7.......r........u..JgA.e.YY..sz4...t%....=.D.l...r..@#h.u."..".P...;.+.<.t.r..v.9+.I9?..%....f<..9z......y.o......p.!.1..GQl..T;......Ci..1..t..$....^.k .......G..-tn.L......L....6Rk.X..9i.....Oy.....n...tk...t.P8....O..q0..x..qQC....gcFP...bPmS.......*..e.pP...5......5Q../....)bNu....x..W..."N..XW..?.vz.........]P..&.......]n.w......h.CW...\......./0.~.RA.3.....W+.E...0a..T...ru.3.v...DYj..J#)u.._.v.OU].<..-..>@..9Y.*%z.ax.:x3.v....v.}.. 5..BI.$..?...G...8..m|....r....".j..hv.i2..M.l....0...A..E1...j..~r..f..,.|p.W..<98.3r.z.2Bw/.....((.w..1.....n`.u2..wzbUZj'.O.v.F.u..(...:..AD.6=1.r%\lR...J..%...v.[GJ...l..8.X\A.~.3...j.m....p......*.D...I.@.<......D~.(....$....{}........L.......f.\0.veuI..._...f.Z.H..*.}..O.R>........Q..(....]..l.$h7.7?.......?S.s....Jl..Y..+.E~.o.s.C8.A.q.<.._.?K]%...LRcX.>CN....ja.+...F ...9.`..r..@...u....wB.\....|7:.d...K.b\.O...r...U9....14.?S\.l... ........

          C:\Users\user\Local Settings\IconCache.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:80C9823A825D94472EE36C17075D6F0F
          SHA1:760D338BCC8BC6C4308DA07598AECC9895E25640
          SHA-256:CE438A784B2D697AD54A7A736FCC286F3B614983482625C058FA173E7B071DD0
          SHA-512:51F412E712ACD68369BCCD29D573529BB8B5A90AA4B0E370AC26DEFF814B51FC23FB9231E970197D71229076BC681645F19181F72638567A4BE03064CEF45C93
          Malicious:false
          Reputation:unknown
          Preview:H...W..`....!.^!........^c.3AU....D....V......+...k.Lw.x.)|.+s.9..Fioo....>8..R...o....(..0..Z...FD.|..Toh_..}.k/P.?})..\....D.(.%.z.......\8......}.....75..%....q.....zw..m9....q....<... .C........6}.....#.U.c..O...+Y...d...`...!..,..\......+....Q]...........J...L..p...aP..wqQ..y..4p6.fT..Y.\....q..i..E..P...!....1L.Q..=oV*T.....s'O.>..fm.Q.c.ew...7.....ZF..^5..c..lsCp...CgIq..r..0:..... .g>4g.0.*...X.javmm..&.qc.-`..o.--:.}....]....41J.["qn)........v.._Vbc....Sr..lH..L...,.....}.. .U.0.d.$.....B...@B.H.8.Kl;N.=..i..K.&.(..uI.<...!)}..n.......a|C...SD-.".?...y[_...Bn.i...`.v..dPb....:.q..0.H......tz<.z.<.6.'B.l...h....!..Z'........T..}./..%...[.?..R".i.y....wh.i.$...t..I.)P.......7dBO.$(.-dvGi..I.....@*....u_.. ..e...t....E..2^..SG...b...0(....&H........e)VJ=4.~G.x..2..e.....q.`../.,..)^/.....+..:Dw.....j=.....,u9.....y.;x\%.3.x.f....CN.......j_R/p.&g.s....).e|h...f`.2.y..E.M"$o...~.A-.p...@.W.6O.,.d%.%O..YV?j..C.@.......fP......{..a..=..

          C:\Users\user\Local Settings\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651FDC40-16C0.pma.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:AFBC2D0C96E9728118620A6A70809054
          SHA1:04FBFA4D152C93CCD47AECFBB1036746976F26B0
          SHA-256:E312A366CF8FCBDF7032538ADC74D035AF6664BE9FA2FD6BBD8A9A7B0BAAD1FA
          SHA-512:E000519BD8C5E8F1B935DD973A6B08E25F876FF32CEC85700856808634733429F54BAB0C9D7C78A05CA21AE97D242C009D517E2689BB6E889D195A3C42DD9452
          Malicious:false
          Reputation:unknown
          Preview:...@..e..b}FR9.b$.Uo.vZt..".<.i../..p...3.[j..I..6..c.Q..B.......D...2N....:%_....A@.{........2..U..P...LOE.G.:.h)O.M...]....zd.O..x.....!..Q.2...,....e..x$.B...Iw.p.sy...j,9....^(.S.c&.%.%...[.w.|!...h......D#U.l.....+..........7z...@m4.k$.X..Z......f...e.........N.A.Z;]m@A...SH.......V.{*......0r.S..W..........zA..N>.m}.iSy.....+&fp.@.ly.[......!...p.).L.=..ihk..r...DU/.......r8.5.!.}...Os..z..5.l.+.}..(=.A../r4?N0(.U.<..E=.tg0l..R_.A...).*....>A...bd...@..u.u.L.....7.......n..TNg..#.#.....'.[.....O........MH+.m\{T.P....%.I2.0(H.(.........?.:!]r.)I.....M.3x.........O.Ev#......&.G..o.VT.`j]...$..8=.WV?fI/'s..p..t....1..Z.U....1..~..{d....$....b>_.......}.C...B..6+.&.N&i..c...i.Z`u..50%...s...C.6.*.Vj.a.>h.n...H.>....P....d* gu....#......7.`'.Y...J.`....J@.e{.aj........CkI5.X...X.t.F.U+.+;..2'y`...........A_(.n..Y_%......@....q..|h.;..i.=r..4..ED=..{,jB.1....?.M.w..7.N..r.-.:..0..v.w.....Q....I..j.gi....f....U..L.y.[b.@..<~...]'...

          C:\Users\user\Local Settings\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651FDC77-1B20.pma.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9672313A0E8E9C3E456E4F5E3D8ED3B9
          SHA1:5355D935C373A7E3719BEDD5C93CA1422DE406AF
          SHA-256:32380FE30114EB754FBFDEAFE87BE7EBF3FF38053FCB2E1720C7C8A8414E21BF
          SHA-512:5C03EE822A01BFB6A039253B1BA45D3547C00363700057D168B58C79267ADE58630EEE076BD8AE0AE5F6FAE0DB0798C4535A72B2E0DEE03CFB535F9AB376B7B1
          Malicious:false
          Reputation:unknown
          Preview:...@...'....v.c..n..V...wz.9..R/..."CB....N(..y4....Z=.kO.....iV..N.r.p..j.rO`B.Wr+..01(...}.qN..V.K=[.^..y._.. ..k.!+..p........*n.y..w.J\kr..,PR................2x.....w....sM...R%..."..]E..e.....]8...>...f....L......y...'....=B..y..c...+Q.A(I..ZI........1f..]d9...I...A(..#L.../....+n.6..W.h<.._$4.nn:....\....J.?e...V..!.%..@..}.r.w.#a8..t6........;.8...Q...S.h,)..BY!....D.... 8.G...q.U&F...^:.Qb....O .[.nd..r/.S..AJ..)...I.......:\.}.......J.i......K0D.L.\..a...?.$w....<....!x..Ud..U.?..Ug.S...v.].2.|....FPl..8V.......e..VK....v..o...>].....>.T.6..x.........`.K.xKv....@...{N.8.Z..J.`i.....&...P?x}D.].$.......N".r.-.|...=......3..H]..8j,.G...9.s...m.*....<.......UMd.......4q/.n.._3/;i .=O`.J.K..x..f.....#.D..`.(...N.......=.l..'j..J!.P.b..&.gK2W.....(w/...Kt....`......L. ...D...=^....%2>s..nEGP3.3....,.....4....a}.......t[.Lo...>/`...<W..|...n....g.|P.[.......gb..hg..Z&..~..G....~&n.....tp(..=.v.g......*...X.C.Y*....s.?....*..{......C..@j...

          C:\Users\user\Local Settings\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-651FDCB8-17C8.pma.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:264B15EACD85AAA959CAB4C62DB6D462
          SHA1:503B9F17C485E720D8F458640A3DC38542BB8FEA
          SHA-256:F96D7C3360654A8C26CB17D5540C5684AEEEEF1D254BE37157D23C1C06631C04
          SHA-512:F23AFB58BDB89ECD7E2F15C495B799CC7DDBA05221C44C7A269FEEBCB6439E140D73E179BFE61066B807AFF94A0ED30CC6D6FF4DC4496D54A319557DA45A174D
          Malicious:false
          Reputation:unknown
          Preview:.....S.....t.v..F..^S.w..Kr3...{8.D`?.,........{.J..=..tk.....G2m\ym..W=..2..K>KA3_..4..-..+.$.iN8.(.....a.d.:....]I....c...5|. K:.X..U........n..y!..`.9nej....*Aj........ ..\..........a..l5"%...{..'-............mM.;0.....I..\nnPs.z.G{.K. .;........g.6b.....!....V...J}YCk3..Df.......g..X....#z.j...X..7+DRA?D.....t...E'#...L....w=..O%....[j..D.+..w..K{.%Dx0T5Jk....o....k(ph.!.O...7.2._..,....."...m8?.n.i..K.|Mh{.' ...T~.|.w4.Y...?r...O......4...F...9|...H...no~.!.&'...9.T..]9.......M...j.$......XL.J..._a.V.d...q.j.9.BDX9J...0...K..7>.R-..8..C....y.._vc9)................>..(gF*.7...W....|.:.I.<......5.b..q.J;...8U..l.k.~5G..z..n.3..O..@T...g../..:..Z.\....r#H#wN..[JkA.kxf.4q..n."..R&...H.4....|y........\..N."AV....XL)..s.G.{!....).F..9..b"{}sj.<G1.c...M.1..C.......S......1+..~e.'.~U..9...`....F\..'.i..oZ.4..;^$.D2,.@..$.V.".....9>..<.9eX/..q.B......]..W..<q.Q.........C.\...<.s..i.;.........K....S....z..d.6.@..bu.$.g"...q..R+>..:...O.l.~y..gD...

          C:\Users\user\Local Settings\Microsoft\FORMS\FRMCACHE.DAT.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B428D7A92495BF776CF01445D66B59C9
          SHA1:7AD8B720E3C61326076FBDC7F69FCE57C4FA8DDB
          SHA-256:4213827C3CAD5D49360E8214AD6CDBAF7C4CE91103FCA41AF135D39DD6A63156
          SHA-512:E73055EDD0D1A7A8C8EC8D447E62028152FE5FA6DBF905C2C92A81E1E9B6764CFE011616B67B89E8D726282B0824FDC117236B007B0BB6D644D13BA4397ABE88
          Malicious:false
          Reputation:unknown
          Preview:TH02...7H......$.S!..L....g...K.......SC.[...]2,m!...0.V.......D..v..U........u.DHS4.....4.H.".l.bp..i..J$m..Z.Z"1...rr@..Z....h%..k;M)0`....uJ..|;f"3<....W......e\..c.MQ......l...b....W<1.2v.G..s........I..Ji...=T. '.....%^..?.D.w....*...xz-M.v..(I0.e.u..X.I.$....+*..4.L[f.(..K!AE....%z........N..J]....#....=.gU.@<A5.o..d...c/Z...18.Q....O.$...Y.me."....{.71.T...9...P.........>+....".f....?.<..F....,..d.T!.c.O2..cG.f.Nju.Qv.A...!.....&.".a.i....f...'=..Z~..2..0......(.2.gB.! .........Y.iM7.m%...x...~..N.Ag.?KX.|?.- ....`...g.......Wn.6k.....|El.~..).....s.;...<Z...-q*0..p..$.%/\.:....c...i......Y.\:..R.3..gAK]...y.@....7+c..h...m:^kI....L)..Q...Q`r.wr.Q$...4%):..-y'...?.87......`.}c.m.....cD.r.."..5...5=...TG...d...%i.8\J...._....|..\....])...!..kS.!...7..\..Y.1..h..?\(.....9.....k....2{..WJ8....>&.?x...Px....b...I...u.r....b..c.|...U+j.(...[B....6.."...Z.f.t..@...^..+W..-.xhp..H..q.._.....vo|4..IA.JI.G.o#..M$f..y[5..=@F..2.Z.."..-

          C:\Users\user\Local Settings\Microsoft\FontCache\4\CatalogCacheMetaData.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:844E1ACB8F49002C92B2A4BED7A762E8
          SHA1:32A1B9EF04920A455C9C4FAF84E3CB44568BD96D
          SHA-256:AF89FA049977FE8B5E80FEBEF24E0B47C2D0AABEA1DE92B0E468560D0A2AC190
          SHA-512:F39AF647DC92474A47033969F6955315DC2F91AED826263B82C1D178BD0A615C5454DE530D05067466F23FE5DBDD52E642B3112339BC71D5F91F8A4EF3EC07AD
          Malicious:false
          Reputation:unknown
          Preview:<?xml....4.......P..8.(......eq..xR....f.a.s.]..d...Di...+6......mC..w.9..d.......`.l...t.....a....1..#.h..V./9..6.......U[....n.....`...N6.[WT.|9-%...!/.o.,.......k.......\oQ.7..)..Hi2{..tS.eQ......U.l..._.ywsE.......O...{+.tyP....x7/J....HE....].q..2bQ...WM0..6..F.Ct.{_..Y..a.{.0.3.4.>.#?......z;$.y...hZN.n.x^x...g..`..x!...D.....n..4.n5$G.!.9<sC..k....|..$.......2...P...g.<s.c.Y...r.iB&..y..XR..\4.XJ.jR.nk.&....._'\..{b({...F.HTr.9@.......H%Y.(/.x.*...].M.V.Y.. r...c..#V..).....-.De9...$I.h..W7.l..{......P.i..<L..?.../..N>.@..e..s..J9..@...dlz...8X.....n.....Qp{j.!..6..M..........{.T.8.......3M.v...!..h\E..CAH.....-z...Zg.]W..8....a.\d.Y..>.c.p.H.;.....dt.(.H.../i.+...#...N.6...1`..)..pQ...7.....==w.0..(#ZbTQO...Y......?.n...f........K*..6...P.0..tdW.O2....1.#.V.<.D........=.zS.j"E....A.....;."+...x...V.,.....6.:F.]..>.N.",....7.tR.>.1/...E..6.R...a^....../.....[E.u-...../j........b.]........}!..Z...a.:`..+.B...d\.!7kR...y...

          C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edb.chk.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:BE839D8DBE5FF20715DF06D8587B1A88
          SHA1:933B314B1E6624E6ED9BEAA02E4865322DC0DE36
          SHA-256:6C89EB3030201BA40991B90AD94B1CA3376C794380188A5E14A4FAF9B0A012BA
          SHA-512:C452605CAFA804B286124C84BA2227CE1B02C4294E92E4DB799C780477872C3DD82D2289DDEC7053AB6E8AB27B197B279F1A60C25565FEC0F8F867C210B2447B
          Malicious:false
          Reputation:unknown
          Preview:.#*....,.~I.d_..A.#.A...O.<..g..#a......i#:.n.I+..@.ty.S.1.....`Z..W..p.t3.Hc>2..a....v.O.B...y..l."CU..z..-.u..d....m_.&.V.PHb.O.q.p%E..f..o.....]U&..f...@.^_......r7.x...+>{.D..... ........KU..d.Ei6)1"..-..b.....6....Ax.6..<...{...~.n.-....._....c-..\.......B.....*.....K.........7...!....u`.-.#.jG$.....`W..D.8s..G.*>.X=.he....1.i.}...17..[.Vs.}2B..w:.Z....rV-.v.....\.VA...cO..|.....<..(.MQK........HACd....O?.&y."tH..;0.}S..........esRz.O7.@5c...3.p.%x..3.M.p\}U.<e...U.....!.?.(.x..e..h...o...H....!+Y.G.E...G..wm..u.....>Eg..i,.........] Z=..U..+I.`..u..f...[..K...S.I.~r..*T..&9u...j%.^4.........z..8w.~..7.[..,...g....Jd.cL...Y"q.....T...,..p.....P.zm.T.Pu9.a..2....W...*4...!i.k.H ...x|.._.W....N..v.U,..{~LsR.A;w..#X.N...6.}.3.D...W.....R.....#s.4.Z.r...p.E..k0..i..v.A.k..P.+...~fvG.0..e..X..1J....W......3.\.+..#..s..2...E._+O!.v.j{.H.....G...2~c.....z.....:QR..l@tO....=..K...s^..~....z.bARX."..i....j|p..u.....cJ....M.v6..m.e.7...}.4.3.t......

          C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edb.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1E6F052032AF0F85AD144F60EF8DFDAB
          SHA1:68EA17C161201E5AF112B9E55787A649CF21D5FB
          SHA-256:0BF771DFEF0D69E6754110633DE28D13C7AF5B4632B491A8176DD5B71F929EA1
          SHA-512:5A929E37E3F0FFB057B92AD77EFD9C91B922C3165F3DC54258DE1CFD124B7DEAFF97A9751F69E40A17154C0F6394F6173A777B4CCA2EA25E10C23BECC71B46CC
          Malicious:false
          Reputation:unknown
          Preview:].....H..P..........\;...q'+..xC$.P;..j.[..$..}.PrF.. h....;b...B......2uT..$h...7..4..Q.In.......o..)Fa......}i...).....{..D...!.S..r.)6X..!y.f"..n.....y.?.O.@%.I...)E...5f%.e..7F....w.&....N..Z..LE..~..........>a....s\..9X&.F..=r..M...w.|K...o.ou..1...<.M.....!....g../.u.#....;......ys.............C".....KO..%..`..5..`....ML..!|".le?.a.p.R..6o....?.&D&......K.Z....ZX?c.s.L..m3~.:".R......+$.%:r..$!cl.....zmU........._.a..[.o7..~..y..C.!q;.ICs....bh.......}..P.oj.}!t...Q.".f...p7.b0.0..Ro.>^$*.#....vN.Y.Z...k.}{2.5g...s.0.C....r.......Q-8(..y.S"..a...}..<....q....4...o.*7....H.H4....p...7..wqt".....e+..&..ze2...Jj*.uZ.y.....&{.t..#...Tp".@..j1...U.....[..b......?&q!....Eg.=.N....5.|3+...},I_H...>...:..M.....V...,]...C......C......hH ....=T.X=.H.~J.g..y...8..`...+...uv.d.... U..........b-..!bw.!..O......:..].*......_......P....98T...>./#+Q.{.=+H.\....C*e..*H..{...F..l..z....f....o..84ES...n.wWI}..g0.!..'E ...%..^'....*1..}:4w..7. ...}

          C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edbres00001.jrs.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FB147642182EDDD109E0F9DBB65E8065
          SHA1:D64F636BDCDCDFD2F43284CEC0E4D572549EFBB2
          SHA-256:229C1B96C34045005E6F13242D6267B59A9215728C2CA10B4B5F6CF0FFF0B2B4
          SHA-512:8BA7C0AC0412FE6FB0A3A6261F900D61915201D8A45950A5DD57E37BC02FA503745D837F4948D844DD84DC06B209D1686E8A8832BA1FF0E16749E3F728A67F12
          Malicious:false
          Reputation:unknown
          Preview:........1.KL:_.h>8..\.g%..<.V.wd../.8....=./..Y.T....G..Z.]..'.X.n..,\@s..!....{.........^...d..<...".+...!.0Z...?..FO..<.B......GRyt.D.+b.....}...l.H'.\.g0.k.......L.~.....~zv.|.....a.~.f.4c.k...z..'......N ..;9..............@"....w.......F....|c...+...-m..).uN...D....... L..qd...8.}.J!.W.D.K4Cx.z....o.@G...-...`1.Lpb*CP.(...a....Sv......|...|8.g(.....Q..!e-]....{.H:..;.s......T.j.......1).)...3Y.....4...C.w_...Q~ ....R.d3fX..'.@..v..m.S...[.E.3.+.....s......$..1%.`....c.Ja.......yjy.e.!..1...w..2c.R.NW.$.*..^J........9....+.o..v..]....U-.LW.].l.\|?...l&s.{.*9N.{.....!..3;...~.u..g.Dv.O....!.T.>..._H...N...l.t.....}.k%..5..loS......|,...O..+^.K7%.~6P..."..H.`..K.;.B.z.:...-.r%g..................a.q...U|.0...t..d..$....+.SP.#...m....H...D&1....=..U_"S...y.../..K=8....4...TR..j..g...V.5..y.R"..Y.f..N..3FGq6.Zuv.q../u%L.r.E.k..li)W.Er..'..;.)p.......H.j...4.2>.%E.._.f....h.......hi..)NK.VB.:.u8...M.X..M. ~.......n.......l..fn.z.

          C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edbres00002.jrs.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:927F057005C081DFAE482E50628548EC
          SHA1:CC72FA905EC291650773C7506F8E5EFF465BD2E6
          SHA-256:F34A25DD1E3C579E19E10A165456A88003FCE7E42B0EADE336E8073412E8AF9D
          SHA-512:0E977E52FCF44EF0019FB134D8AFD1AA35B656AEDA6B40F5C336AB4024E20024CC77AA7481E7C6E35754344DC945D2F749030DE7711BF89C4C9C5EC18875439C
          Malicious:false
          Reputation:unknown
          Preview:.....c.>...]....Ff..R*.7Z......-..m...e.#afB....^d............T<....5o.sA...5. ..(3Gv.......S.....6.r+V....H...~....W...S!.k.&.%<.............I......\..w(.Q@.-.....>.c.X..l.\m...!.F!.........9.R....<0..Q6........y.v-@.e..t..H.|./r.I~M.!}Q...r.....h.-...l.M.Yl..g..(y.....i...=/.DL6..e4Ho..w.O.ND.c..S.V0 ..>Y...../..Xm..5+.;.m.w...Z.!4.......U.w.(...q..[.K....^...0...........X.EY..rM...}.../Q=...6R.....N.G..B.,...{g..eo.og...e.,0.d.0...o...R.3.9......g.nc.t.<.U(.y.3p.&..s...N)}.p.3.c.rX...._.^5..F.7:3YO.,~.V..O..VY...$x.....Y...I.v....N.*..........A..W...IM..E.....(...a.......X .B".&`W..TQD.)r)>s.5..i^u...(.!.....3..O.#.,...se.H*.D...>l...MDo.&FU.....0..j..2..-m..9.%.lo8......3W...WHQ..:%..A.7y%...5.!.O.K.=...b).A.F.h..U.....o..9. >`......G..Z.1..[LDf.R..m.&.w...T~"..:6o.U=..Q.E...(.7..hm$...WP...,....@.....0,P..A..v..6...."5.l.E:D.O.......w.Q.jw..c....."X4.1./K..6..R........I..L?..mIj.qX.0$...7.<;..h...D..L}.$.......7..:,..EX...U

          C:\Users\user\Local Settings\Microsoft\Internet Explorer\CacheStorage\edbtmp.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B9479AE03EAE058D3B5C3C630BE6B007
          SHA1:6F38F02ED01D88386BD2ABF4BA9A7F5EF4919CEA
          SHA-256:E8A460F197BBE872BFAD4A78A43F7C9A31317F7FD7F7BE88532C5E134E6E1818
          SHA-512:98B8373758D4143EE543304FD594EE8F02F892E0E48DD5E6C6477FAA50629BA003533AE408D9DEE8F60235F74D5DD2D3CC47E39C67189427EFDB599A530D2384
          Malicious:false
          Reputation:unknown
          Preview:......F.t.l.....M._....9..R..o.....M.l.q.^.....q.........-..n.r.f.V.1...6.j..H...%.K....^9dI/.5a..S...|..V...b3..z@...p.h..l..TF..T......l .j.;;..9g.(..t .......{.I..0.zl/....*S.....(D..H.....q[.....vR:...&./.. n.NV....+..I..<....g.e2. .m...'..UQ@.4~7.d%~~a..b.0.~.u.E.%...*k...N.Zc8...-$.4.;.....@.b..~.....k...xot.>......\.f~XF...5.^.|k~...Y..w..p.).~......Biz.]..}.j..a......W.05.......-E.I....v...m....4...._...,...H..!.bt%...~.8.....%.f..&D.-.,.v.G...."...30......jo..t....x.[.U+~...`%#....q5..,a...K.hYm8_.....?...R...e..........,....[..W.@..Ln..n..O..(}:...........>...d.Ob..#.....]e.....*.%....radl..6m..#..]AG.bd.q...c.%(..XR....y[R......tuO..d..S......!!.e.6.g.._...p....1......~....0..N.C...*....yd.Kg..)..s/....2....T=..,..A...z.?5...]._n.h...Y.5..B..v...?...7B..$^j.w......j.....JwWk.YF.T'..)^.#m./M.C)%o.$."\1.9.".....~.....:L.E.HC.~.dV..}.I....t..O......K..'^I.;.[........>...*/.<...N..c....M.E..|....~..x.^.*.$F.*.n.E..z.//|}

          C:\Users\user\Local Settings\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:BD25166EB261C5A5BAF742FB48FBEF28
          SHA1:4049B550DD42D47CA755DDD177CF472866082E1C
          SHA-256:E9DB87759A853A7C2DB0B84212602EBCE6A443829B583C5E6ACA5D5DA00BAE1E
          SHA-512:898EAA14B6C10132ED66496498EB78C2A360788EAAA00DA86ACA436B6BE7E124B046F352A828AC8413D305D10D4A2DFED0232669C57182E84D6CDB6456F2D291
          Malicious:false
          Reputation:unknown
          Preview:<?xml.d.tM.OA.?...... &.....Qv3a..%.8o...hF.j..=..s..t._t.9..r.(?.Y...F.h1......L@...!X.\q@..G(....&.n....szG..U..k`p6.q..P.5t.X3.y.Q...I...W..'~..Z....\e.r.2..j.>...F.....?.'.....>LJ.. ..^S...9.>H5../dn.+..T2.......[..m...XSH.R).|..........c(T.........s.LiK..@0.<c..fe.d+.>.r.|.............i;" !E.1....M*.\...._Ed.V.}.*0..6E.....&.!...(mg3zB....e...H."@....$.|.-a.S!.!@%d..&.Q3-^. ..%R"..H.c.6.X.W..<l.M\H.^SSR"..c.z..S...g...Tr9..J= ..K..Msj....9......`.a7Lq.f|.;L...N.}....?].a`.....C..Y.x.zN..`....^u.B.^.0......=.RE....dd.r.)Z..+.N.4..aLy ...A,.r&%....i.a.<h..%.1.../...U"qI-E1....6.........mJ.....%33L.E.....Vw7/.R...L9'.vTm....c.....`.%n.C%....\.4.:{...Q7....+....f......&^.J....4r....B......}Mq...........:.....:...`...*.S}U...O.....i.Ild.>8.(k...B....+.7.a~...A.whxo.e.....g.=.A..~...?.I.W.#.Tl..8I.~+@...Q..m.*.............A~.M(.......F.....i2'L..../^...T...2.`..G.i.....{..Cx..J~.D.8hOB.L.XO...|[R..d....i0;.E........Q..XmI8`..8.Fy3.y.R.....

          C:\Users\user\Local Settings\Microsoft\Internet Explorer\MSIMGSIZ.DAT.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:68ABD17897A58C1B68A313BFC14EDED3
          SHA1:8EFB40E3288563CBA95D7C307DC84AF2BB9A9076
          SHA-256:0B24B542D731C63886C59291090A3D2658C93D3358834E392EB447D3D0D087D9
          SHA-512:872EBE7CA84B40B85B48B023CB07860B648C4FF60C206A06AFC0709D8FB49C635B9F5EA52BEBBCCEFBB245C81751A1D56BA3CCF2554426F20F6C9DC700918417
          Malicious:false
          Reputation:unknown
          Preview:.......@...g.a.g!.f......3-7$..j;..G.@..L..{J.ms...|_....X....V).:...d.2h.hd.!{ S..g..Sz......Z....o.Uy..q....].7mh..dt2-5PQ.#6.|.......G..Ch.6.........\.n..$bH.#.G...J,..N....-:.G..f.u..K+=.).1.7....Wj4.....*F....%b(%..Fd..T'_..sN&!.......r.....C.88x...wci.Edp..1p.:....?..^".-....k?.R/2..1.P...kb.~...B...H'.V...Qt.4.0+p.=E.-T......o.f.g..3*1....T`.1.b..K.T..d...}.2B.GEZ........2p....\....).C'.E.....p.I.n......\...s.SS.....c)j..Z...^.K:.2B..i.[t..*.Mi....m...y3eK.T.#(FK.......w...f...0l .Jh......Z..O1..=u.l..".D.=..o..RSwq.!D..BV.....YE......_L.Q.:.M.......Q.f../f...=*.M..p.:.?5..f..g..F.`..\;.......~.^.=...N....?......|Ba/..G...V...r...wc*L..........YC..<...`F6..p/........F#iRL..:*qd..V..zu...d./1Sw.u..w.T."...$M....].."./......kH..H...A!..............k.....C....5..Ba......8oKM..;.b...Y4...I.-mx.......J.o.1.hm..vY3...~......gA\..j.............o..p...H9<..e1..J.*.....p..W..pi...$q._.2..!.....*....C.......o.w3.."..d....e.z........v..,.0}!...c.o...

          C:\Users\user\Local Settings\Microsoft\Internet Explorer\brndlog.txt.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FBE3AB06E3BB477037A66209DB7787AE
          SHA1:6B173A80878D397E27A4C75F6AF6B009955C453D
          SHA-256:52D2E296227352DD3D432F8DC58C0E376653C43C2768C38D97C3C5DC050BD917
          SHA-512:39367162B19C799B0E5E7CE4D52FDEE2F461072E564F5B0D9A8EBDF32D0F7EF85F2BCC0432B0D58ECBD3311158021B5C18A05FE34CF65B2385D698CD36EE8EE8
          Malicious:false
          Reputation:unknown
          Preview:10/06...#7..j.#}.x..q..s...0x.%....8...dF.{`B.hL..o...g...z.h....1........D..Il...[!l...6....Km..0.k..|=....../4....].O.(>.9.<l..%.%....Tn.Z.3....L.{`2h..6..f...0..B.r..<.....q._$....`...R.c...).HK...!..V.E.4..K..<....v.1%c..|.I.#...O.c..........Fe...F ........zf|.Y...R....q...HB"3:.........|...}@U..hD.....:.7......o.*...cm.7n..:~l...L...{..QH.Xw5.4.<.3.._a.7e...^F..jbn.+. ..&O..!:;....V"W..#>LSXj.0WvO..c.f.....N.....][......1K.FU.-..{..F.;MY..G4|.iG...9.=/R....G.K_......F....L>}(....N.M..j#=.RU.(WL^.[.9.f...`k:..J..............5q..a.......#..G(.}...4.......C........E.R..ho...0... iI8...wR)..Ip9.D.4..g....1..wH....o%..R.....w.i{ZY.+..}....F{_....l,.....7.k.P....H...{.L`W....bt..G.....A.o..Jni[.y8O...._..I..L.fA..olz..C..U..4sW............@8?.I....>l..k}..7Nx.uH'Ey.@.1.G&g.v....}.....#...B.7..........%.....+..`..%yEF..._..9'o...3......c..~^n.a.Rq.u+...x&..]M.O...".U.......n...E.X.k.. G.....qf....})*...Qu..'..+.fG.:9..>.1.C.r0j..`..W

          C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-ClearIconCache.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Unicode text, UTF-16, little-endian text, with very long lines (461), with no line terminators
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2DA7B512B4EA42E36083D9774AE0DB8C
          SHA1:C105A305EB64D4EEBDBAFAE6BD7BC355BB64AE79
          SHA-256:8B538A8D3C5030AED2DE2D82CF234E5E911334A42EB901F38C7FA1E9D66D5DE9
          SHA-512:1DC47250CE11CCBE465AD1886730EF346AF976002E8639358A645D9ED72D0C76D2A477DEE9ABB79B08C93F832F9EF8CE0F195483004D1704DB265EC817C90908
          Malicious:false
          Reputation:unknown
          Preview:..1.0'.(;%..>p.m..c.U..-g...4p..n,Qr.em...H.~...E...p#...D.:I..`!t.......].).T.u...[.n>.s....mY..B"..+...7._.O.A.X.q.... `...]*.....b.......A...[.K..>"<....v...u...&..\$.?KQ.c...L2s.\..T.z...........qxK....:/!o..P.._....B.A........../..PZH.Y.t53%..s..a|eR.VC.JSn>0j."..-c..eOg..F.A"z..~i...e...gL..m=.4...)..r......SN.c....i..J..S..7.l....R..i....4Op......&[...Y@q^.../.o.h.........]..bD.$..L.+..e.=sp..I$..4..}.C..0.DS.b^....$6.t.z.C....[.h'.d_.}.x.AhI..uL.~.I....U)....8......M.Bs.r.0.....G...g...6JG..@R.}.{B...o.8H..^..!...7H...q....J.-G2.L.V.....S6..C{...0.GD..K+.....q..4.0%..QgD.|.Jh.u>..d.0n....E.\Z>...5.W..4=.wLPY/|..J.*.t.i.>E.a....].C.".. +...8+kU.x...t....t.xL..:.&.X=...(.B..?4.3..c)..goiY.b.fq1.D..5~_0..b......H.....X.@.dE.v..1H..-....,.t.j......[.'.XH..L..0s...e>)J...)V.w^Z0..A/c._@.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Internet Explorer\ie4uinit-UserConfig.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Unicode text, UTF-16, little-endian text, with very long lines (870), with no line terminators
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:90F719DDC72D9F4A212E9DE199F98B5C
          SHA1:4C6888D1F84BDE466EA6D290FB0BA5C9A4682EB3
          SHA-256:9540410D6E122B95EBE680B699BE4966FA10DE630779290A23EF89FCC5A577BC
          SHA-512:1019A38F1CB3FE3F34DB00BA16AA2B2561F3D76D6023B6EC2E528D5B2B0DFE3661F240D624FDBE2B9FEBB60533E0411B6F1E838B425118F6CFC1735DEE13DE50
          Malicious:false
          Reputation:unknown
          Preview:..1.0.(...'.h].I3...<.. .:......4.$..~<..&M%. ..p...8.o...q..%~Z....%....RJ...6..M....U....N.bX.$...........4-.A vB.%...7.A.e.:cNe.......V.....g.......tv...ip/.... ..N...5.t6.?.... .../A^.c......>.X.......7..p.. ....*I..e..i....l...dh....F...G.4...w..l+.<..g.<....f....>0..~.`;J......yA....../..,.....j<Hk....3..w......[..:}G...$. .q.....U..7..{H....!..r..i...;.7...%..@..f,b".$..n=23`KAg..a.K..V...9f?.(.U..G.z....,42....n/x..........j..(mq.....tt......1.T.7..9?...6.MC_.\.6Q^B......G.....T'..P.X.+....M..CO..>..w. .N.Z>.u.J..1...A..y{..@...'...B...P.w....p.sr......4...$6|l/..EKZ.......+..*.I#.8.Oa.C#.....0...0b........9.v..8.Jz4..D&....-jU..em*.`Lq.u...w%g?....\..`I..`..U.b<..l}.W......)Nn.vF.....cp...>..G.....Q.%.X.8.KW...n...;.m..[l.x.1>..P~......WZh..:...$.......,0P...aHT....%..K..N...Z.h.owv.?..E......R.......nd\.'...*:g..N..$......^>@{........Y.9..B....C..:.7.ujK.....).....e..6..k.q.Z.*<u!j.]...l.o4Y....g.. oG..S..hV....Q.$....3..._.&.J/

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9445353F6B91D188D0DD086227D4B18C
          SHA1:E34FC3C613D7E6FF463B0E51EF38F54B51AFC5C3
          SHA-256:07DCEE3328B26BB9A3F3D681A2704414402811D947F841B320FBB3A039B6DF3F
          SHA-512:C7AF556E86B4EEF83BFCB52018EA1E6E1307E8277160AECFD61AE7EEC8A1319EB9FCC206C0C26BF768AB5D9EED4A20F13DD87994FC69D410517AD8AF59534238
          Malicious:false
          Reputation:unknown
          Preview:<Rule##.C.(w.=....I....?i..Pm8.#..r...#v&........p#V.......|R..=(}@........I....Q.#..o.g=0.6]..Z......|fsbEi@........i..S.;..#..w.-..G[..o....[..\o.W"q...(..c`'4.EZ....I2......)..L.#."7....%.F..~..?........eM<.C.4._.N....m.E..2o..(...d..d@..xB.7..xr.....cQ.o...... ...).5..a....b7...).;..G.I. ..........N.U[|.k.h+'Q..-...p....f%7ZU...} [.V.r.$_...Sn..W.^......!...[..Pw..[.9.o. ..(.g....4....l.gzb..0-..Lhp.rFE-...s..=A..W.....t.Xz~w.:......._9..<...wh..D.~..n.....H.d.3.5=....&.bHh*.8:.{f..G.'...[p..Z...W6:..S?DW.9......Ol(..M%*..I.L..-...0.MK.Q1.<.~..].@3....e..vKJ#D...H.. .W....Y.,.....e5.....]..u..Q2...w..X.. P.....p@,.x.&....uM.r._../.I.,.566.Y...&@n....n.4.m|q..-9..M.D..XT..zl..g2...t.3....b..o.#.cw~h..6!e....o.]7...hy.;.\1....=.s;.i...h3W..I.*[.....n..g.[de8...W....g....2."@oDq.V......!7Aij.b...=.DXS6,....$.Vc.,........e`..0.H.._........zt....:.$A.2..Q+N....F......j..B.l......L..$.*.P`.A:...,.s....0..-.............T<.[..9.u.u..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120100v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D87C1057C84A2CDA92DA79A515E7F5CB
          SHA1:1B93CA1F0A2F0BB2CE9C5C6844D003C37E57A5AD
          SHA-256:D30B6EB7197DF7ADF19EE0648CBFA1C9E0968BEFA7A7F7021B8CB80512D269E1
          SHA-512:3CF5138B4213F018094CD75225845CF8A3116884EB6479605E63008DC02F27A7148B2BEA00DE27BFC3851B5EA349F341B6D314C0D894C3F9E49199CBA23878F2
          Malicious:false
          Reputation:unknown
          Preview:<?xmlo..q ...N..q.}.s.P*......,7N.Y..B<c.V6...-x.@N...f.Mr...3bN]...i..y.8V#...M....=.EM.=.Fn..?k.T.6.4...^..|.W.%.M..e..F#.(..P=2.....U..n.X...e^.=~........FO.8..^.-....@.Q._-....&^.|1x....y..@..p{q{*.pI..i}F......&.(...w......1F....)...O%."/e.......i..m.L....lQ........?..".S88.............W.s.}1..=....y.F..Y..q...$"U`..Qc...E.3........6.......W?..j&.........*.E...J..'...-2.....&"....._T.[....Ph..c........*k....o....? !%4_`.....gki.. %...p..+..7._2....%-.G.9..=.@G_.uB.......WZ.'.R.B4.x`lX?.4.zl..F..m...D.sFS..5..K.L.p...e.....{.U.4HMvv...'\.A"T..M..J.L.'..(,..U....."...B.....#.&.(L`....+.....7k.e.rv(.....e,..%.......m..5zY+2.E..f._p.]-.w..1Y...YBI...b(\<.G2..z6.-,....].;......D.=..y1..H.R.........\.-"pG.KNk.u|.q....l..VB.Q{L..`.....b........BQ.....R](........H,..q#`...'.X.AY.U4.4p..X......n.W;&...lcF.X....C3.6....H^ ...]t"....$..r........6... .}mG.C.....K.5...YJ.4G.z...b.FDI..m....fU.y.>.u...8.y0.^....X..o....A...S.....)<[...V..N.Q

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120107v6.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0857E6E931013638698E120A32609E2B
          SHA1:CEF84DBCE3A5A5E64FAD7A3D03383088EAA813C0
          SHA-256:52192422BC4FEB1C18546153F1FF2D4C020154B97F1B752C49AAB3604C574605
          SHA-512:AD33BA08A9A7A74ED7D404133EEC9CDD44F34BD4B99626C9292DA29A8F5995829942181FEAD9A2713190ECA8D6B09D42D87C13CF4437FCCAAD62EA3F0E9593A2
          Malicious:false
          Reputation:unknown
          Preview:<?xml.ANy..s.$.Q....+-.`gVw.*.D5k..l...^..3..`.e.AO_,P..a.10.+..x..=.."..x.,x...gJ#.). 5....!o.V..%Z.....7..>..n.LAj.F,D..H....3.....;..!.".c...S..).....<.x...v..g.....|....<.H.<....!..{....j...Ki4.Te..+2^ZOsUm.v.....q....j>....y.i.........f3.a.|..A...iy..H....A.^...[.)6?.v............w...Y.E.dm...Jc.T....`...F.\..R.W?r..4.....f.lf"..N..8...Df....s........>.......v..'.......%..A..A...2.%r^\....1.".F=.6sz.v....k....y.b.....U.%;..2.y......j....B.;J.....hE.R...}6.e&`}..Kc..jN.~..*...r\o...R..D.i.L...Iq :).z.7........Z9.(..7\1.T.sO@q..Z|.v...0.].Wk.y.v. H..o..~.~....0..Z........Q.3..W.l..z+V..VN.l....q6...."].(..X$xn.....OF9.;.>.... @....j..6(.I.....M^.<...).J....P.:..b=.c,]}{s......0.p......:..lv.h+.5.`..\.C.{u.....f....d.c.J.!..QBu........@.'......R....u}..t.."\ix.L...m.....k.r\... .!Bp.....L.O0..0h......`rG..o.._.a.. ...(`y.ENl%[...'......G.U.nO.<.)'..oWF.....M...T[.9.`[.L;.....v......{9L2m..uU".U....@.....g.l......,....D%.|~.d.p.h.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120110v4.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E5425CC8D91A0DE49AFED0A05910201D
          SHA1:C90FE2B58FB357B011E3DA032AFB4E3712CEB443
          SHA-256:63255D4B39B7314CBA99EEBBC60A4645CB8F79A596494F8CB057E45B2F1420CA
          SHA-512:1542E6B82D2A550F984542C4B7A9C189AF5B2419781991D53305B9440ABA2ECCD516997A812A2932FBF126D20728FBA439B2504A89F83F9410D80D2FA04215FA
          Malicious:false
          Reputation:unknown
          Preview:<?xmlmg.Wq....Oa...&..:.....4.....f.D...,.M..G.g.PuA.A.Y..].^P.I -.......}..5S..E{.E..n...>.V.....L.v..B^1A...G.$....]....P0a......2.f.d..N..#.Qkx........R:....1O&..T.9......a.m.V1.....$%..u.;v..K..@.H....Z...k.'.|....r~V.5=aQH.S.`..+.a&.[Bd'.1.....t.Ju.fp........"......$...........HZ[...p..8..~./...k&.....j...*..:..-..Q,.Sa...m..l...1.U..~.....c....'........O....88.p.d....ciY@.qN>{....&...K.F...rt.y5<..(...Tb."y..8....W...g....w....f3..5q.m'....;GTJR*/u.:.a/..P.[....G..8yA.8..a.,)T.L_pM../...0#.....0.....HBxz.X.#Y@.T...'P(.A...{.m.QR0.a^.U. ...z?.b..j.8S...d.3t..0.!.....<.2...h.2....*k=.......8......;?#.R.v.....%..pA....6.i..LYc...[...\.D.)....I-...0....t........n0T.k.V1.=,w.....>....,....a. .`v...Tjd.L..%T...0..!...48.)...;t.. .......N..a...]Z....W..X..o.x~..zn.......p9=...&..."%.2}^D....I>(...h..9.%`.K.....%...#.....$6...Y..\;.....HQ....CM....h..P.0_...q.._..'.!...BrJ......9....lD}..OL!iq\..X.......,......z)....8rO?\.s".W.i&

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120112v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:05D367EFABA9A17E1C4C8ABA51BCDDB5
          SHA1:0E29E5DAFD7909A6126698CF490C0D019AB4E65B
          SHA-256:122DB1EAABD49C6B38115153D21C4EC4ECD45AF2A264110C1EAE19D33049880A
          SHA-512:63924EC9817E3FDF76CF4728FF2B7366ED4D1D0C8EF3EE16E61FBF04781C9FA670064D5FEFD535421F8DF144C3D2378E4406D42F8BFF69B7FB04E8C1E8E53C2D
          Malicious:false
          Reputation:unknown
          Preview:<?xml)...7.].-.`.w.~..#.$.!aG.Y..c`....l...R.U..yK...J.5...t.,Q..u.oh..s.<......D<..i.|......v#p..6.pOK.....Q.ck.A..3..8N\8.p..L.......$..S.?HR...?H..V..rq.'...S}.......>;......m...P.i...k.....W.0~NF=.";.K.yo.,a.......O.._R$..h.S..4.....Q.?.m......b.A.....}.4e....U.;.7......Q....3....M.d.y....c55Zz@.u..a...Ub".B.U..x^....S....@...7....`..8i.+..!.{[3ZW.........s6K.VJ6^Dp<.5+.......~.....|.l..T.K..M.S..`W......D.Oj..Z4......N._,.H..~tV6..KC....#.>...T..$.2.{j.t..l.#)F./..0F.T.sDR...mM...-.......e..U.....f.._..NoK.W&.........:.......6.>#SQ.?..4..f....R...r:.M.2...s.*(.%.~I......3_...h..M......`.D.U..?L..IJ..,.......G&2..9{'.Y..Wm\q..q".yq....X.....K.G5......|..}e.m.B..uA.k"......3....... ).H.<..H..x..|B.<..Tj\.s..G..s.....)n. .g....q[.$...oo.......x$..y.9..j/..G&....K.m.^....J..X........P4J...g..O..,6....=..<.?Y.........A.....D..^dl...^@..O...hj`..d....G.....2.y..78%...^4`.mr.]..<...Zs....L.U?.)..#4..>.N.{.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvd

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120119v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:66DA29F664C515AD5477A96CAFF149B5
          SHA1:5FFC49B146430A97A87C45ED22F6580E99FE3046
          SHA-256:F2CC2F5B6DC35657D46526FC263CD294140BFAA783C15AFBA3D94816E5A30E5C
          SHA-512:83A5D69C787AA802715E359CFF129853BAB32A591EE08C529C14520E536DA72D76F8F37C82873487F1AE88D86B3029CE6A1F4AB3A85E7D0E2EC2ACB1F8E12FB2
          Malicious:false
          Reputation:unknown
          Preview:<?xml.qY.....).xM.L..H.f^.HU.7..;.r..y.}d..A..F.uR.d...OF`.l.....0....-B.{...,.1..G.6.s...b|...f._...N..E=^..,...x....:...8T...d....=$.....dX..O....X.....}...Q4d..=...:..*........r.n. u.7....z.X.+..F^zT{..s.V@^..lm.............%$.&p.6..".|...k...2..)u.tj.....#...Vx..|.....Dk...ep..%N.~.M.d....Z.o.{...~...a.g..nxk.)za!..H_..e....._....^O.}8.=-..N....v#.F.......?....u..`.Ouh..GD.+/A+B)..3..D..X.r..io..O.V."Z3.x..S<...R.a3.`..C..n..'..u.J..U..S5.L.......0,{.;S.....~0..l2.K...4....g.C6.N.}...!Ft.O....]......~...7..0E.>....T.......s.../..N....F...n.A...Q..02j /.K....Ory.......tr!.....\B9R...6......L.....H.]f...Or...X....9..;.......>*..q......W..cRPk...Ew1.p.I..l.l(G....i...-..=o.iZ[......,.=ix...}.....K....?.P..fd...TK<.........yO}'@>.M?KS......_^..dV.q..MJ....T#~.g..=`..>...e.....b.w..>b2..np.:...@j.`>..fG@.!...P|7.C.hv.Y..............;..=..v.F.am~...!Z.2.p.....9LY|...K....0.I.G...2/sa.....3@..i..]..a.Q.\.Eq.....6M......vfC....zK.tk.\v'G[!..p...a|C,.K..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120120v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3873ED92B88356CE02F1A96BF823AA4F
          SHA1:466D82047F98AB8FA1C97CD0EBCFE95ABF93E0C9
          SHA-256:3A0454273F83B4643F98871F076CCAAADF2CADE31039262163C0207EC3AA2A9A
          SHA-512:AAA61A471189D6432D7CFC23AE8C0D21F287151D140633DCD96A6872B51B25A0B8C38C9A6440B38771316C9C195986AC5EB5D96192F28349BAEF5175666CC2FE
          Malicious:false
          Reputation:unknown
          Preview:<?xml....S.E.PD.IQ=.'x...]..f...g)....sxYv.<..\..c...a...|.p..X.D2...+G.U.z..u...j[f..h.e.#C...I..qk|).N...n.t...w... .<E..+.%g.{w..#.....I.kH{P.:V=..N..I..(3...^....<.........6.M.v.".5.v.7w...|.....Q......C#.....3.E.M.G2ST...)B13..`S....-...9..w+..0'....I...\....j!......r.8)6.'.......R..../r..K,v...Q..c....*.~.k. ..%O...W.Mte.$...[Q...._J8.%O@.R.+I]........P....b......z...KY..{....,....7U(3T...-e._./.GPA2*...@..z.......M"..*..|..E.e.U".ti.......>..Tf........=bmRD......G,p.Ti0CD...(.W.....iA.."y .-...A.M+}k......Z.*..H.....C.+.|.]...........-..r..?c5..G1...a...N..{.7...F.....8 ._.I.|.0c._O...z.$.P.-............4.......R..LEz!......;.d...U..>..=RR]Q.+.......]..#.xP@..,i. ..+..v.r."o.d.d.o...+.F....+^k.......S..|...Pr=...KIIP.k&=..$..............1.)d..1uv.#.OG..T...SF.?2.oD%b.q..~.....D"QB>_.."r.v&....2.."....n..t..U+/S.d....../.............:...`.1e=.. ..M&.YY&.*K/.0....;...!...q..b......&....j.A.,L..3..:`..y.B.a.O.<&zf..{.,i..z.@.{v

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120125v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0E8298AF86906EFE27F6A388D1CE2ECC
          SHA1:8090BDEF60B49C169BA6D5AC8D1975990043203B
          SHA-256:998906BCAA45E6A1697D8555AC247BE3CA51F6F2F1C6AA20704F207C8AF43C03
          SHA-512:1AC8176CFE5717B59479A76B58AC71815B55649392153626BDFDC0261FEADCCA9FDBACC0A32C7D82F083D8C525B60D675910A4931EA0381E989ECD354E3E6587
          Malicious:false
          Reputation:unknown
          Preview:<?xml.(jD.U.z/..C......{....so%.)~.8.i........U.K...'r...O.T..1.......v[..!A....dJ.w.....G|7.Z.t.Q..1.i.r=..ZP. .;..#....l...K..j;..%.:.$.%..G,.....F.:f.${.F.R...;...&..d.z....:....C9..u.-..U..?nc.!..t..[....0.J..o.+...f.<!..>.......D.X..m..=.....kD....h.......<S.R.?..*Q....`.......i....-.uG....,.i...~.X.~..b.P..=.....u..P..-...-.._L*y......J.w...:.J.......1..a_I7....yv.Q[..m..u?.3..f.F......1......~.GV.!M..JNk....G..]F.L.@n...|..d.w......s/.%....v..J`.....Fu...7...{%J..xo....W...D.6j....Y...R.p...?tY.Y%.w.,M .I....W..FN..1..c...{....u.....% .'..2._.iG..<.A.,.{..F.(..0X........T.FC..:n..........~%.2..........!...!qN:..b..R.L.d....v.xi.Q..,.B...i.Rmz%.aW7.>.L..HKA.>.2. y..H.F.......8.O...i%...;....7.G">...}I... (.S.>.m.|fy.....BK...{.....oK.k..G[../jBG[..w.b.....GeH-...8.8.=.Y..s.%..q....CA.R..7.....w.\.n....U:.g0.Z.U.!...X.+..<..Y..[U.F<;.....0.....c.=....G.h.a2..A.<...?.Q....>IA$OPx.M.......tm.bd.Ey..F.f.w....w.Z.xZt`O6...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120126v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5540EA5DEE3453808A8772BFF322A273
          SHA1:0A6D73CF11315A74E2C168BED363FBF1832185E1
          SHA-256:5415A35DC5D26416483685C12527FD607652D390A5A84BA00FF87E852B972019
          SHA-512:279C56B8284A0B58B5FBCD35EFDCC2B61183C5ACA42B9866939012E810A9B3346A96BABC775E3A757C77FFBC91044FBC794AFC7F0DBB5559D8179012E992E873
          Malicious:false
          Reputation:unknown
          Preview:<?xml..1'.k.^.AQs>......X.1.j...P..~.$t...tl..[I.W.......~.pn../.7.L......xc.5,.{....c..\......Y...a"..?=.y.. Q.......}.`.. X....P..bA.V~........O.8m..s.u....'*..EN....W3.+/..2..W.FS.)=..H....#.....<LR..<.;.U..Y4.a.NH..3R4[.S...T....qo...l..8>...8x~I_(.B.........E.a....7HgX.W.L?.%Kb.j...w..+W...'rB.J.j.t...........\k.fO..;..>....=K%..+...]|$..w=..u]...&.@.K.........`.Oq........ON..m......^... ..._...Z37.~,...&....../qQ....9b.N.&...g.Zt5E....+.(o.>. .~.....9v.H...e.&......P..9]...xzno...d.x}.....5.<.{.0..'X.^..).Kc....6w...Y....Q-..6.X...s..H.f..r.%.....{|x...[.s....)].48....F.".............~........g.%.1W#v+`~.!P..i)..2.m...G..,K.._C.k.dI]'.*%D..?...j.F\.ti0..2..-V......"&.;e....Y.:.Ln..z.0...|.1Jh..FX.[.@*g..w%{.!R...E..Z..E*....n....6Li.\....TW)...N...N.HZ..nk."../^.3.d[PGjn.?....s..}......7(........K.>....d.k...r....kD.l.T.....N..F.tNg..!...P.p.I..mfA!r..O[.....+...w..h.s..5.h.".:...[{...[....._F.......y....H.{.nI(....rC..w.8Q...}p+BK.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120126v8.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B49F741D4745AA627AC3A318445B1296
          SHA1:1F4D290432CDEDF58DD0F7F0813BCAFE544C648E
          SHA-256:EFB334A21224E0888502437507E2464DAC07640A5FBE417F932C2D18AFE78FF9
          SHA-512:0D746309577125251511B98285EED526B92E86D5F8083CAAAE9FD78D70ED4DE8218870F796FA3F1BBB7D2582D4996863D25633D652A18B5BFCDEDB50ACB8175B
          Malicious:false
          Reputation:unknown
          Preview:<?xml..c..P);..x.8.}....B...a...:..bfk.. ..X.np....{...V...v.l.A........i.|..4.SY......L..5tS...x.^(?.ES.,...+!.g.p...@.......ua.QEY.u.z...rH)...N....4.. ......!*j....G8....tb.*1..*.q......%..#......2*.....z......=.<.V.@.....)O...i.t^e.1....:..}.i.[.....U.Z'.F5.@..yqm....wN.c..G.XjZD'...q.R....w..?....*...4..-.a...%...Xo9.j..w>.F..7......F..;..Y.r.y.#[Zk,y.2..~.L.(...S...'...S...F.....j(..//.!.D.V.+d........Bb..............3...N........X..3.O\X...uK(.j.._=..t....-.G$.e...<.[.t.(.x.w..f.9....V......R@.M.muI....;...Q q..2..B.r=..m.zx...<.Y...K.OZ.].^.....6C.....N.1..3.....E.UX..F....8..i....E.[7s..5C..*p.Z#..F..!'.:.F..Vi..11.%....J...%...OU%..;...H.....].hA%....).!z..D........9..S{.0;6..m>3.#.n..'."...s.......F..bU.R......h(.V.;.q/..lM}L.C.IZ.$........1..N<...{...}.n..C.........F...6.D......|..AK\^.?.j.4>....{}..I.Q&..T..h.. O.?D&k......2.@../...J!...b.....f.w...8.7.......B...............L,.d.M.)o...$..Y2.J9=...e.L...#..ap1W.T.p..fi.....0...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120127v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:15E509C2F6D4C781FEE5903C34AF9AFA
          SHA1:F0D48BD1A3F24AA435306DE27260DB78076E9680
          SHA-256:30AF8BF93150B7A3775B3F648806EED3B61C22F2E906C52B9878D53E9C2B5010
          SHA-512:04DAE26A12175692D149418F0F99BFC0222BF6E3E3A99886180F1CDB1A9921EC63764ED1A243C7DE99D19A14054C3BF7DC4C87F1E76987267EE6AEC1B426C80E
          Malicious:false
          Reputation:unknown
          Preview:<?xmlc..Y.......|.V.......7S.r.{.....H<...G".Fs,...........vgh....beF.P23....&.G.7L8.V..w..&..>..so.+.n.P..8.A%.....G.In...zE.L....C.Jv.5....3....>......zO.?........r_...Hq.,9.>.1..7.....U.q.Y.P..2...W...<.A.!...%.h@...|...nw.W..8..Z.?.P%..k!..lS.S...D...'m....G..ML7..{A4B..6..N.M5. m....$..Y..(...........:.......W....`.-.....j....D....G.V;.l.r6.D..Dt2K..h.$3.1..p..2F.M.....*.......R.....-..{L.]9`..WC...8..{.[.....~.J@..zO._......v..."@.rc#..O..DI......F....}....a>'..zr.V.....4.k...c0Qc]5....*.Y..4I.TQ...*...9x.~.77..-.:.....%..]................~.m.UZGw..P......../.(|.h.om...p.. ..7......!..t.Ab.......M.^[.-. Kg.Wy[...X..o......b.....-Wb...G.ln...;.$3..Q..qh......".......V...b.%7.X..w.......6.u.+i.i..5.J.:.....v..mh.FY.E.Cg)._t.l.....@../sPvr.G'R...s........a^...)q.........!......k.)yKr..e.O..<..6.....'.M?.1.`........OMt.h...LO.W..k.....9....!N..#..(?.6.n...C._e...("U0.5..Ud..y_....N;...T.$PTX.0<Ym.xs..*...eF.....x.....^.S...b<...@.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120128v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FDF5E54FC6AB33E47C836A3FA1EDC28D
          SHA1:038070DC40C3E7D4B9D6CB2700723A5117AA82E5
          SHA-256:2BB2844228F8107E6AA3DFF982A4B514A18AE954D4EBB5575030E58622FE7BE9
          SHA-512:F8DCF32CBA939D816E12BD7AE8052E3EEDBFE3C61EE92F08E60AE764FFB93838CDB89175D1E8CF60DA4571DA0373C58925154B2C3E16CCB7F77E6B8FC3058E0A
          Malicious:false
          Reputation:unknown
          Preview:<?xml.jj..`H3b..8.c...2.4X.O.2.Ul....F%?...'..Z..<..N'K.M..h.<6..m...%.".A.9.b..'.,..-6!FC#....E.....-...95..?l...!...#b...`..N......E....l.g7.A.L.{F..<.4.@_..W....|=irgC.Z..v..[l....C)/.>g*LU..j.p....`S..>...BGx&Q....Q...E'.I4.R..[|lZ..#...=.L....T2d%U..z.<e..:a..U.... .e.}\...Xy...?..X.`....Nx......o.....v";..X.m..u..i.=...e.(b^\.z....J..j.._B3.r...5..s....n......\.......X....b.J.3w%E`.~./T....D..An.W..v.Ul.I.......&A.ew....I..e.`Df......v......x.....(6...=.......j..&o5Nl.i@.wr..bu......5.Z.<.......".n.GI.8.[..%.d..g.J.b....Difh^.9..f.KQ.f'I.....j..p.o<...F-.......7..X...{........m.e.........`...S...9E.,. )c.....B...;..=./cR..q....\.......H.4...F>./+By\...Z.N. .1.}k.!......ws..[e|o..&X'C.....4-=oD3......R.....Y..h..^0.......pgW.hy...,......).?k...0.3.EYZ.....k.....G(#5:._.q.%..]C..w..~y.*fh..zE...... ......d..c.r...>.........}!..R)C...|../j...<7..-.f.t.,...|9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule12019v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6EBF629DACE9628C8D00AFD3A1448AAC
          SHA1:D1E68BEEC32774FA5C1059426E66BCA6981EAF3F
          SHA-256:AFAD2DF88E5321F51C34B07FEAB0D9D012DCA335E01852F9BC37CCE001D17778
          SHA-512:CE86901CFA441C9C36E78DE84E387825D65BAFDD1844BBC0A7C45297AC335A3E8BFEA18A10EC3535E9253CE8CDC28E65CFB27B6C21ECB74FFA536B8554A871C1
          Malicious:false
          Reputation:unknown
          Preview:<?xml.8#..'.]l..R...L...6e..ij.t.......Z.I..)...{...J...?...G......S&$........G....V...j...z.w.!....W*.....Jg...f;GYT....$.H...O...Z.....)...!.W.....$ll...l...:....B..A.>.R.OTC..0..\.1I.!...npYZ..k..M?.!C...Ev...s/P..B|.5|R.\.h....~\.3...%..e.....d....V...Gl.DNz..l..xf...`7J..(.<. .e....:I.^.;.7._&....|....n....vz...1."A..)..*..^..V5>...~..*dR.6....%...9D<._..`..1..I.....}<..0.._.I!..........Sz.AG~..@.1...H..p.;cm.i.9@.a+..-.e....h...L...i4#y.....*.....T.?..s....L@D...t....{.....^.;.X..G......t.|.....G....s...=..>%?.B.5",J......0h;-T.-.<Fc..>....dH.u...n....-....B"..n,."....!...yA...wf.Wt..-..H......6.......T..[.4..ra...'r..W.FS+P.2y.9.#.!...pB.v..8].B_g...]...[..8.....O=...Y.a.~@..d.g.lD.W,x..2$.[...Q.,....Q.g.O.......m..2YN..E........L%T.r.|.+.O..7.......mi).D.8...!..n.W...C...I...D.r.S....K..;.3....{G'a.:.F..R...\....'..O@qZE...S,x.,~.s...\e...A.R1..Z.2D.v.AS^<..+,.Z+..cb....7. ...d...c.f....:.s.6%.t...#.r.B...d#...8O.e'.I..hR...(...:A.d....

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120201v14.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DC9EA426CAF1C40FD49D4F6F5DB0EC52
          SHA1:55D075C74187BBBC6C190B138D82A570266818C4
          SHA-256:30F031A0483C1C5D17C65CF683B71CEA003FD02F8128E24A10197F7AAFF27E30
          SHA-512:8C606C6266D0200E379042BF8C3E638AF99B1B967DF1CE2D58FB344F9F465D739839876974E44FA92F4803EE5EFCC729C7D8C5C5FB9F39D0964BE574D7280F0C
          Malicious:false
          Reputation:unknown
          Preview:<?xmlnv.."..i.1:W..H./.,..V ..*d..)..x:....N..a"..r..h.._...O...d...C..;.M......w..kx#]...m;.T....?..$..e_.2..&rh..R..L"...Z.Z..*,...yn,.I!.ads.B...]...[S...z...F.!..P...=.0.%......CI...i*....4..$.W........y#..(.2n.N.(-.x$^..Y...f.{\...|.*N..R.~.....y~.E.j.. ....}.L.].....\.8{.S.#yV.1.AF..X=.0........ky...4s.b..#.&".q"..L..2I..\2.{gy..r.Y...`.JL...1......./L..2..Z&......0..c...... .....>....\.-.{...ix..T..f.g....iw.4....>..n.......g..){*;).G.*4.@....[kR..3s.0l....F.Q..`PS.Z ......._..". ..p:+}.Z...!H. *].e0....n.V..k..5R..<..}.gX`.o.....b.A&..u..h.U.....6%..P}E-0.J.I/y.=.U.8.x..2..a.8.W.....3.D..Vr{4~...,z.7.3..A..C\#Y...<q.[.?..3..^..b.d9....."5.R.>..IhV..'e.....]e...NQ..g.+Q...X..rp........p.\.5.h._..P;.=i....MT..o..z.e$.....&.....R.Kns...[P.#.....~P4...>.I.C.K....k.M.?...................(.G...l..[....Y.,...x.j.p......)......t.......li}....*8..A.G...UwW..d..k.u.......(...Z...s+............).{%.L......{5..=.....^e<.".....}..6.f.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120205v11.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:541DE30C3ACF552525D03CE4D75D5B97
          SHA1:A69156E76F4A06ECB8C42BA81FC9838C9DBE0910
          SHA-256:91C6C5B88EA990ED46A832C0D542573D1C13F6DBC1B15AE5BDF826799D4570FE
          SHA-512:0450EFC66A143A86DC0F5071F14397694735EE3AEB63516C5E20C7A5F2D0FB5B56F5363CA8BD097E0540DBE1AE3ABDAD142D2F52F2D64E298202522B5E9BB375
          Malicious:false
          Reputation:unknown
          Preview:<?xmlIG..p.=......)......S............#....r_.Z.t.>P......@.2..XC'?ib_{-...,J.WEj....".e...~..*.|..C........4.{H'.L....F.m0-u:...f(.#...+I..}'.Tm+.P..G...n.........iuJq.....8..Vp......f..)....=`...U...{T;.W..\..O.m.C......&3D..l.>.....:.....=...=.......h].l..E...?....../....].X~2.....EMnG%...%x.;V..']........yn.l..NZ.f4!...".(...==....6~..SSW....|....T..o_.&..@:..I.>Z5.36.R...U5rqx..o.w.x1..j.&.r.B{.....e.vx.x..t..{Au....>..Y.8"...u...s..m\K.`.s.R9.0.v........)._..E.wr.(}....d..>.u..:^U.Y.f...v.$..Kx4..A$j.....J}..7...\.]`.....S..?.:.J.v...:.3.J.f3.....0..@...U.bJ&.. ..z..^...0...D..a.bl...P.o&..q...u....1H.n....Z..0........x....7..j,(..\.ya.....h..`YX|.b..2.h..0E.......4..uP.....bs.1b....<.s........c....ne.{)..5.k...0sU......Fz..1...2...a..r....J3....A....UMk[.|N".hS.i....#..\D....f".\......[.V..[.C.8i........d....EK.b(."l_A.X.|i.F..s.KC.w.J....;...['o.ti...g)%.w.B|.dsW.......\../U)".a|t.....j....%.=..+...K..w].0.g.z$.,.....M.26kUr2...y.5.H

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120300v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4D137076BA5CB38A7EE42F6CDA0909BB
          SHA1:74635F47338EE19AA0B9AD78CF168D6618F5BBBE
          SHA-256:9CACACCA8D78776B7051D009750C48FCF40692FDA98B7A49EAB46C558AF820AF
          SHA-512:3AB604EC56F851EF8AEF571558639E295C8BEF4B1A7212AEA8D1A18FB344A4B995F0AF84C6B366B0F2504F9207607287D025099FE12331348B97BB7B272B4192
          Malicious:false
          Reputation:unknown
          Preview:<?xml/.@..~c>.N.. ...d..W}Q..M..o..@w$.V...(=.1..@..Q....(@l.Ga.+U...3. ../.;..D..{...^..e.<...2...[...\.gc..e....Ca..O....F...0...f.$M>......0...5x.T<m.~...A.v....|.Z.Y!..8.)..J.../;.C..J.>.X....8.F..nL....Z.o{Kh<[.T#.V....\V.*....$.d.F.......MF....B..DZ/S.A.B...I.^.HNg.....QV8G.?...4k...8..3v6.W(Wu...(_.zT. +.q.......q..R....h.o..... I..m...T.s....H m..9~..M..;Q....E.........9Y3.rNIf.?...a..gv.H..c..R...6L..~q..f..Dr8...EWdlaq/.5......L]..eI..WDv....?.B}.....k.n.+~,.Po.UGs...<......,.qD=.e....l.8u.}I..jm....}:Z......e.M.u..45.Yk....:Mh..7..R.....)R.s.n.....|^|M...... .A<.....&)".....o1!dm..0v.x[f.].V........t;...4.Ec..R.......yV.u.Ol[..m*.....e.{...*..!.Z.]Te.<......L..&U+..v....J.4...F..n..r.9..n.sz......*.|.(.n..P.n..UB...Q....U...M.g.?...p.R..y....6H.e..xO8..)...6f.t0...o....B..bU)....o...,)...C..t...(.'........c....B....p|..Z._.}......k.+..E^...F......y0....Kh....z...a.)..)d..^.....ca......r.......J.i......4...J.*.z.``.g.FKL.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120304v5.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FC10FCC21C9036BA90723B622211E9C4
          SHA1:C33947D20831A2A4B42710698492F5F28268650B
          SHA-256:64D70DD65DCDB7BC81BEC1F3F6A998E5DCE39A9458B4E3A868497C2437568178
          SHA-512:AE04D15439B47EE16EB372ADDE6B5CBE8C0950526971C40B59917EAA38F2120E752FB9B505467ECDF68F0C1D09A4948B488BCF267E60A9ED262990273B8E4F31
          Malicious:false
          Reputation:unknown
          Preview:<?xml.lG.......1...I%.].J.P.HZ...{o.@l.......G.... d....B.K..*._d....PAT..m4>2....8..`_.j4Q.l.1.........t.m .1..`.Y[....."...d`...Y.<.R},....p..\.T...8.oW...j.....~8Z....p~....`............V!o .A.v..j.)...F.gR.w2(..........gw.!.n...q..........d&...Zd. .R.y..ap.t.N..x...&Z..:...F..K.3}.#.......XC..hDE.....`.P............I......>.\]t....K.>.y......`.g..(.&...?.AC.yJY.@..j..;...%.n..c./.D...{...7.x.sQF.xM.*D...,.IK...I.CY/eb.^.g.}c..hn.5.x..U......=...qG.(NX....2[..#....~.......@;....6...h....E?......o.OZ....s.....G;.g...v......m.8.U.....@..ehU..b..}...m..Q._us.X/{..cJ..!..........yk..v.G.S.._.e9WA.....*..M..?.1#...l.U..:+....H....../..1.a*!..h..,8)0..`....P0.........&o.[.UU$f...$D/.q.%.(..e...:g...Bv.....6...XpT7M.1.k]...6..\F......W..x..u.0..^h...t,.%&.?.\o....T+4...8.a~.Zb..[..q..z.w..Y.R#..}k4......r6..H..Jq..M.E..b(.j....e.c.C..R...{.Ql.....3wm...'.[.@W.9.Q...._Eu...=..[..@.i.@W.. ..{..%R..(R..;r..q....{y.-B.1".....K5.qf....t..o[..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120305v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:413503B5D0C0DA99A3DC9227A8F41093
          SHA1:7E606B2B01BBFD075C190A83B39C6425C350B6DB
          SHA-256:6AC58B57CD29D2B144364B5BF515C26D9F7DD3B6A22484BC5119FE95EEDDC210
          SHA-512:F1AE6386F17B5312E65A15EB7234FE86965A01A4445875BE78B548C2A2D316995B3F1B77EA5057CC92198E2A132026FF579A87242F4330FB57E35C447525C3AD
          Malicious:false
          Reputation:unknown
          Preview:<?xml.e..<.!/......h...VD....T..e..6S..e .HW...@......:.5...J..Py..v.H..&..+..........hq....[........`.<.^Aa.B....U.X...C.j.'....V'C........L....~~Fk.....ron..Q.%..ru.Wr.0YYZ.A..sN..O.-..|$.6U.;......T..g..`........%|..L..7...21....`.....h...1H$S.'G!..9_1D..Q_....5 |........|...h0.aKW.fM.Q....].R..)...(..l.]......e.H.W....k[d..4.G.y.7.=...0b.qG.......:....@.}4.;9B....)...I.|r..E...!!.?.C..M...Z..q.]*.D.^...:.J.q.O.;...@}IK.G...<...z7\z..K.=......a[.G..q6(..I..?.1Y.i...%..\..r.$.q...<U.....$...$...%.2.1.fp.I.j&.7...LS....5.F.).>FDb...^.K.h..AH=k.........A.9.%wG._Y...F..Kr..9{...$G.F3.?".....rHga...G..k....?.......A......P.SZUZ.X.$?.z......|...*Z.n...=.\..^pJ+....5......#.4..{Jl..n.k....3gLM.&...1..!....a.J......e.......C....K..'S......7....nT.......i.v,.O#.<f..<...................Z.V./..$F.4...F.6...R].%.-.-%!,{..l.0.y.g.Y..y.....-9/g..O........5.Nk$.Ld9......'..@j.{.1.X[...T..0.N`..s5.J+.....f l....f...]~h<..kv.8..a#.....I

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120307v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:321DDBECADD6D68A05DCE1F484C20F21
          SHA1:271C07C1D731AA2EC67F19723B5945061F8DD900
          SHA-256:F565B5C7E6654FD71A69208AF7CE1D0D11DB6AF230043E634F7CDAA7E4609361
          SHA-512:82D0F354A4C3C0C5A60D5D29C5C21781A5AA203C3FE89E74D317476BDD1481825CE8CDA3122C9950744C3CB05DF81D5E239474EA43D1866FCABD5DE6F058A8D9
          Malicious:false
          Reputation:unknown
          Preview:<?xml..iC...k.I...Jp7....<]s1.....v..n...~.6.`%h.Ij.*3.V..5.i'A...m.s....ds..v.o.....>...()P.sIV(....{......Rt..#"..iW.rV.g.."..6...Q.....q..l4`E...a.*.$.H.).GQ..y t...s.#..!`~...W.8!@W'| rzLbC..}.E...VN}. .Y.......U.>.l..C..M.)j.)I....[..FIS.y..jz.7..|J..F.......ao.X...D.=.YV... .P.u.gs.|f..p.l.W..Q...... G.~......-.<.....a...'....M.K..L.....nRv.....*..T....e.!X}..$.<.;....>p.;Y......o\....I.%m.K.&.U./.!......>,ca'.r..]....g.../.Ar...O.4.......@9...U...p...#9.e.*m.#P"....Q....|..V..X_..6..NX..*Uel.....Ub.}$Y..a..gC..O;..=.V...<G.(.qEX..C.Ie.[o..P..*;...(cS-..6|...p.........W..T.....J..%..BF4.F[m....8.&....Qll.kLR}.`K...v....}6.....yAF.Xw.!....y...7A.V.O^...N....s`..-w..qC....TEX..n.`3.9.=....qy&..Bk.c.+g.wt..Lr.bH.%.Ea..b7.......#.m..Y..).!.....\...~MH.(H.S......t.....]..M...o.R.....Y$....~.v.j...s...'.k'.x.&.(..."......|8U..I>s{l.~S...S.&iA..............3..5N..{..5.P..[a..'x..<...y#W.O>.R.P....`.Oz...:....e....$.)...f..4~.C.q..".Y

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule12035v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:205702C3576DE406001DA45B2107A696
          SHA1:118792ACB30405131DD20204ED20BABB4AA917BE
          SHA-256:51944FB6BE283E139F02667BD2BFE6D77DFA07523E7A5CB54D6D681A488AC5B5
          SHA-512:1D92D2304B526122CC91F48AF5EAA7999A01A276D8A6BE0190352E37640F995CB276BC54893146720B7CD86414440F203D5991F354559DCF9D26AAEEF2A98B13
          Malicious:false
          Reputation:unknown
          Preview:<?xml.......m5...]../D.l.....g.(^X3...!v.rj..zcF....#.P....,&.m..Y........?.H.O...w?s...J..c......|....C....6u-..J....6.I.[..[j.0..s7...S.z.5...!4;....D.. ..d.H.....A..m..m..<.R.N...Y.ZSI(.}4L.r.PO.p.V{z...bm.?..r..?.5L'_NN)9<......*0.H.Q?v..e...u....Dh..!..P.s....$..PbO..k.1A6...3...{....r3...UJ..% iO}.ZU.Mk..1..=..o.V....")....-.UR..c ..A5...F.8.i.B.)..j.@..@.U..h...S..V~.w.....0sH.)..?CJ.`Kr_..../u.i..1(..T.....Z.Fc*.%...}..q.....s....3zK.*...0j.....z)./...H.....,.....Ph.....`.....6...mF../.=#,&..%...Xy.+[Y..^'".....]d..3.X.......z.M....G...p.^.,...z..IO).k.eKZ/..!....g..+c.4i.j..gX.l..6....W|.z$...D)......&..Sc..<[..q....r..VVV.u...zA.......c...Z............I.f..rK22.|.U[.....k.:.|.7.|.v.C.X!....S..]..6.."Tf*.>C.[..<...tr4..].......WV..L....'......2..J/....&.15#.b>.omc_v.i7.$.ZZA%...3G....iG$...2[...}.J..,...4.a!....Yt-...a.r.O../Sn\."4..a&.q..G.S..<|L.......\...J.4.{..)....4vIQi...8h....1'...1.#[..'m......i...B(#...c....-G.......K

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120402v21.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:558CB35340CFB48F3E0C76BD6E20168C
          SHA1:EF1ED4412F13240C1DC26A8506DA2F24426E1E76
          SHA-256:F321044A51232290E8AF291DE1B519A38CA9E61D479CD0ED19495B9A0E459869
          SHA-512:CA7599F5A7DA62B56A7604FBF506E2558451E20A5DE36D2CF20D0C86FF087EC07962EB700840968C4736AD68DA65D7444287007AFCA863661FA361A14611CA24
          Malicious:false
          Reputation:unknown
          Preview:<?xml.Y3..%.d@W.S..O....;....H..QB.G1z......P.k..@...L.E..n...y.BL.2.?Y]..<......J.l}k..{.Na....B.`b.<..6."..jUf5)L...X.I....I.....T.zF.@.IJo..da[..E?..2v.a(2w.q...+#J>..5c.+....H].L..d2t.....k.Kj..~f.."3......z{.V..Q.P&`..........1S........D.Z..R..>j....b.....}K.^....eXP.....,$aT..4f..%E..>.z..;....m.Ld..yk......:V.f.......>.8..+9=..?..:.CR..mr..k.W.1nS..g.D.l........Y.....gh...,..K....>(..r{.A#n.x5.J.|...X...3.-...(.*.!.\5.^.~...t*.D.N..S4......+........h.r...8Ep.p5+!_.a....!....l.9!Q..iO......l..X....{...8..4...P.k.J.k....L.j8...?._.c...l.G{]......j.&-.C.......&...,2".iC.. ..f)..Gx......F.3.tXzWCk..%f.y.H...S.......:...,E..[y..Q.h.?{.../.]..zO...J^.....a..|9....Ca:P...2.....:.}....`k...%....d...z;j....e...\Q.&....." .Y..u.(YI......UAf.y5....s..\....3;4#..)...rUy....yB...........)w..O.4..A.5.R..u.v.3.:.....F..8^.(ecl.Gn2..Z...Z...M.s.C....p.d...:.....S..9(.".....m..|qe.G.....].]].a"...>.....#J<.W.../...J=.Y.k8.[...f.Vn} ....

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120501v17.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B35EF87E0C575B6E71A10A4CA2321125
          SHA1:CD287CBD2CA9519287A9D6FE5716EB19C03033C7
          SHA-256:CB57BD2AC65FD6B212B7C42188E89F117B931F62041130E46866E7CCCA825505
          SHA-512:43096CC91DE8D5E345AC9B3BC218371944E5D9A3B1335C7AB28A8F6A1C4469DB8812C1FD8D485AA70F4B565CF82010BCA7FA3D982E22EC20BF54AA25A7B5BE86
          Malicious:false
          Reputation:unknown
          Preview:<?xmlW&......."$...(...SB`...%... ....%..r=hU..Qx....fx.!{.j.T.W.P9n.o..F.F..#....u.....ad.......i..o....^ff...!.2.C..t.b4H&m..S.}.."..+X..42".T..P......[....:.."7.......I...G.PVA.......v.c...~.Q.M..."..M..?m/..a.[.Em.$....g..o=s..Q".w.d........qh.+.T.[.0.h...g./.....)..f.mX..._.4O..u_..4$....:.]7g$..39j......gyIX{..:b....^.........,..."... ......-Z.)..__..v.w4..\o#.o........FM.aJ.aQ@<#....5.M..%...GKJ...1......||.....X.PG.{|.!...w:..Rw......cb>.7.v......q....2lQ.b.._^..W...U....:..2I(.l...9...K.VIRf..Xs..1......t...w....b.G4O..S"..K...h.O..XADcz:./...a........+.-..@.=L=....,c.}..4.P......}.h.Rf.....Na@sG.C....o`..K..7.9P.#...j.;57...W...#...K.79"c..3......z"..{..{H....RX...d.!...9..I..n3.."...2?|:7..t\.x..~..v".......x*......M,@.........jc.....+.I..t....6......6/...o.d......~.9...u...;aP.....6..H...S7..|.L{@.kK%+..0.C...o$E....NK..r..A.V....z.v..f. .G^1#.....'z^.o...../.%q.S.T..0."..S...~.Q.....x..\.#E!.>......4-.k"j.'q.....b...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120600v4.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:376DB892FAB819CAFBFFED2540A85FCB
          SHA1:9ABED9FE136C5DABD34FA7275A1AD68455D228E6
          SHA-256:955B2CFC0E052EBC7F51F29930E4A4EB3A1AE2A90295EB1ED151BFE2E53BB2BD
          SHA-512:6A3508B52AFC05102AE469BCCFB79F895554CF85F3AF33AAF0B476A823C6B31B04EFA72D3D4339C4FBFA820FE337D0ACB44C5470426494048B77E74A2FAB1D3C
          Malicious:false
          Reputation:unknown
          Preview:<?xml.^G#........b.*......>?..8..;...Oo...@..4h.[...........f..$6sd]{rk.K...81j.Yk.l'..y......z?N....L..&G....Q...ca.b...@.&...2..R....`.:....#.....!2._b....... .L..vk....85c.4...|.F.F....f.4..:.V?5.2.=.~n6.(.ls.. ..,..G....L[w.QD...#B.6.k.....wSh.y3..m7..@.yU....=......Jx.-JX..gL"...A1... ....e....>..fO...?~.6m.4@....]l.....&.P.,..4t.-..B..<\#.G.........pP.a.*.N...(}a....fo(.;0.%.S.@.e.D6..K..y...a......>K5.v....l......g..iwJ"....n=Z...C)...@]...h\1.+n..7....rF..F..._...Wp..5..S.\.3......\....L..6..3s....O....{*....r.q..q.#.o.A..6.x..I....iT....n.>.?|......h...O|._..S*/...CK..[.N.z&4OKC=g...{i..,...7..K.Y..;Z.y.{...bD..E[1.c.....U#.b..d.I7...5..iR..<...?.9.....A.Sj1.t.....\.o4..Yi..V).U..]H...&....9.a.Dp.....)..5.8..A..-I.<S.x......I,.<M.....!=.=.].Ik.=D...Au..W.y...p....|.8....Ih..q.fQ.D~#...<..h{`...=].m.. E@/.. .xF2kr...W.q4......2"...<")xHAr8.P/n\Mb.....L..<X.4.\.;.b.k.\...#..k..!.+F.GCS.=x:..[g.z.1........S............:.NL..G.#k.Y."A..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120601v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4EF56E513803A381B24AD1D33DBC9CBA
          SHA1:2721F33B4E733F3AF3D670341BC7926ACBFCB86B
          SHA-256:3466B7AE8EB68E499F692848B47E0E2C6111AD0FF8ED71DC359B2D662D256BF8
          SHA-512:111A94666D8A7EC2233094CE9F4015140E9A79EE328BF6F24881D4BE01D9BCF5E5F2D9D8F6C8AA65E741A54F7DBB61E1B6316BAC22E2AFAED9AB6347B5DD08DD
          Malicious:false
          Reputation:unknown
          Preview:<?xmlWd.}..s.0..u..b.<v.#.k&..{p8Y..EjI._....>{........j....'T....g..S.d_..F..L~......"#&.0.^F..e..A.9l..f'.b.0....n.e.F'EK<...<.9..M/..).<..O.),..Zfw...4..h..C ...$=..EbVE..\..,2Vm...........y.L...P..*....}X..r#6.D..C>.r...&.\..........R.B.\.Tu..}D..;..}a..?.S..8^.g.........d.T.Rn.Ch=^..,..!.X.L.gI....a.s..*1N..1...65..35@.:Qf..zB.;.Q\Fa:.....v......k$,`O&....E...N.s.U...k.8`..nj..%..'..@..0.++W...Gh.F...].N#.|"..hRR......B.>...........K..n....H.)..{p.<vV0{0n.~......:a..D.F6..un.b..:...VvE...(&.dM-.....Nx.p>(.fPW......J..Y.r....3.7..5..@.oy...u.H.b...}....6.Hm\i..I.y}....G.!wD.`.Z.,.|...#..........U..Q.U#/.2.%&N..A*.w.J.*3.}R.9...<HQh[.O..S2s...,lV...../F.>.W5v@j@....iW;....1i$.K.2t......O......G.$g?.0..".W.. p.V.....t.........b.~..'. ;..d..F...>..!.Pf=?<.5.f<.\......1._....dZ.@#.).Gb./l.....~.....8.e...E..E..p..sH....%)..wxw..|.6.`I.'.".n...:.w9@.Z..<Uw.3'....E.=.Tv.B'....c~.o.m...i..6...&X.=..S..?i.&v...|.........!f....[Oe.].M.....V:

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120602v8.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8516E5C13F8DEA414BE63A71D5B2C534
          SHA1:36DA494A4EACA70DA5F706A03ABD2071D01455A7
          SHA-256:6F2B9DEA89CE904657DAF341DA67FCD484E9640EE89BA14368D8E4856855B6B0
          SHA-512:D6A24CAB8A8A5AA287DE02023C00E56EC750E52D7991BD6E133A8ECF1A8B318B25758D7B364B4EC5623E73A25E774E4C4F2CC46C73AA520AFBED1BF1A7346818
          Malicious:false
          Reputation:unknown
          Preview:<?xml).....?..~.=>.....Q...WI .H....b..x}l..).W1.B...>..Q....j....%t...[.. .*..1......g2O.N(^......E.......3_......D.'./IZ.t.......'. .2....]-\...q.'[.o.)Gn.;.}mL?..e.i..?D...^.$...V.mQ.H..ev....W:e.h.....'O.&...B.C......zL-...2.sK...G..5..[..ytN....RWU{:A..<.(...AV.Y.2.Oc....3.x..D.y~\...C..Z.CH.,.I..h...'7.|a.*+.....@.B!./...N1oK.x....U.*....n[..P.?ny...M\Y...h..........$........u.3...)}4=|.[...}@..m......V.n`hl\.gn..S...~-...s.^~.h. .u.;...}....B.=.}..*.]..JO4Jn.).....y....d.b...v....y.o.m.Clc.2#.P...~b..........)4.yK..sP.g..;...cZ3..2..,....+..&[..vL.xf*]:p.T..^.}.S....F.R..&...... ..-...("..wMo!......d..:..T.9....V....0.>5....im.o=.+(FZ/8...8.\...(.Fr8.8......3....R6y|.......%.]. .5.=..=.L..A^Oe......=.L.`pSS,}..P.}).s.em...3:."XK.........#..d.J9.()y.@.VK.#\L.[.6br.N..Z...R8c.>X....3...<:.....@#0.......*..Z. ..i....B..r2....FF\(/1<..!T....=.Q..Zp%.b..Z}b..*.........s.........$.....iW.Y.i4{...".....xT....d72..$.X..s..e.*....l.|

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120603v8.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C73076316C4022D6C7351215DE26F855
          SHA1:21EE1C2277F5E601FDA22DDD5E39C76DDBEA171E
          SHA-256:2B28F9F5EA9F789227CBA6AF217914902BAF4DC1422B60F3494C973A097F397A
          SHA-512:B34C51A768ABD84BA4832CB807FD62964129E7F83822F31580611E24C537B64A9392777C067730260A08E0059F4595032C641FE34A8547C524B0859523C39300
          Malicious:false
          Reputation:unknown
          Preview:<?xml..7...$......%.v.....x.y..S'.GA"...I].|.6;.?F.g...\....Cp.qO...b....l....734.q).b..p..i?Cm;.c..fN..&8.V.)2.~.#..]..9S.a.<.T2...S.B.]i$..K.Gh.$..7.i.8\.:)....v;.@.3.....5Z.J...f.......g..?w$.v...h:...q.2....'......(..mL.@i......J.... ..).Gh.........q...\.f...=q....\.......YJ.L(.....=.Ei.....a.W.%.If-f..."C...eE'...=.y.`.G...........u.]....UQcQ].z..w.R......sX..+E.K....._c}Kf.xU/.`EY........s.j..q;#j;d#..U..\.?/...n....XV....81.^.........]..a).../+R'.&.(.dTz.....I4..Mh.s.4...v~je...B.....^i>..|..0.....V.g.m.Sd..=..O...O.-..Z.I\...f?GK...{p>(.].d...#'....y.HQ.+.....GW...}..E.c..@....g.O.J...;sS9.,....A5E......C..?..b....y.....9..`%U..*..">g.`.g.......... ....3.)z:].z....)....e.W.......p.t......7.K....0..YG....4Q..+:d.{.. .GqD-.tN.~....{R<....^.^.B@.......E....G.8......X..}......."*...x..wW...N.J...@x..$q.....9.xj...A..x.,.t..F.U.N..:d5.,..\lcz......1.a-U7"..<.......{.Y..U..A..7.>{}5.l.]0/...,.y...l..=..E..~.`oD...fR..SJ<...,.....St._.!.......

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120604v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CC2072085D0D731B89C0DE8D2988BD94
          SHA1:614831AA66935329E9664BCE812E7315FC76EEA5
          SHA-256:F9A1E06A5E41E8FD27A32D8D053EB9722FA164081E285D03DB211AF55A7CA3ED
          SHA-512:E72E5C3D20B190F04BEA9C599F48F5757876EF7EFD61DF9B3DE373FB484AACD60855FD006554358610158F231C23314F9A4D62698021B0FE02475B8AB1FB4318
          Malicious:false
          Reputation:unknown
          Preview:<?xml.T...??j N..@.....r.]*..Is...W..j..#..f2....j..(..u.....MG.}.:........$&...d.T..=.q.:g:...#0.$....Fg...O\..<..&...u5.{....d&.....o-[...l.....J....M....T..m~...V.\.....T....b...S.../.9.m.[y)..[s..a..!..A.q-..}Pm&../:...<.y~.>.../(..$..l.[]...=5.u}.E.g......?...P..n.2._yU...\..+.......N&.......6......g.H;..I.W.S.....idD4....BTry...D.{..XZ.x...+h.Ng..R..D....i..?v...Gc....%.........'<..v.).|....._z.w....jJ.N~T...5S...Z.b,!.......3.-p..7...P7p..d....u.....m.|..\a.Ll_.pG....-.S*m...Q.a%.?&....C<t.G.w.K..o...........k.\6..Us?...c.2...{.....*q2.y',.bq.... ^`.6)SO.x.... 7.H}.1....k..%...m]R...,...2..v_..q.Tx.M..|.mU.<.6$1......U*....(..v\..h...H..7h.n.bu..K.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120605v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4D10C4921B38DA760DEA51115FFCF11C
          SHA1:EAEF1F74942B9846F3A6C29112A512F2CDA63B86
          SHA-256:2DCFF8574D116788B1008A64BA3190063BA200B8844BFFE4596FB60757777CDF
          SHA-512:7DE09F7BBF90348BB6A18A5B44C717D2F31C8C5FB30386230E306E4D94CFBF4C2E19EFD67B10532C3D17F1C8B24D1ECE44E63C299D69172A15AE4D4C0B634455
          Malicious:false
          Reputation:unknown
          Preview:<?xml7..).8J>..').y...s..C.......n...F..t.sF....|......T......L<.2k.....S+a..B2.d..Q....Rw..S.t,..$."l.a...F..Q5Z.G*.....l,.sR..lHV.U.8.f'.@\..z.7N\n.s...1..w..)b....1e......K-<`..m..s..g...../E.R......V:..m...#.9....a...X.).S...q.`.f..Rc.;.....qUPh..,.b...X.#..8.....0.X.7..U..I:.;...7>..e.L...p......r.>........{.mE...e$.3l.....u..UM.hLi....7.p......N.H.V.J.s....O....G->.NU...f..s.Y....g..o.s.......!..t......+.;dT....1.f~/...K..E...&........g....V......Kp.....V/\&......0.uT..PSP..ka....y.@..&Y.RG....nP..`........f"..._3.n.[....v.)%....D....p.NS.....3l.Q..<|.u[.t..~....aU1....V.qp...&.X.H$.5.`.?u..Q|..5LJ....^..............8.T..\PE.w.i..]'i....X9.m....ya.....u.....Mt........1i..F>......3.1[. ...8..A..`..........+Q.*.L..\..!,.N.!z.q....)b.;...P.S.E...At....&[O.N..}|...H..R.4..g..'X.D..M.-+O...u.y..1K.o..Ou....f....7...S...l5.B7.T9.S.W....G..*G...hJJ...e}.....,MeK..J.2.0j..9r.5...%."T..P.....Ss.N....|Xc=.(....cR ...IO.;....L..u..Y.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120607v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3BDA13D721851107FEBC0F19F5DEF816
          SHA1:3AA6488F465F8961F0D9227EF2C4F019888C13BC
          SHA-256:1415ED3094C50C42E081845C353B6CDEA0D2BC05C63ACF4795064379C30227D1
          SHA-512:66CF0EDA8454B9D4CB60514C87EC1DF61DE5CCF6ECF59841996021BCC7576317333C39580AED86E239B0B260B5315386B2B032B0E6708BC0A4BC97F7CD3CB55D
          Malicious:false
          Reputation:unknown
          Preview:<?xml.>&7w....s...vB.._Q1.y..<........ %D...OL.K.;8.7......^......Rm:...y...vr............@.`z.k...pf...v....`=:..~....8........$.@a.4...,f.$..*..I....h..6. .@s...3..J.K.O........X.y...7....KpxG7...b<g..@.]..b..%...1;..bZz.....s.At..H....G..y;........F..fR.9B.B....R....%..Z.$.w#@.R...g.+=..I.=N...J.JW.V."-.*|.{.1.C}.9.w...T5....y..G....$.O+....)L...Rr.A.5..#...R.Eb...U..n[\I.x.*+....Z.....f.l{,.`..J.m.b)..p..f&E...-j....4..EO...:....9..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120608v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:46DFDAE256A7CBE05BD034362CBD12B9
          SHA1:39207814EB89C8AD33D7E4D6618C8B4030E4CC9D
          SHA-256:93C9FE9928DC4B5E69855AD1F0F8A6281801927BF3A3AA84F439824AAECCD6E0
          SHA-512:2319D491ECDC2FA4566A2B37410D2F7D8F76108961A4D7DE3043A1F7419B53D633293DEEAF57F4BED1ECBFE57E740FCD01B81DCEDECBBBE556CB9E4D4E64441F
          Malicious:false
          Reputation:unknown
          Preview:<?xml.4.......V.X{co6.M#.B.)...".z....n..`.?c&!.S.....G.Q6:......./.s.....j.1Z....e0.%^i..W..;..`?.!....5..:+.u.Wt....f....>.k.]..F..`}V..U....F%.-.0;..p...N...H.`.#~S.-....e.F=.........r4H....M...gkT,.I.../...Kg.,.....+..@...E......x.H.3z^.."..3....gO`.....I.u1.b.......U....c...*T2((...?..eP.Y.T...G.j......t.......JL..I'.).........!aD..O...Ym.m......Y...Dq..u.F....;......8s[.+.".Kza.......W$\.......L.........o...v!q....r_-.:q..../.....0..`E......p.Zv5&7.9O.....S....2.*v....7.X5{..!,.Io:..Y.2.S.s.(...1..9#..:Q......!..*.j.U.?...Rc.4.m|.5..x ..i..Y....0.&...b.......2.....k..n+.....}..l.......s....D.4FOz+.!..._?....,....8.l....5Y.u........;.......@)Q...8.B...G.H..f>o. .......P8.k.5.r.....Aczm.O....b.*.k.......q....Q....c.2.Gl.........8..\zYE8......[.e_.9....p4..x.:,6.~....Z..J...`..H.fMo..........~.4B8,..........<.D,...U.;2.@..e.b. i.!.tH....XJ`._.b.~^J...a....%...F.>U..m.........T"..c..SL+.Q..X.o6bd.X._..Sf.. .zw...{vQv..>.g.|5..O< u.X.NS7.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120609v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6FD06A978022268DC372173AC28A0DAF
          SHA1:77692FA5AE2B5C7AFE97B41D79BBFA65C066A2A4
          SHA-256:00875A5D3AD7AA2E15CF635EE9D2AD1BD7B2CB87AAFC5FDAA7A1DAC8A326A063
          SHA-512:066D08DD3ABE8D0C04272777845D46A32530B2E0EA2BC794C90DB3EF68354D2B0AB0C9072860CEAD4831376AB89317C75496E6F599842C0ED09E27C72991A04D
          Malicious:false
          Reputation:unknown
          Preview:<?xml.L<sv...H...E%...,.f....x...2..o:nL..u...q.Dy.E!kK..r.....z.+;.*...y.#a.#..:..-...&...L..g..p.}x....V......zS-.Dt...e{|.&.'..Z.^.\~.Oa[.}.*_n{1........).N.Q{...|^N.._i'.)..}!.H..a:M.....@.c..Q.P.%|..P ..n..........8..Lo........;-.....6B...i....4.{}r#.,...f.i.z.......VNFo...A..).."...n.&b...!.$...$|3Q...>G..)."#c.*|}.t=..K..-...f.^F.P...jp..Mh[.$T..4. .....X)Y,.0.q....Y....5/....{.Q...<....ex6A.....K.1..Jl..ly..BD....:.U.....q..M..G/.."......C.......7*.sV0.\c...=..h9.........a.\g..%....R..! .Z....|.(....M...%.8.......E.g{.R".D.!A.M.k......Y.~.j-.!/.a.8...3p...a.~...R.@y.w.JY.9........`........sYa............9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120610v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8F01D9C079DE235846FBF91AA7453FCC
          SHA1:3284D2BBEFA5F0C7B1C97F7947A371973AE5DA21
          SHA-256:0A1A0F4BB7B050BF361BB692586D399568869B3B2AC7134279190369E226E065
          SHA-512:9513888C4C9AE1841144A5122724F0E7E92DBE8CD798BAA8EB9F451BD6F5D816AFDBCCC04E1A1BA15BABD8E2BE532A9DE94C6C538F4F535F862934F8F7A3349B
          Malicious:false
          Reputation:unknown
          Preview:<?xmlC"...... .nC..^...R.|.p"C"......]G.}m.......RR....L...iA..{8_.y.,.KI....\.'#.......L....x..R.1.^....&......SD9.c...v.._.Nt.......e.......uB. ..].de.+{.%..3..4z.cz..&0f.i.'..........[....~Jm.....Z.x...rKBR...)8:Q...O.w.Z.......2_...Q.fC.........0M......m.P.....R..;.%.b.......L.[.....6....df.b.....u....z.5L.........+...../.N...|..\.J.).mU.=mS.[.Y.N....>G"(r....Y.....;.......r.X.-...^.".......m....W..g d...qV.?.d|..g.gv.}R.T5...q....$.p.Y.N.I...}k..........4..0.`.9......b&..1q....t.L.Y..hyZ.tKs..P.b.L.m6'g.i...@.<V.......1.+tk.3J8..k6.....,.....?....}.X..`w]7S..k`.:.G....(w.j!.a......u.x..z.u\..4.(M..|C.O....b}:.........s.{P..k.c....(..L.S.....t .............v8.........!s9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120611v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DE6CAEEAE120119176CF86EEDAA0C23B
          SHA1:D21CE285AD8C081CE842109E667B3E4120E33D06
          SHA-256:9D6B57ED4A8CD06B458FE8A130CA85789C728E9CDBED57D1FB11DD686E07D0DB
          SHA-512:C7DC6CAFF172C22861B4FAC07F81BF0A628D8E569715ACF48542BDAAA526031270A0E075A8F6CAC563690CD9F3D15DAB50B42090E732AD48B5FE721551C8B127
          Malicious:false
          Reputation:unknown
          Preview:<?xml....PZt..u.N.?.'1..y}[R<.l...q.G.C.|..'..T6k..w...S**.....7.. .l...,...ZI.|..j.....\..yj.&O.5$+.}M.M........^Uto.vu....H..eaBM8.`( k.~1....VV.q...6(&P9.2.4.M.9[h$. .....z1,}~.`P.W...8...8w..%.L. .......y.e..\.q....Z.V5.....tx...)!lr..V...F*$..;J\cF..*.G..%.v..<^....._W9.E..]e.Q..E...........+...c@.P....c.S"....\...O$....'....T...V_D...,.y~b.R....,T.].....:....R!........Br.......+.X.....Le.cQ.j....!...|.p..u.<..D'.7I.F..m...\O..^6.K.2.w.4J...bKXLQ..^7...zr.a.M...q.}.nJ..v...6U.6......4#..uu;}.......n.-.&.9<6.`m .J...XND..sW!83....(.P....$........T|.......4OP../.P.Y..O....Y..x./}#X.A.a.L9...+..U.......b3eJ.M..7Y.^.F3G{......v9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120612v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8DFFCB39371E50ED728B2B50E19C09DE
          SHA1:AC4001BBD789F63DCA6322743D0D96CA9F846AD9
          SHA-256:59A544B3C1F2AEDBFA266EFC1BF43B6DBDDD4745F7BDA903CAE95BD74F06F7CB
          SHA-512:B345E9C37EC62276FD313892E7000172AEDC8619ED4707E65EC9EC3FC5F29141D0981AC714E888D262DDC226EB51A067D47F105B416240DC26EBEA3702EC8DA1
          Malicious:false
          Reputation:unknown
          Preview:<?xml.p....'!.7_...-=.G[.n*.,...c...W....\...a..-.=13..Z.2Fc4..?..........>kZ.S.\..#...../-....x..._r...,..um.).l..z.i...2_........M7..."..:m..|....t....;.c..%^.......\..:....":..).f.X.... .)..-......kT...+...l."-..gn......(..O...Q:fD.A..L.d..L.R..d..w5...w.....w..k(.75.G.d....\{1~.........H.`g.....y.#$.....#.~.C.@.[5.......2....;.,o....t..Hwk.y..H......pK..../^W..;.c..ih.r..~@.\.......[.7.sw....G./.'.M.....Kx....8.C=.g..<..R.9.{7....,..L..B^t..i......+L...j.z...q[...I.....H.....E"%z..4R...q.PH...o...GXZP.....vG.Z.......va...Wn.e_..V.,.3.^....h._Vw.=...<.....z.j."........'|.^..cr......6..t{.,K.H!.K..6^s.Ll..i.8..W..G.~\..n?'..p...j?G..^...G..f.bMS..t.r.........D[0...N%.~./..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120613v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A973BB10F0E20AEE2DCD6C59439CDF19
          SHA1:6DC048D9E5D4A0A88F88CC08D72480FA9B5AD7BE
          SHA-256:0617851CF48FAEF94B1B026F562FA7EC0FBA07DFC44CAB1E5CDF028F912089DC
          SHA-512:F5C3DAFFEFE7909AB57438254211E32A7701023519D426E4191A1ED3661A21C5BA800BB39428FEA2A3F6F991BBA5BBBCF23CB7E70F2DC07AAB8CFFDB1C309658
          Malicious:false
          Reputation:unknown
          Preview:<?xmlE...G.`jT.LS$t.b-1Jb.z.......s....nS..n.C.&...;..C.Tbjh.G..~*.......U....K..8.;...!p..9%9.......no.o.....hfN.^..q..|eq<i..w..G.[\.U..v=..F..[1Q.....B.H..<.4....v;8n....o.V.0@OV.^.~.h.tK...LmG...0&,.Z*.x... .i..............A...(.-.txi/....F.J.<.e...s....]...h(.....[...o...hW.C......u.....L...L.7..J .Gy....m.,Ek.3..|x1...!.....`. ^H}..b}rG.@.....a.._..Oo..%.i.N+....k3K...&'...U..l4u.P/.Z;cQ..>.......lp.@..K^.O..1gV}.,.....@.QvA.x ..9.g...o...1.f5..ouqs...E..5....r.F.kF....=,|.x...3.?^P...'......j.\.A..<s...s..O.1.\.......V...G...4h.L.p..."....#+.n3.......'w'.q....h..n.C0X7........4?...YI..DY......!.X6..V.d)...A]..-..-J..C@..t.^..z..T..C..2.`.K.`...Y1.....z....t..)...IVC:..k,.,.c..U.~.kRV....kNd.........g.=Sa...D^.)....b@.h....<Q.$...a.$.II..N.M.%..{..d.......k.X.....HdrU.M.......x.d.(L...k|..g:wW.;.....$7.n......c+.Z.A.(9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120614v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4A08878C0428C1B01BB34B525247AFA5
          SHA1:E5ACFCCDD2620D23A35616FB207DC385CAC6FD96
          SHA-256:8935AAC6B762664806889D34D9BA96C85AA4F7E2CBFAFD819F1C2238840690EE
          SHA-512:383D6BD0E5348D89827BB7479C1E40BAA598F575D86B211D6A51ED656554CAD14B25AB960472349430A43A02110B997DE171A72C7C5EF3667A6435054C948C23
          Malicious:false
          Reputation:unknown
          Preview:<?xml....1w..c`..!.~x..|.c....*,....1..?....bM.pI....r..'.S'...0.^..l.#.R.ma..z.TK.\.o.)w(r....^.}...-...q.*. ..|.;../...)J.<...N.....`..C.'6q.=....;.K....9...E'.......`.`Hn.Y.sq..}X.2j.N.Y..k1..mz.`.....2A...2.....{l....3.F.Z".....e....]..<..K.M.u&.........7X..v.C..'. ...~.x.....7.E*.W..I...}L......k....:.eC...##.e.%].v...S...V..n&...\W.i>f....4...L.)......Z.{.i.K..^......<y....z.(..A...(...u........do..uW57...C.)..~..`...L.f........p.3...c......D V.......F./.3nK(.....?.V.!.u.....k............./h...~..".@..}..]O...P4a..h}..............a.p..+?SN./.E.....CS;..CD......m.].jx..-..Y7..D.4..P..W.....vz9K.....>..._r.p.>..~*./.. .r!u.;....HE..n.a.v}.L..h.Z.9....#..{.d......9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120615v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:38D9A574DD5B671BD23D4033DF9EC3FD
          SHA1:A420B2E2B576551B759A70F85D1E3F13FE0DC7BE
          SHA-256:B60FF87D81BEB99F8C49352C93B549BFB20224935C1A576CAED19866D6ADC5C4
          SHA-512:B786127507930B32404F5B20B32B31D5EB5E7B4159ED24233DCF832AE11713993D9F40B11E89AE1DEC17412DDAAEEBA3111856FD1A7FD5382FD39183C5E1AE35
          Malicious:false
          Reputation:unknown
          Preview:<?xml..1_..o...U......W.$.o.*.u.Z...1.....4(y.&.)...B.].Ex.......Z-..Wj.jC..g...+...!..=D...m....qh.0.l.0)..cd..<Z.O[...T..Oe.X^:.O..|.......;....4.yI:...I.\.JP.U.Y\ H.G.O*..j........|..s....p...?+..x).(..j...6.....V..h.~......\qiU....9j.g...!....X...<*!.M.q...n....$y.:C+gt7w.<O.G...J...{-.?..61.h!...=....B-i...;.........t<.._}P.91...........1.ySG....q..;...F..|..:.....*}.w...<..}..q... L..".;..9X.w.....].q...ZJ....y.TO.r....gv.}l. .r..........".e.x:{.(.z.54.R.....T..A....6.o..b.._.7y*5.~.?....w...m..7.e.D.o...q...._..3.'............x0c.L.....Z,N/.~4.V...,....;zu..u.(E....5ME.MK.y.....L....Xa.*.}\L.e.|..4p.{....Z9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120616v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4E059C4E7A2D9CC4A0E1CCDBB8134BAC
          SHA1:ACEFF554F2D289FFA6C26A6626700F13AE3F8E1A
          SHA-256:A32E20CC150061FD1A72F63414073EC3D754195B40C71DB27D0A5DB440679BCD
          SHA-512:279B8664DB1633779A5173D25C54569A451A6DF77151FD33C6B3E45374E2FA62EE56DD738D6F0DA576022986F8F59D9D4D06AD6B0BC52E92A09756B925479144
          Malicious:false
          Reputation:unknown
          Preview:<?xmlR.g.O.......s..v...u V'of.dI.AF.N.f..0..@%.;..t[./.R.i)&Qt!.....ch..xCG...j. ".....D...Q.E....@v...g...?TU..Wc.=}...X...x..Z..dk~F@.3.&.j&...3 .n0......y.......P.w'..o..e...m.Xf.%.....M....S.......}..`i...)) ..J.3....s.........~...DUz......M}.sL+...........)z?.1.gP.7..%T.@.. ...z.D+........q.s.3x..j...1..='/J.mg.+.^Mw7&..F........6...._5~.G6.K.QzJy....u..MO..`./1..:4....B..m....x.....A..;...}.!l.-R.i....["....Gy....!.Vx<#..j..g!....T.S.......l..i...O.~......z....................Aa.b.7Y..b.z.M..D...ox....*..m.s..Mv..(.m*..U.."/H.K...^R..$g.P....lS..{).. ..+1(!.O.... .8'...b.;a.4..AH=.._..h{.:..m4.7u..../f]....e.F..~.Q.)...KN=......d......(&..'D..`.....B....v...m..]. ...AY.8..Y.\X.......I......C..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120617v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B48118225A0549F9392CA0E91077625A
          SHA1:939CEB08793489920B4FEB16779DB3C1CBD8E634
          SHA-256:FA8C13A32E4AAB02A67CE91F074C2D6EA0EC9EED69561BBCCCAFC28C85D7996A
          SHA-512:FE544951D1AF4532F132EA37F8717A859485B409835E79AD0EDE0504194A43070C782393ECA06E80F82125DC9D8369C354C0DC2F84A02D1BE30FD1725BFB3A50
          Malicious:false
          Reputation:unknown
          Preview:<?xml..61t.........+..b......{ '.cf|..C.{Nhp...O-n...M=..sPSSah..F."pxq.'.}...f@.......xy...............2}..jn...\..+..&\$|t.{.&).E.#.:.f...4LQ.....5....5aR.J4O..1...>.R...1.*..=O. ......q..l.. G.....|..Y.T.W..dg..&...>..M.t..=..t.yh,M......+{...e.-.n.`..~i.........8(W..GL.T..M....J.Ql.7f.S..._.G....... ....4y.+.U.M..N...1c..y,..}.6..Q-..{......../XY....$x..=/rAB$...{-.%....M,...6....B.Q......-..Z{..5.}BwP...-FP.:..W...d..$5.9...N..Ba.....[.Y*.p.N......3L+.L9]..Kq....&.~.(cS..=...O..4...B..@2.g../..`Dj.~.D..^T.{.=~.fv..%..g.>..x.;H.I.....i.z.i...... ..o.......Y.....G.m.;..B...D...n..,.&.qcA.......l..l..zM.sc.7l.{.... .#".M.U.r(d...{.....V...].49pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120618v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C64AB849AA9613C1D5D21B6F6A5F8CDD
          SHA1:423015CC8B727EEE5B236B9784385FA9C34F23B5
          SHA-256:F3DEC12B2266DD11036EB1C6B83B70F50BF23E5BD1B4B8A71EE43B44101DED89
          SHA-512:E30952CE99208ADC454A3902C788D5C09048A8956E13D2ACF48A3CC6A3382A420A3D25A33D476F1C362BE2F638A14EE6257E6522D6036453F15F87EFEBA682D9
          Malicious:false
          Reputation:unknown
          Preview:<?xmlt.r....<..e.(.ga).t.T..D9...j....e.m6r6-"#.....q....\........).]....`.q..n_.[:..f...2X'.B,.....[.y...O5;....6%...,XK..`z..0.R.O;.~R..b.*..lU.m... =...a..X.%.h..A@).H7.Y...YM..xV`......[/tK..di..hv.r..~=....`...a.8...S}.Z.t.$.t0..a..Uo...G..`.cT...5..-y;.dc.,.f..(e.....}1..E%..FL.Iz.{nB..r.[o..?...P....t....]v.8.hV.((X.u.D...t"..a.....u....Ov....{S.E..e.c.4.9.y.\........Cz./.X..Z....1.9Cp....%b|K.g..S...>F}y..>D..P..O...K.V..L..4dv..x..OYV....[@.D..\5..q..RS..].....}.y..Xu..Bs..-~..|...Q.....d.0`f.ZT.6.`.cF"..:...8.....l.../..'...:c:....N2Cj7$.E.._..#.).#...PZ..cv....."..C....).x"(C.@..Q<9...O.g..H..2.....F2....kw...&.k.?..................*...2[/~nt?.^.;M.8.Jf......>k..wq.C.O.z9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120619v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:818EAA0F15DE31E06C8628232854A080
          SHA1:4F2B7CF1E69A98D632BC1C1A8FCF3AA7C1974293
          SHA-256:832CA31F2FEB47DE0EED14F4DE59AA452B9CD4BF5AB9C4FF2F1BA8F55B793986
          SHA-512:A1B056A8E750B874BEFA8FA5E9B330028936FB1EDA0292B49138D8314E6AA6D418B1BD9B5F3778719D767188CEEFCE06A4F83F059BA53ED2777C510715C00A7B
          Malicious:false
          Reputation:unknown
          Preview:<?xml.. ....BB6.a.#.B}Uo..l.-K......&.[Q.;r..;.........j..zo/......Fp...}.r...-..>2...>.8......l.....m7..]..........!7.l..y....2.S.n.9.....0..,.B.l.}...xh*...sO... .}.8r..^.W.L..~B|..q`...B........,.`!..=l.9!.y.r.....F#H.m.x.\+.|..a....D.Vw..@...w..C.'.A.[(....ouu..z.Vm.u.h.D..P.Tw...._.Z.].h....#.dh.....=...e..[9lX.....W.{x..{~h....t^.......k......\@b...d...4........%8..n..`....Pp..(..J..g..fue..E....*?...U..`5>z;.&...2.g...C.$..g.....r.......xh....`p.>..p...'D...;.OW.7.E......0;3..m..H..c.^.......x(........>.1..zV.3.....v..4.....:&J.g.3..F.^g.l......I.P_..l.0YO1.^..Q.{..4.&=.w......J1...XA.79..H...1ee.Q..Hpd0....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120620v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:64D352E5C587F8D3EBD58539A6B22E54
          SHA1:4CBFED39D48A9F2267E88B6758483B5A205986F0
          SHA-256:03C76389B1868F15242D3AA9F23E5E059ECAF35262C25BBCB550F71DB1018C3B
          SHA-512:079DA29E22A8740C7A5A288B4487673D1BD77D419C305CD27F74D29108B3BEC7DA45B63596D0CC507DD07B511C7EA559F73D99DBCCAB7B2073744F4DF8830CAB
          Malicious:false
          Reputation:unknown
          Preview:<?xml...;.&....uj...LM$..u.'..f..d...;.....b...1.U..\D..$h.........F....|4-A..y`8...5.....:..v....Y....)..-w.}..A.OI....#..d;.W!_...9..#.W....<aD.....l.>..e..8.?mh....K.N.L.Sl..'#....._..{..n....G.a........!i.W..:....Cw..XY...d.w]S..>l.F.........L.RO$.q....YDUv.E.}.... .G.k.|.-..../...>.V.Z.H.......4IH.....@...N.7w,...X@X|b.B5".c...V..E.....{N.lwtX.J..?...h...y..B.L.f....3.vyR.....Q...=.$.k.v...v%O.N?...)...g...5T.b$R.%.u.e.....)...J...e.........?.....:...?..."pt.65.z..$.@..J.Q&>Y...+n..M.V.).3.N....A=Z......u....E.4....K...!..w.+..kQ3..c.....].%..".>.|..V....P..m{...6g.U.....7.. D3.z.{.5(.{a.XJi.L.L(.a...}.<.....P[Q.O....)E.".Zx.Fz.b.G..7=.".A...(.....o...a..^n......ox..m.n9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120621v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:890473DDC778C829123A5C3B514EE6C7
          SHA1:894379158EEBC806FE085868CAE495440212897B
          SHA-256:BE761DDBEDDD416E1EF5D576ACC3F2E918751700FA9A97012F99F2900A4F59DD
          SHA-512:4F6143ADDCD45E2537E66806DCB737B5E270E8DEE0B9A989C927C77D35B89F746F1E41D62A4FD1CF8F414E6430D162B393E6BBAB76F8DF9EDB1F27A4FCE3D202
          Malicious:false
          Reputation:unknown
          Preview:<?xml....q..z..G.gy......w..c........+.3.<...(..u.\`..._.....a.8.....k..T`.....~B.....0...............7H..7Z.;.._aT..h.2 .G.....3...#+..j..C..V..Z..w..o......A.....8.2H..........:_..}.'.Y.1..f7\...Y...HM.3|s....4...;.*..`.'...N*..-Lu[%.t.Q.2.y......G..G..R@..=..h../.6.S..D~.v...1..I.U......I.+hQbJ.._.2Z.'+`G..3.`..-9-...[PF.])....J..A..q.=iX.[C...0...c.N'.4.U.W.=.U..E...Tm>i..O_.....5.1'9."^*;l.J.h..v.a%...7NaC.'..5d...R...A...m.L?L.]S$....m(.C.....2.)8p.s.......k.49A....?'..n..m$....W.J.d...{.....P..<Y......q..."*Q..>q....UK...r.o-..1vz....)}........'..{.D.w.C..gf.y5....P.hf*.. ]*.V.8.4.m.$....R.^i...?.......a...E.R.l.9..-9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120622v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F6C7C6CDEB9BC4A779EB249AC0351983
          SHA1:519385AB8ED6878A9049BA4A252D0E579211288B
          SHA-256:70A858480796E22317A521AE30FA197F4EC1EAA3E2781F60874686A6185D3269
          SHA-512:B7F4B9DBE52BC748D38336DC6F4B189486E52D4D2A6DFC7A25043948DF2677F10809722B83B71319BF0C98844B4581806BC29AE215564D58CC8C7A85FBF8E811
          Malicious:false
          Reputation:unknown
          Preview:<?xml...{.Y....uj...~\{E....^]...,_+].-J.../Y...G.(...C..8%&r..@=..DCR........3q......h60....@.q.S......^`.p.--.....Sl...j.....*..9....:x.....Ex.....Mz~......1....L.....]..>.r.xK ..j..]...dqD.g....%.&..6.2.....kO..I.......X..A.=.*.!,.N.......6..<.....mXu..)?....t@.8...c.Y....S.........?.D7bK7.......;..bco....{...~zbbF..L^.m.?.....6.<..b..t.....0...%T^.!....p&<.\.J.[>..?.:&u. ..=...L..4....b...*.a.n.)... m.^.AbIN.No.L...r.......=L..j.....U..}_...yA..jQ..^*..n..a..Q@.L...3...>...p?.{..8.s?..e.O?.n.i...&.2.~.Fz.h.i..@....#.'....j+.....................2./.?...3.A.}!...q..tb....M<uM0..@.t..B_....T..f.~x. .G.Dpp..(....n.....*...?f.zX..UV..I...sk.y:.......O...O%q@U?.X.=....M.4.bc"....../.KV.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120623v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7D94B7C7B0923796ECD8273FCAB457F0
          SHA1:3A3338A44E91124529FE0AF42006A4172B88C953
          SHA-256:5101CA1C81B98EE9373A9A0582080D0590DE2F5895CB3DC1EFB8BB0C75B0E483
          SHA-512:4F0595B98DD513B7ECEC8288983BCEF881842196B4C34918226EF698A30C3B45E59641444E8C66DF1A38CF3A5ED587B98FBDEB532EEC82ABEEE2B86F7CD16CE5
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....v.., ....s'[8.g...w..Y.D.I......K.D.E3L#...i>.F.Le.m4A.J..1.(......*n..*.?,..:...o[..@....<^ ....:Zi..y;...ko.).>...ZR...:.._..l&..;.......P:.....x......sy.....8a.UW.zP,#.}...w=..n.......,V..(.......1iW..#....q.|..s...Mv'.zT..\....n....c......4.h.8..{..."WA.&.sp..i.t&..Q...._ad.......!.eM:..EG..u..(..;V..WMJ..V..J.=..B_....7..V...".zJ..O.@%@N.^.O.9..4.b.}x...9....^X...i.....|Y.S...D[4....-...B...?.....M3..o..Z..mW...gG.JE.(.`?k4>9X.V.O.2^..2.C...=..>...8T.C...;......n.u.....@...qa3.xeA.J..K.....)...l....R.+YQ*....K.u.glZ..9.5......F.P..vXa.m.P.....a.\.Z.E)...4>'... ....,.!.UTF.UEd:.xo.{{..[....<z...w...U..b..q|.``L-i..in....>.m..G.....8...m..XJ....?L.G.T..[......U."..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120624v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DC55202183205B3669220B226F31FC73
          SHA1:860E80AC2FCBFEC7083E47067CA5C674A55C0E1D
          SHA-256:062E8981DFF3F262E345D5816C09C51D79A45A24C73C7477298CEB3CB9679711
          SHA-512:6971FB133C9A34F74F6E392850B5D8791261075BF62F3C377C3B261844A0CAD5E074C05C5457DC3F2E56127B3A64E812AFD7313F3D8F494AE8D0C9F384D9290C
          Malicious:false
          Reputation:unknown
          Preview:<?xml.h..EZ...W...}.N.rP...H,.......I..<.+.W.epT......6.<. .....=...x..`....($/..*..Lb...S.2..d...i...t0...}.z..N..9.x..n.r..3......-z..Y.r..wCJ........5.o.X^)...lb.lp(.r.......F@...jI..dkj...|.|.......w....o.l.NG...u;C%p......8..wV.=.`).,S?u.R6.M*'p0.r...8....\.@.W]..1../~.8......`.u:Ur.E.|8.I...Vn..M....X~..4*...^....fm.).CosG.D...+n.....`.N\..2w......|.....*.......1.K......{.....0A...n..R..YQT.{H{).DZ.3.c....}......E'g....D..l...H........j.00o.?...... .`...Jy..m.ph...`n..X......KD....r.Y....*.....9!A.D.>PE..L...L..o%...T.k..k1L....MJ.O..........4.P..F.a...i$.hY@.DN......a.......(...N...q`.*.-L......K.....Xr.....} .L..R...pj1N..].?.)G..?.....W.f.....zA.....nS..a.:.....\]......D'^..eF....t=8.&go....?.yX....b...I9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120625v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:57CAC1BC7FAA881E30782FFF1E485DDD
          SHA1:88263AE0CCECA03248C16A121CBBC96AAB51D293
          SHA-256:AF3868A491E0C32826B60868A90AC38FA197EBE213554BEB2A73F2DCAD6A23A5
          SHA-512:8B676664CE57F0F502DE416764CB04058F823C317FD43E9BAB03FDC47CECAE2E2A54092E04AD152EDC27992D6BB7E18187B2101F44C15A33B4AF245F74CA513D
          Malicious:false
          Reputation:unknown
          Preview:<?xml...b.m/j.z...j.w.5..GL..........C`.-....FV.4...A.j..P.O.I+:o?.*....:..*...[AI>...3.+...Py.O..).F..Z.D............DP.&..$.;).s...Q..$.'(U6N.%........~AP>..]...(...Y..h.....$I ......K.8.-..G.8..2...c...w..)f.Z.l..y1kL......)...).t..0.#....&.s...o6.%..(...0....K{..&>.<L.zu..j..d.qh<b.0~...^nM..Cej.{.p..~..$ay.1...d.o.......F?..*q5.d..=n@..j.T.....>.B........u.0....~2....5f.m.k6zC2.}j&-F..\...Y\5!.w..(.........S.z....i..B.....3...%..Kw`.&.T1.....Q....j7.&iO....g.I.._T.U.........!y....Et.d...F..3.D../...3A...Ze.9wDp9.G...a....O;5...{.}L.T....l,.~]..wr..l..'$.N...b+&A..D.G..........Z..........B......m......S..Rn.hr)uq2h...?o!..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120626v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:717C7A75164CA101746AE6A789410753
          SHA1:948B8CAD9FA18DC31091DECCA919BB31CBE53A5C
          SHA-256:448CEF5A7850E53C7690C9239AD9F62C43277D44BF6D85F057C763FB12B2D986
          SHA-512:9B883C43D1CAA5B28A9ED21FD0B9875A01916EE2217507CAF161E96830DC2B9EE00F644741CF8DC3BB2C79525678F79726EAA45F7E49F9E188AFDC243FA5AB49
          Malicious:false
          Reputation:unknown
          Preview:<?xml..L..+~Y.....BD...@.yB.....l..{..Jz2..m...c*.yY..A.[....X.Q.....~,?.m0.R_3 v..X~u..a...=..c..8.,.Wv..?....e.^.....xct....c..gN...H.3k...t.u....0...YS.Y...I..Z.........oG.aJ.p.L.q?LO|.n}..m......n.....G...P.4`A.+Co.m...d.E..l...&..Y...;.....w..G`......J.f...&...3.[...C...n.`.............[...p.u.! Q........WuO...+...8g[....@...../...<.53.t...t.7...:..L....qx.......@...C..C7>..7J..#[n.....>cD...JcVp..77.t.8b:.~..5._@..Dp...to.5.y(P./vk..c.(Lb.4....NL61L...]...p......#...W.'}.. .....E...P....."ZX....|.()...V..3(....kk..=l..._x?..MLOU$.......p.u.R|.D.mk6.4..kO.-.l..2..q.L..W......zp.?`j~.v)'{3.-......1........{.)qEy.|.ssP.......X>])..w...Z..n...g.....g..{.i..&.j.........y...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120627v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1849A6C84486557851A13F316A753384
          SHA1:733E936EDBA4EB64610BEFBCC18EDB441E21AFB8
          SHA-256:008DA1B0F712FC57EAC5A975F1362DCF715090F8BDDCC6BB8DC79622E964BE36
          SHA-512:5A65CE8D061096AE70636D21965F1104DCA295F39AD8534711A2038A90D25E19040EEADE52784889A696682D1F8189BEEBC4BB0EDAFD7F5032556B2BCCD33A75
          Malicious:false
          Reputation:unknown
          Preview:<?xml....=.G.N.}..........^.a....g...a#.o..|.!.....zt....a....#c.> ...p..gZ.....-.Z'P._Xx..Q..T.-......5.O.Fm...p.06./..T-x...Po-t..!.....o..T..E.nD...1....W....w.O.w.%...T....x..hYX.....HS.2.r..Y&s~z.!.@F.(...E.M...e..A...q..r4/....k...e[....A..~.yC.....Y.(...l"(o...o.1....{..K~5&.PHm&_p=..y4.o.r$..)..Y$^...z.-,.ja..R-:...b{......_.VF..l....M{.i..d.9d.+K...i......9.\..(32..7....\o..hM...}d..)x...|.Yf84CZy..._.!.E.7L.e.=..<..l....rkk...7.seX..$......g.$.q..Q..4N.......rI"B... ....OXfL.....VSV{...i.}v.N./).A.......L..=$.}x.<d..\...!..VwGn..M..X...~.\....0..q..........lt...x.....d........|.C.<v....k:.=~..%W.s.3-?*....MK....I.k.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120628v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F62F5D7F891852FB688C50B0EB1A54F2
          SHA1:A5C4BF4D237E9A50AB85C620FDE7A97596C1E144
          SHA-256:8FB6385C1410CFB057CA2B9ACBB8933B86A0A650851E110A4A1F7794BBF2DF5B
          SHA-512:8F3DB7C96437C07EEE28D127E06FC6746C3C4DE8E89A2F761D61106AADFE314673B9AB84E4996DEDE394D21FFB9E183F06A6E17F7EAA2C986CA3FBB1524878E5
          Malicious:false
          Reputation:unknown
          Preview:<?xml...zwM....l.........H.y.D...v.{z..z...vMj.k.gyX~V../\7.A_J.Oe...r.O}L..$....Y.7W...;.B.......,....*..l..m.}W.....xXw.....kJ+A.V={..EZZ).A..m.9..LN^z..V..;W...B..6H.ht...-.p.C..3.....4....F....:.....|.=.~..V.....A..m.j..+...%5.'...7...Ap).g.G.H.K..O.v..u...~.tTz...~c......Ui.eJ...XPP .X...n.....9..#...=L....x.A-.~<.....].!...8W....5......~. <...u.....Vz.j. .]..1J..!.'o.......:<ZS...q....F5..r;..v$e....1!g.........t....Z..yJ..%...S+..3.{.\.a.T...;.\Y...........{.~......0..1.P..q..........'.)...3..},......;>.{n..........r......@{..%L..!...w}.?..098.R......6....f..7":qnM9...p`.w..Qlj!......b.1.i.u.....,.N....7x.g4....2...m..Wsb......i.)...D..Y..+.MG..x|......?I...6c.B..2ld..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120629v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C81BD8CF31CC6AA9E24288E12BE15C75
          SHA1:FE9F82B0C2CB0A5CFBACA4FB481B07A32F317449
          SHA-256:60E5CD833C79213C718DE39C04D98878C32B73C3386B1892A89746C1592C31B8
          SHA-512:9135AB9262DD4F5DCED7422241524E1AB1A959C88415AE20ADD10001D6F9F8ED1D4C1E9FB903DD79759C8C3C72F4FB9922AA3BE9ECF088899ACD571A77763ABB
          Malicious:false
          Reputation:unknown
          Preview:<?xml;.k.Z..2.g+8ST....8..E.....9...q?QG.4...A...(.P..?."..W.._......w.M3..sL..d1....(...B..n....nR0#..!..k..eD...cb.a.0.zrK.x.6V...D.,32=5..~].*lAYj.W.Z\.....w3M.(5...".C..>....3J....T.:.. .L0t...@...t).u.O.Bx..-*...5......... }...M.D!...rL,....$.1...y.u.....d)E.$j...z...m. .[BA...........5.S..gL..f..X.Q.^..3.'z....)o..XP...T).."..suBUn.XY.1.U.Si>..T...|.qk......*.p.^.B..@..0R.!.<L....=w....Q..4.1...._4.?.k....u...8....+..L.......<..J.G......dt~c9Z...h]..W.}..m6.-..........1..9!.....Z.^ ....D0-.P..J.k'.......N.....E:.|.'..v.k.q.+..Tp .....\...'..K...>....k.(....M$.I.6....8....N..y9........F..e."3.%S...o0.o.9[C.z5.u.....YJ....:.P.<.n..uX9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120630v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3C68446C76DCB9EADF06B1C2FF14096B
          SHA1:AC9C6225372781A96A139D45B452CD902EA16F34
          SHA-256:E3292090BB7202E5A196BCB662F1329E2758A2D6DF283FF4638C49A5F865C32D
          SHA-512:07749ADB4C7F0FDE75C7653650CF909B634EA5A892416C74C8167B40E850DC687845BFB92E4F91B716F8AA72620F858BA686EE59E72101DD947948422A34F915
          Malicious:false
          Reputation:unknown
          Preview:<?xml;enG..*7x6.I..v%...y.o.."..v.V..Z1R.U.m...u4...\.E.n....Vy..O..f.".n..j....2+.......+3.y.<tPgK.D..F..~..N.p./B..i|....q..Ph..%1...m..F+...Rw16.n.o......E+`.iku6.n`...1.X...Y..A'...........aK.S...h.U..Z..^...wm..!c;...>..V.....zd.......C.o.:..l..,..>..zc......*......V..A._.q$Bk.....[.n.....H{.:.........ei..[\......F...(.i:....4...$~.{.....(.4...&....Q5...ZO...F..C}.!..(,.../..W{..}.1.F..b.+.g?....h.^.....{'.A.\...2e.l..j.;..Hj./....*. ..^.Z5h...b..Fz.a.).3..2]....=.T...n3.}^m0.p...9.-.ZPiZ.e~y....;....0......a.._..*.../...B...I..V.~hH.d>........zp.z!....U=......1(H[o.x...=.%..,.?....;d"..n^M.{._.!...4....v.v6.|..Fn...3....Z...K.S.......K.a *\..._...E.-(..U.n.....H.*..CU....._.S.....j.D.=Ri..%...%..<ks<.t.!H.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120631v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:54A97E2B2D0546E034CA8863F775458B
          SHA1:5C65BBC418F0A8CFBF7220C86864CD1B2455154A
          SHA-256:E07062302C37F079F49EC7A8DA0419DC40D4B8425994041BEEE113E4CC095C9D
          SHA-512:8525172642D32F6BBA575168F306EDE74076100D260F932909B6AE9E43380AD281959AC106F271A49CF4A85072534E4CA3A187E7A88BDDB21E9ABC20AD870660
          Malicious:false
          Reputation:unknown
          Preview:<?xml;....5&...4.Y}......>...%..,3`..oR~..!.2V......Qb.........}w9SZ.BX.).{F...N..;.)..6x.;c..*.`&. 1%It8Z.$..I..,.....8K<....<...- ....F...4.........*..29/.Q.*..'H..!..5.|....F.....p...g.>..}.jp.,...#..k...Zy}9Q^H...L......=w.s..=..-.~....Xm@@N.i....L.n.R.Qm....N...]....$W.F.B....%...Y-...-~.x`.6....gyb-M{...[v...Lx.:.....{.B..{...fm!..4...R-$.:.G...._..s.... ......1......@H..!uwC..........Y....t...@...:.IK_..8"..g."e...POZ<...8.....:.^.....WO..;B..U[\...n..Cw. ...n*o..L,.&Z.u.$....-../ETA\..75.V.......%...$tC.v;'WzK+.....n.w}...H.:.$.P..j.Ys[...2.@.`...&!.5..5o.<5..%J....L...3...R..fT..w...b&.~........6.w..E...y....S..D..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120632v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:22D5105EC844DE9C80B70D378777BA8B
          SHA1:7B779247A2C50623353DE38593D944D4590F1879
          SHA-256:EC59AE804519803B1B307157E117F487814292AD211DC34BF4592808A29D35CE
          SHA-512:8A80583E8A044404FC1D1DCD6720E9369703299F31933C77857E948D30A3C453CEE975A401F04FAF40551CA03ADB16700A03396C0D49A0ADBAEABC4C923A3F49
          Malicious:false
          Reputation:unknown
          Preview:<?xml....o.h>.t. ...-..w../\.. .....pr;f..1M..[.......H..c.e...0.R[..z.aA7....[....a.[L?...*.%...!.'..._....y....!Ue!.?M....v/=.#.o.y.J.......d2X.[6$...Q.I.Dz.@.e....O......~.T..8...g.,>C.V.J......T6.R.UKfX.*.....(.d.3.A1..&.9..-".t.TP*r..{."0.......o3......c.MP..e...bb.%.........g}.....Y3...BJ..DE6V..8H....5....dc....N..?.`..s).H]PY..g...!....c...5.X..A.....?..(...[.|.'....o.Y-W.di.....^.$...>LI...,....}4.g..D..z.~..Q..2_T.......9.F....&.1N....1.%.....{...)..4..B..y[.....>>s...PjR].yv.(.zq._..V5.H.\...i.R8..N....2.s.JyX%p.._...v}...Z...T.?`vP..........y..A...ood.....A..*._)`.....7.h("..v.%.p.hA2&..l...hS.}.R{.2..U..?..>.Z0.u).Q.....+.`%d..b.P..F1.....i.@.".T..T.g..F%?.h........;j)9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120633v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FB9F4B353461526EF32B06FC6328AECB
          SHA1:587FCA3658BDB3E92BB119E80C5F6F0F55428797
          SHA-256:F0687EFFD45402926352F1D113A3AC47D3CE1AE706B42A90E9F154124927277B
          SHA-512:C0AF1B0D48651AD58E3532706A13A061E49F10DFA344196CC03FE6B94CA73A74B33190FEE6DAF99C216B9B7D2BF32F73111FDE0EEDE5F731A73836E4B695AC14
          Malicious:false
          Reputation:unknown
          Preview:<?xmlu..&j......p.g.b...~-v.........}y.:o...~....]m$.!.7(.6J..2... y.U?.lMQ....aw.d.E.G..=.E.........6.....Y.ed.....7..$..b..v......4.......k......z'..%......`c.<Q...}.=.d-...v.J3..;.;n..[.p'....|.t.]d.....>.\|.Y...=.......M$C.T..\.D0..u..6.@2=..C..kz:/..U....d. j.,.-.]`.... l(....^..[..#^.Q..(|>.z..<....3.....+..(..X....|ku.....NPEGW......k3..K.s.+].Fz..?x..N...j@..Q.;z8..r......kR....&.q..Q~7..8.<...........h.2..L...mV.xQ...B..ARWC..eZLJ!.pT.Q9`y8#'.).I....;....t.....4..u...{...G.:.."..cA.].T...,(.z.H0FV/H.5..... r....@..mT.z.,......MJ.....H.!I./.tx~.$^(u.v[...To!C....0a..<...I.kW.P~..z|A.....6}E8...,..d.{k:...l......Ky.q.m..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120634v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C374BF83D0D086CC2BD716DC5EC74EC6
          SHA1:224A6556B74C2FAF6495765A0877B0328FD6FACE
          SHA-256:255F163E1A037B58049C2E6F873076A8396F0CDEF05354299A64CEDAC72CBF2F
          SHA-512:96FA7295C0B9522B3C1E97BEB02BAEB9A14F0A7205D644321A5233E20E24F557E5DCD89E0BA5CCB3109946C310142C50CA430F74FD23782249309B810A8159B3
          Malicious:false
          Reputation:unknown
          Preview:<?xml.Ab;.8.:...{....3.l.....a......f......'.......[...F....|/.e.......L...r}.....y3..w.......Z$.@......k.-n)........f2(...e/ ...P:.....Z...L....Hl\&eut|..q.F..l....^H;...0".......l.].z.6kg....a.Q..58..x] ......Z..u..^.......>.,...'K..x5u..W.v.{3.}..4.!O..m...{..#..........YTn.k.(.<[.mo'.....2.....>........W.w.....=...!oT.op.Y.;..O....._.......F..qP.F.}N;..j..=.e.I.qG..J....V..P4EH..h.,:{n.FX....3.t..']..E..6.^..f...N !?...>.L...,.OXP.......wPq..J..r.).U..w.. ...~sW...d..I.0p.J..~...t.....0. @...}..5.........`...(.-&J..o.(#...f....[...@P.x.-..X..P...=.~.....c..<.>..T. ....W....k..SH......E7.....{a....C.3m..Y.\.U.Wc..<}.#.9c_.OG$...>.^..XzV...G.Yg.d...x.?.zq........la.s...cv..|64.;...@BD.A...r).9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120635v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:BA0C7900AD9C25FBCD9DCFA77AED5179
          SHA1:29655FBCD7FAC1400FE8096034B1652F1D0F690B
          SHA-256:A33B982B0203AE25F31F29342A195A8280E9F491FB03BCAB6F6218EA60E8A9AC
          SHA-512:D9DF3A69B70595095F46AC1C0915DB67B2A5F018B975B2B069BFB74E59EF67E4CD42220FD49C739A8BDC0BF442168E14065ED2E3AA94EFA15BC66AB74A5D7EFB
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....\.tm.$.;4o#.....k.;.f..|RJ...n.h...C....'o.6y.K....!.n.#..8....6..C.m..&.I..B.{."..{..:.0 (u.`.a..3......L0..v...N...qjsR..k.B.f.X.0r*....2.C.b.^....c..GsDt...uH.D..v..^......2.".k.+lH.@...6eT.....o&...m..u5......x....a.*....>N.1K....Nl.6..-..v..~O......WK@x.~E......{.....}.h...i.n).:|<.&..da....}Y._..m.*j.....TU..Op....w.P?c..6..X.K6.]Xj.h#x6.......?.3l..V.......c.g..91......r...k.}..'w=.?..R.aj.i.....U'2.+4De.x.%...RA.XJ.n...}.X=...N....>}..=}z.!.c1.G...?..U.1|*......}M.J^..!.E.......S...sqr.I.L.......lN.u.64..8#Z..h.S.8..j8b..G ...#...bJ.wR.T(.z9...-*{.;.o.*.dF.1.)..0J......Wkh...7}.H...s....OJ.)..Oy.dK..W..`"HIl.....]...tm.l-.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120636v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CAD0C105788E473C5155FE9067035448
          SHA1:734C1B392EDDE3E499A1AB56F9B0127E53C1F9D0
          SHA-256:F2AC05EF42C9E06AE79A91A14D5938AC5C4DD5208FDBB7FBA4DD3286087FE4D5
          SHA-512:D7F116CBA368C1238032A9A8A16A0AB159459A2483072F08B209636BCD8F0412D92546A640B89F3B5827F556C1CF6BF041E3ED67EB79CE4BA70C32D9023685A2
          Malicious:false
          Reputation:unknown
          Preview:<?xml...`...W...C.?.p.....:.L..y.h..#.....W\!......Q..S.5......Omle.. {..U<p..|j..5.+..Q.....j.<.f.......)......r...`....N..2...8.&G4$.l......Q...)}..@o....RH..@...d...8..].g".....i.i2...4.o..v.;.dk.9"x..Jh....5.U4.z...|....SE.*..1..Un.....l....7.=J#Z.<...>....S...e....Y+Z./M.5...5E..Z.z-G......DR.8.p"....._....<:.w....1[..h?.N...G.P..._....P...yq.....X5....B.~.F5.q.$.mf...v.E..o.....-p..../...-..V1qc.{~..yc./."X.Xz..{..O......9.q...F.. .}6T.(i.....)..n`...?.'..j..~.."t6...tp0../m..{..7.8..A.-JQ.u.y.....{.&<.#-.#.K.4!.]...x{.....O.9.X.N.]..t%...n_\..rB.\..$...i`.N..p...T..J<.A........'sH.&15Z..@8.....U.:.O.kH<.-.i7'.t...s.W.......0...K.Q.....q..k..J.[....r.+QZ....E.....=89pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120637v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DF7C2F481C25F11092E5841DECD9DD86
          SHA1:03F70146385CAADADA7852FEFF6EBE96BB50B99C
          SHA-256:45EC43605CFDBDE7F99F9D62BEEB5E1BB7B65A59B2F07A693E765B7F7B7A2BD8
          SHA-512:F26CDF07DDF245A50B29F43379AB2CCD3849A06D18D3843A5D87764E9266A06618B99FF4409DBF185856C9653EABF85E4DB0A50620AA98BF6D24E3379D3B64AD
          Malicious:false
          Reputation:unknown
          Preview:<?xml..D.<@...<.q.)...3...9....5.O.G.w7Y..oZ....3+..p.|..8.......@.T>....$.G..Wk%.....Q..s...[.,..O(.Za@.Op.l5r..8t.n..y....k.PJ...!........!3s.../1....#...!.Ir."@^p.T...09.A..$.3.@.A.j......9X....9s8..b....j).I.9.......xQ.."/..l..........!...d$.W.8T....r.~.G.WuC.......V.....J8C<.^..P....X....(Q.A.XM..1l.q...b..*.....Y..I..=.B.,y...P..D....H.o....^.R..m.I..:....=.....,QU}..h....Z.y....~.SB..7...T....Y.....#6...|....4....Kw..Y?z.R.r/.."+.Ok..y..N....M5s..j8.....)j...h.....W....,.;9[../.N..um...q.a.f..t.&wC.w8.{&5e.O:z....].Tq...;z...4.t.6.o!X.Bg../2..P.B.ew.H........6...vY4.....P.P.Mh....j..+.`]P..s..B.......p=.E..5sM..3E....S...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120638v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F6A1CAA1C94FDC35566748A9A07FB852
          SHA1:7AE99F7A14EB23D96481C542996E5744F4F583C4
          SHA-256:4F55F5EA8CB5F28006B63D5FAA0C7A3DB73FFCE5972DDE4C977F069DA013FBDA
          SHA-512:99D7FD3EFD663CA9E0E2367B882CD31E03E9381DC852C1957E44034582C32B3AEA7D87BF23FC9935228ACC2DA011515ADC265B00AEB130AF796B8E5EDCE92EDC
          Malicious:false
          Reputation:unknown
          Preview:<?xml..54=.?.K.Yjl.....8X.R.xuF.3.w.{..0=0W..P..P....?.t:#..m...$.[.@.[.b..|.."..91..?.[...{.....1R..$mN..I|.ao....K).Lh..X...>."......P.-8nS%.l..P.@r..p...........Y...._....4.=.i.......L...[.C:.?.y...WL.R%..>.@`.P^!....]U@...7<...O......I..N.I.Q.$k..l...!g.]......fD.........i..]QY.gv.d.2F!#.Ed.......Vk7.`...lW i\KPR..*A..h.n).....Y....;....|.Q7W.....&.z.../..ER..[@.....`Y.F<.KB.8..o>E...i..7hD....!..#..9...;H..U.,.....2M.l.E..ge.P....d.7.....b.[.!....B.a.v...?HjD...0....~*Zp.\...1.49.j...z<9..J-.B...p..K.<.J.0................V(...;ww...4x>..{.b..o.2-..i.O....y...m .?.5....)$....y.>).....&..JbC....e..6(r.Kp...........^..%mw .9g.......{...%....{..8.....C.Z.Ue.G.....ag....+....KZ......k.$...Nt$.....p.V9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120639v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B4697A35521E7CA4D079D5685E5765B4
          SHA1:D695ED57BACF854713407EEC080F277E9CE6B479
          SHA-256:1E2654BD05C45638D91D8B74776A2E096EED677700D3094C566CA9CEEA36F5D3
          SHA-512:239C306F25AB8E74E54F3EBD92C78F8DF61C85A305D41B2412FD2C9FE784265ED5BB840F4FFDD3D357421D3EBA27D4D9690F20854C55E62980B42396EFD4CB65
          Malicious:false
          Reputation:unknown
          Preview:<?xmlX...Y...7.h..)...6.....|....C.^..s.%..PKf.L.+."....J.........#..51.B...Xl$....v.H?-.....?.........4....F..}.JS_..uN.......6c...z.k..^.^...%Y"S.;X.q%(.3$..8x...U....t..98..P..'......s8p..[.a..R'...$..x..p..<......Jj..!...].o)m.W'.B.G0W"....[..w,.f.......e.3!..6...iM,..! q.j.d.kzV'..l...&J.....E..[n.\T1.2...Tt](..i.]{.Mj..}j0..Cu&..%A&I..z.....c..y...D.$.....3....W......y...;.9...XE6....... *.b.m7.....r.#.MG8..K..8..YHz...&O.tL..G.%]..#...7.. /...M ...w....e.0$]......|...s.H.q>%..QT.8........)........[....Uc^......U...u...../.1......\u....ms.4...g....R...C...G~.Izs.h.Q.V.5.......9~.I.qw..\......./|u.7.x...7.h...&...b."...w..9.]8..-us.N9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120640v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:41F7AB7997F709BF1F2F8FEE24990E9D
          SHA1:20B5EDDA6FFC7B5EEE6AAE051F75F434DC5E26D6
          SHA-256:55B80EA337BEBF89DFBF755CAE04D42DCBB3F73FC6207463BDA8691B552616D0
          SHA-512:372DD8A8AD04C223E8A3BEACED4C4A5E40E2A49905602AFF49669B2339E12D09BAB83E77A3A8B0F6EE26B6C5A84925AB85FAE76CA845D60AD76DBDA14CB5AC41
          Malicious:false
          Reputation:unknown
          Preview:<?xml6...mk<...[*..bD..'..c.v......$...2.W.sH....`.VP.*Aj....n7.}...dR.....O..>.{N...._..ZA....R..c..P3...j.Z.|.3kS.z.../..~....:.....$.yx.0....BV.......4|...IW*..N.:....6G...Ty.u..U...5a.N.Y.(.l..58/.=]b{.......A.d..s.".r.'......;..M..Im.....4.Po^...Hygm...<A._.p.F.y...T.O...]@.;.......}................(.,......7w....3..Y-..}K.......T.+J..O..!1..jv.$.b\.z.R...9O.... ..re.u[...W{.qi..&....%.eU.)....A?J...'.)...K...TDH......{2...G.}....a...yn....T.U.s'M.r..>/......I.Y.c.....C...X^....b..6.k.......Y...1..........?..z..cg'....9...^..BN............."2...7..rn...c.....D..R.;P...F..%WS.....A..,..k....%v.......6.......#.D......1......j.<....#.0.S...Zw...T..%5....G..!..ce.R..-......'K..f.Q.g..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120641v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C8296D287BE1B99BCB79C1645833D44A
          SHA1:E149D1DC1A241467ED258781D6F3B2171F82FCA7
          SHA-256:0DE4EC62A9867926335C349B60531257210EA5D6BEE45EA9CEE6B0E6A6C58EBE
          SHA-512:9FC650C7FE79E6CF5A065BDA32ECC139B508AAFB40AE71C41FE7D7D93264BBE57ADB83ABACBAD045ACE956BC9A34294436AFEE2042085F2109DEF027D9B78BC3
          Malicious:false
          Reputation:unknown
          Preview:<?xml?..o....v..t$.wc4a..d...&....U.F...{....|...../C.E].e.....h".1..<.}.ZW....#...Hq....4L).n.5.T0.+.../...,H..&.B5Y.9.........X;.....1.j.u!.#._w.%a:..H.'..(.l......^...`.BW..(Zx[..W.ru).........-J......8..J..kxf....Z%.,!...#.H...q)G4...=.....U...1..m.!.]...R.?e...`...S".."...F.DW.3.s..xrR....R...&.#9..'J_c...V....q}6&=..*.2*u...)......Y.[.6.#.w.:2...4...I.....v.'.@..3k..w..v..F.^...m....e..ZSK..........#.|*0.L.V..0a..vM...<..<.......^.9}..:...<.PmaE...zu0..&.)ra4.....h........W.r...f...\b\L4a|.d...@]."...x..../c.......n.J.(=..e.+..8....l...z.\.@...>.M.Y.. U...!.....zS(........a.QD..s........7.......>....js3%kY.L>,....5.Z.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120642v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FA4CF85A25DA78904AC25E73B319E3E7
          SHA1:D4BA86C162C8F1F1C0DF1C8018AD2FBE459395DA
          SHA-256:4825E4FCE8AB21679CDE7343B5266B2408AB17F11665CC4A6674EB739D521102
          SHA-512:2A58EBEC68B93B3FFECCA4F0C9615EFC7BC20B91214C044AB4F94A705DEB9FF19F3A4AE30115B4FB2EF7E37AC39490832B1FFC3FE1B7C2EC01DF377B456DF83D
          Malicious:false
          Reputation:unknown
          Preview:<?xml.u.I...+..`.U.V.yC.xv.l..,.OqP.jme?...4..b...B.fD..S6..+\.I......@.{....v..M...f..z.4n.m=....I...O...qU>.......n../g].6 ..`.#.....[~7.......%T.M.m..[.i.W0..Xx.Co..a....X....P=.....l.rfc!.Z..f...q.uZ..`Ky#.......O..o..e=ea.9...j.V...*o.LS%:....p.[.3.y .....F>JgLs..!.]_....8..i.....3....mMMr..>`.....4.R^..=.X.....R...$.b.......%7.x...(w.o.b:...../..}...O.h....%.?:5.M..@...&..#...w....o..0....b.."..B.w.[s....@.m8..v...B.h,.._.*..Vl...~..W..V..H.......b.C.q.Oy.w.u.l....Z.B.6..y..,.;.......g....w....P('_.z...R.....,."y..~..;...S..)....2....R.@.wb.....MAc.."....A.h.N.X.4.n....B+.F.}.u...Z..:..2B./NqoF.|dgM]g.....o._..;.kI.Yo.l.....2.=...x(.'j{gO#s.3...v..4n.}.(.&..\.0...T.......:.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120643v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E32EFE6C9F0A921F8A0CA955542A2CA1
          SHA1:E85BCDF8C5DE7BA1105CE2F6395B65F4BC53B008
          SHA-256:5E8E076ACD88913C2B548E8E6C34DCFBACABEAA304A6EDA5F3FD39817603EE8B
          SHA-512:C6E8B7EC043A1561805735EBD34B69C6D5C8486E8C285958A9C439E3F9A1C4C51CF978FCC2BA7C03AE1F751124D6C1C7A0545B9B55754D0242329A8DACA5A5B3
          Malicious:false
          Reputation:unknown
          Preview:<?xml..<.N7..j.<y..|.4.9.....'..... oDA..4e...a.`..a.l|..r.m.|b.EnC@..J..?N.7.t.NL...UV...{.y..i.Iseg....&}.W.'x...(pF.P)6.If3.~z.Z..:.m.u....Q...M.._..t...U....+..HY.fi\E.'.'n.>-.B:.d.?...-....S....q.=.....4....Hu*..Ds..|[5......)C....n....%cy..&e.9p....w..R..~..Ic...*...d...|..$*.l.0gv32..>...q.zX..8.Yc..b.[5.q0....!Bp"D...h.X[......yK.....~.h..}Tja....!f..T.'...*....$..3.......1...4..w:..w..xEJ.r'..P=~<....Lc..S.{...*.S1f.{....\.!....L..I.......'*.N.......2M.g..>....7.z.[.5E..C...h..DJ.......2B.|kbu..J.7.5+q..'..S...`.yT.9.....+x.W......dpO.Y....J.1...h.<...D..+j..i....B..i..._a.<..0...........e9.4..B6...._.R.U.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120644v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8B03ADF8D6F369895912E34F8A9CFBE3
          SHA1:D2F5CD3096437B54F0B23AB5A9E5EF44B8E43CD5
          SHA-256:A5C1BECF4F855E78CC70082155C0B513406F334A67884A1B20925274C17F5867
          SHA-512:00C239A9F5E555737D3EB8EB9D2120B49F94709228BBB4D8F6FA19CD0EBE1DE015E769AD266375B989AD697D0DB35448C3E449F7B9A74D7DEFEAF31E47E870AC
          Malicious:false
          Reputation:unknown
          Preview:<?xml...n.JaL...lnB.......6?"..4.'...QA.-y8Y!.[..y..X.L2.G.........fk6...?g^.....n..pi.C...N^.@S>..&<.E..#....H.%E.{5.,..79...O.....k..........*.U..!.>K....U$.~V....Q..x.J).jy/NA...7M..\M....n.}.........s.RD.g.....Y..2V..L.5.<.=f}.4.PF....n..m!.:^...j..J.*F,.....W..H.k.F...).-".......x9@..C#k..R.1a.l..5[gl.#v.hE..2B.....#N#..%.l.:..4il.w.hX....H...J..7Oz>7B...IL. .#G.=.).zW..*...!.&."..6..22..._{..|=.R...2*a.Oz.....X`2...gl......4g.lX...Q)...........#p,.~.U....>b..D[^'...P..L...*...1...(.a.@.T..%..Fm......f..3..^...([5..%.._=.!........;..M.1...%5.f....:.u..@......"...L$...{.....2...3%.J.*&f>.z.....\a`.-an...1..9[t.\..H-..]R..vf.m.8.......{')^O.I]..g..?....]...m.:..d..$...-.\.J.q...E..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120645v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E52EFC2CE2FA042D37C1698F11CE3F98
          SHA1:BBE4BC1D3DE918EB91DDAE8DEFDBD324E3ECB6A3
          SHA-256:80ECC2D34D1780D4793DD4BF69BB73F739374B4D6F38D253FD8AFE0CB9464A5F
          SHA-512:3C9E36371B9717A369134D28CE9D0C63B35356923C644E75BD11903E666A8BD510B4FAFA30F7AB0B3503F63C4A6B6B8449B4A7373D6BD611E6B5DDCF24B34C71
          Malicious:false
          Reputation:unknown
          Preview:<?xml.d....m..y.....Po......(6#...>.b...> .<.}.^Z.a..|'..... l{..nB.pBR4.T..mU..w5^%X....D....p .....p."....~..dKn..h.j........2..4.l..g......Z.fRe...&......E..../...&>....`.t...;U..,.QM...s..{....!.g$...~1%Z]...A.v`.^4.H..Y.O".1....tr......J...u.@v&...IH...k....#m..../..]..R.a....fJ..o.#B.47.Mt..~K..J.g..]..-... .|.H...*.OYm....3......E[O.].t.++..H..b.........2M...>....N.T6....N..4..^..I#.C..*4..!:.....D....Lj.O....B#.3L_%...M....=...D..?Yz...#..Y0...*.JI...).C.,.u...-..(...../..XJ....;..rt .n$.T.5....8...iQ$|b..v..T6..bb..:.6...y.@......!.....{...(a%..\.T..=.....FH ..43-.}..>...>...U]..YE.5.NW...E.\.Q.o%.55:.~...%...1...<.....W.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120646v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:AA5DD8A70C3B90AF572F5CDE84C6E278
          SHA1:4ED8D356B7C494831F81B6B9B94E868E05A75BD3
          SHA-256:4EE8143F232991CEBD59DC42189875D4A26BCA6C9CE0EB80199925D4A73356A2
          SHA-512:44C62F47F44E5D34AAAF6FC5D34AA93CDC8FB9B5B3860C153E4485FABE366F7A7B44B13475479FDA03D7F4F28E9933AAE0D25D1F3AC50C92AB60D538AADF7EFD
          Malicious:false
          Reputation:unknown
          Preview:<?xml1..x2.,..(...S."w.}pR.\..Y-.q...4.%Y()..l..?.8.L.<g..~......cN..j..dk....TI,......r8.w....=qAsc.,}..4...O..h...<X....R_....x....E....,....]1..<.8.P..S..z...0.....x.^..]w.65....e.2F..e{.B..7.CYn.hA.._.lE..X|....f{.5sj.q.G'...N.lH.-M..K.#.g%.rL..t.....T........#..a$D..].)d.L}..p..v....Is[.\..K...k...".7.>..M......=.1P.Z..n..Y....i.f.H....H.Z...sjY.G.tp.1....~s.........=K>O....b.v..bid/..7....9L*2....H .p.....CU.....+$6B.".(6....._.^....>..b~..P.^.Y$........r./....W>\.7?.C....vSL.##.8...E..........{YV..w.....re.I...dNL.&....>.c2.......#|3c(.E.].t..:A..l~.~.'.C.0..a.._...@...gS.......?7.a$N.,M..i..k..f.,.R[N1......Oh.[..$..G+._.p.v...w..2ue..M..B:.]......ZH....6..|.Q.N....`F./6.n..7..*.?..h9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120647v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F13D7F46A4C1DFC5E9DCF8618477EFF8
          SHA1:4515ED4D0B70B5CCF2F36A0C3816E5F582E51AF2
          SHA-256:431B12DB19ABAB83CC73BE8031793469748E3ADB9C002642270BA206588F4A10
          SHA-512:DEAFDFB84BACF2C7B6CDDD022C89C9A8401A9D8640BD985E835C4EE905CF3D2CA77871A0364F619908869E3282AE96A1262147D67F637EA640132F023C43EFEC
          Malicious:false
          Reputation:unknown
          Preview:<?xml$.0%. ..{.T.*v...)....9.4). @a..w.................K.2....W.....P.w:.........{....S..S.J.)...|.{V ....aN..U..[..'.".X....!....,Q.P..v..a..>.1.*bZd%.G|:&..s.6.!;.|{.{c.S.a~.....E.iS....8+..xO..'.....u.a.. .m.?.(F.X..L,.<........Z.j..wy..)@....*..\....|.n./>...<M.......l.$..@.Tm....x.q.4.(J.....4?W....).n.[V;.vL....?|.*...wN...."...g...~.....R%.N.C.7...-{...4....{>....D..E....Ay..y.f.S$...m...e5.O.w....l..../.4...;......'..../J..S.a.}..srr....|.~.@W..*....+PE;~S...[8Z.=<^;...].u.8<e.....R..%\....z.....0..).........'.R....`W..hq..M....{.>k0Q..$8I.......Ki.b..C..sKv.....W&.3..j. U,.L......I....7.|..l..Z9...j....~.......u..T.[B.v..}...."..5..X-.7..3n.uRs..K.._......_9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120648v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8627DB8F36E761AFCB96A68E97B6A15A
          SHA1:B9BE7FC87C7A11BAE27BEB1A23D43591BD13A5D4
          SHA-256:A7502CE7173D85789898C9E8583AFA03E8B47DC8504AC97D88E0E595BE7000F6
          SHA-512:C718B9448F549F9A8F64CC64FB0A526EE7E6611042C89F5F64F125F2ABF456008892A36D3A63B0D741A82F2A4908E66A00D696F1C915ED4FC562FAD84E3F67ED
          Malicious:false
          Reputation:unknown
          Preview:<?xml..`......*'q....%.....:w.....F.;.4P.v`.<.......p=k7.....q.O.......S.#.~@..v.*.-.]..h ..SFyu.l5....g.\.`......[.$g..%..?.6..8.X."W...Y.Z..P.....Yl.gw..9f....T......60.?Co..mtOO..(..{.u..u-..!...-.\...zeG.uh ..S..@/X^T...5}..z^A=ha.2.Q.D:..h@.'{..(.k.]7.==.~.j.f...L....!*.6....Ie."..w.}..W.z..or...(.0b...C...f.v.u.O...6.2.&.$.dGZ...mAKY-..zs.............3....~.k...Q>......E*......H....y..^\.f..x..@:......O.l =.F....j.(. .........X...%....B[p....h.U.I..../.R%...P....V.T-....2..)..u.......-......EX.C....Y...5......\..*.W59.f...s......r.........`Wz..j..3....h.,..u.k...7j..F.Vn...J.f.....W.]eo..KF+.y._...7...P.RfAbi......@..W.-...8[.0$......ay.c.T...+0..<..Z..)]..W.Te.....Q.^ua.^.L.....&R]!....1|.x..1\`.F.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120649v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0594E90BF5EA5A46D8D200C432B18227
          SHA1:87A8424104D9AC9092A05597CE713C6E9F9F3B72
          SHA-256:5AF8A3826702A853ECE863D879406F88700268128BDFC791676DD72940A85BBA
          SHA-512:96C1C4B32798902DE125D88F40D3F6FC6E7FF3A81BB81BD6FDE202F31D81842948B67152FB5FB33D02FADC67B2AB8FD71299A747A0DF57182716B32EC4A6C15F
          Malicious:false
          Reputation:unknown
          Preview:<?xml..Zf).7..J@ ..'..s.....F.1.....3..!|...,.........r5...8.S.#/.c..B.].8G....a.'P.6waQ..7`....D..F.Ok..".. .h..Y...p..s.5......y.".6..2...).0L......u;..I-...../.=.'.).o{..Xi..i..V%.`.p.CUBD.#7.......T.v'M..iHd.=./..;ZyM..b.@..$.=......`.Y....V.......M..R@.V..<..Z...IT.1.....f[.n.U..[...lOE$.."h......;cX00....!&.%.Jn.o.nO..$;:m.NFj...L....cT/...=.`U.tU.......9V&e..}9ja...u...#~..H]...@...q.?.U........,.h....u..j......{... ."..O......Ah..!It\..N.S....}^...{>J..S..Z..l.$.b.z(...(...$W.*!f.........>..?..n.+...G.U..J.'...{.k,4.".Zo&..dd.Ul.7.."$..R...H.lBk...-..]...2.4..... .,.....k..;..?.A.RA..T..4..~........M..^......b.9c...]IUr...U9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120650v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6501FEAFC1B20F2AB630AF3556FEE8AB
          SHA1:989C7E1F61AF9A9A6F953770A195E54F59560F99
          SHA-256:B8387CAECF76CA7C429660CE72FC4B5F0437BF2ACF6053CAD7E6428CF8FCEEA9
          SHA-512:2F3BD718A6965A0D757070AADEE4275177988972E8F480258E6EEDFC5678F0DD41FE5F0C17319055BB272DAE8AAA8811A19568E987F2AA1E595EE348ED5C6305
          Malicious:false
          Reputation:unknown
          Preview:<?xml...m.'.Y?.2.S...>..Q..7..eeT..;.K.|......%a1e.Z.0P&Sf.E..."H3h.. j..h.I.-1..gM(...r.rd.0.....=.....k^9..=..EUnw......i.........+...'W..J2\..>...R .e.....K.....h...&a.th..W.....t._..[..".%k..E$....j.9gUI....o..T...z$.Ks..B.{.G.?A.....\..e...y;........:.j..Q..<1....%.2......0.j8|a..rFnS7.K!..w.b.d....:....t?1...../Y.~D..f...pfO......."..f`N....i..........M.v8....vp?.N.T..$.N.:...K.e|;6.Gp.....'[.Z/$...)...>..c.T..p...a..I,.].r"..V..K.c....0K...i......h1...V,J\..M.o*.\.D.."..I...y`.&+...^.......kq.}VrX{f......)..y...5......>.{.|......-...S.s.u.2f5~...".3C.M.._...k....`.W}t.....>.L+.U.N......../y\.;.:..~.x.I..%.K..{..q+...g.,.L.{....o?.. I..N..k.....Ry....;P{.?5........L.).!....'.B...,9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120651v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CF6A07805B599496BF5321DF2102843D
          SHA1:887DDB54ED9D3FF4991BD8D54284C8AA70B8B645
          SHA-256:43B12F7320CFF58A29D312CF5A10AB57157E30371472B07B3B0A198C94250F8D
          SHA-512:C0F9E3290AAB949B3CF1FFAC476D4135484E598FF9EBC3B5744DD71084282C3E59157C9B2F059881D36578EBC414F11A0633EBCDCE7046E0811137BCF3556379
          Malicious:false
          Reputation:unknown
          Preview:<?xmlgY.B$...D..oX........A....U.......&TG.....i.sX;...>(_....Z/.U.O=&...r.....V.....7........|4..*b..*.~$~ .4.....,.B...ss[.?&.......L...._.i0.b..[*.......Z2$)...-v...X.,.v.._.y.8.^....2..`.Et....!C.7g../%.}(p).....P2....pk.&...km.FO..4.'2.V[....m&..&.N8L...O\fdM....A.Yf.b..~.t].....e.......L1...;...t..k_.../.|e..2>.P...o.[Y}[...iV.....Kw"lN...Ud.....V.(g.>M.W-...J..tj[a.N.6.{.,.#~..5.W.....&dO..K?.Uk..]..'e...:........}#.'_o...}.....gC.].9.8..W...?.K....3...g.9..0CvA Ps.7...K.8.y.........2(. /.V[d..u.~1.....m....D.........E.Q8!....~._..0.+.8._...,.*.....T........\..{t.oj .&..CBD..b.ts...Y.../.%...}Z<..#.......6....!..|..n..K9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120652v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CC2CDF313CFACF48207546FF62953B49
          SHA1:4BBAA2AB9090DD95E4D9FBDCAB8D0819A676BEFD
          SHA-256:7F54563C52A9A2C6D6D9CB7B7BACCF81AE2A2726E99334391323A886FE3C8AFC
          SHA-512:67F9042A8F0242043F04D84FF1E8661E3408C88FDD9B925E27CE75811F72F2BAD8F66BFAF9B580FCAB73831951DD2E46B11B6E96F2CF153C183429AD5ED7DEB9
          Malicious:false
          Reputation:unknown
          Preview:<?xml.}.fo..G...2..*..+.......i...>+-.<G5..LE._|..H......-.5O.....yhT.y..r...g.P.......k.......Dh.......B....*..Dp.6E..9<....|B.D....V.5.....)Q.t.{.<..1.......pt.`.v...e....9qvV..f...M!.i.....V.....AR8.#?.,.o..i>.J.-....-.?..q^..,..J........vI9{T..}).......j1.L.k....@r@....._..w..!t"..TE,$K...$...}...@tK_.,H.....A..._.....<....VD6..a..I.|..n..=*..x.Y...J........`.<.0d..3.p.Y.o.EGW4~.[.La:..@...oZCv9J.{.. ........8.....w.IQ.Hfw..J[.L.........r....G.L'q/.6.h.5..a..]..~.Ngn1DM..G.{.{4.W.(.f...C.......V..z...b....p.2..?...oN....m`..k....H.......W....W#4.H-v.|... ."....E.WIs8*Z..cBW.BpPg.[.]....>....U..+`'....H.ShI.....Y.7..J_k.T..<.?II....r}.....<..._j.....!..l...`.a.;.Q..fF...T.C.u.X...2..j.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120653v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:58D1FD8211ED23DE8C552E059AD74E5C
          SHA1:4F051ED0B030B95E52CC50744016BCE7F7036909
          SHA-256:3D6C483BCC0D6324566A38BFF773D920504139558DA3EC01016E59C9E10C63DD
          SHA-512:53B6D795CE676EEB088AF54980720DCB1597EB9172D25691F3ED719D8CB57D7E442A9A933431A1A898B810BF8B8CED942B400A702B493034BBF74496E88A3365
          Malicious:false
          Reputation:unknown
          Preview:<?xml%6`...x.%....V.k.)....Mc|..._4z.B.d&.Y.W.o..n......D..D.Zo..%.T..J[.^.d.P..j..dM..q.....v.v...T.E../..\x."... .!....Z..^...S..I....5-...o......p4....@"c....H.q..}.j...J.8...c...6..4j..6.y..>..s.....v.v......k..TE.......R....t..B.'.u.G.:HXzNQ....".\.&o....*.}7:..I.........N..d.t..........:..Ia...0_.)>.J.....s4.Mi.....W.-.$#c..J..{u.'....Y.j....P..Y'VDu..M...6......{?.Xl...Z..l.$..Mw..]. ...a.vkm...Q..p.W.......%e.Ik..#C...WI...u.3.1...S...{..j.|`+.&.....2/..Ok4.w.....e.&P..;.=.b.;.N.....-c.......[..3<...*l..P..k.........?[...?...I.ve...x..K...n..._.f6T..\+Q_C.dH...a...di.P...o.G....4~......z.......3..f.au |.B..[...._.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120654v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FA723D22036D80DAE965A6631209837A
          SHA1:74424B52AD39A0B9B05A2B694295F4F48E618FA5
          SHA-256:845D14678BF9974F58DEB81CED8B5759D0F15933E305C93438FC824A5AF5F39D
          SHA-512:B6CAF1DE99909536ECDC4430E0CD4EEA0F190AD193EEC9F511282A5FD13E1B695EAB7E9AD87AF5A76761198AD994DCFB465C66F9CFD77963421F450DB0A4D09A
          Malicious:false
          Reputation:unknown
          Preview:<?xml.N.k....<...W.h#.e...?FI..{B2....X...{...z.~.`.^.......Rv.....s..T...C!....t...?.0'..z.......XqW....../.H=.!.s*:G.."..e.,+.$....x.3......TgS.q..b.....0eI\.S....=....%..F0......y.d^....M..x&9..'U...d..!kq2Dn..)..RX....W).*...1.3..'.u.".z.5.....;.C..@..M...kUzL.Z...v...ki1.V.M...5.r.......<....@....Zp.6....,.H..!.{.B.O:y6.(r..K.\.Nf!J....M."hG..j...}.;.;2OSh.<..tN..n...H...........n..F@L.!........n.;.......-.<B...>..V.jA,.h..l4..A...;..O.?..7.T..rd..Ge.`6.. .....k../6H.:T.WE..9.KQ.K.-C9.Hj.t..4.4...,.1..!.!`...o.A..gG.DqI..u...H>q....ux%v?W.....V..8m...S.$.S.#pGz..8...:+...XV.HA.%.P...........?.Xy...t..b..I..\.hUv..E..s...~p..+...?.3..u.|.?......8E..[.....1XL.q..........,.-..-...U.6..q.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120655v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:58AA4D0768F39D2DD7DC36063BC4191B
          SHA1:4661291B73E1D6F61513069882A1F3C7B4636E36
          SHA-256:309D69F3FC74AA2191209F5FB87991D4F97D32DB382E4FA032723420CE751119
          SHA-512:333CE9C6676DF9B626D25FD5A4DD25EDE52BF25C54A57411499A80B84E65525BB9ED222E7E591D76119CD3BF545752F4727730A4F135746F7194FA47F0EA09DB
          Malicious:false
          Reputation:unknown
          Preview:<?xmlq......SqOG......t0.\..d7...p.....a.`.zt.Q..z..........g...3..5.0z.Q]`W.@...u..B..... n....w.g.D./.~....cc!~.7`.n...p+....<.].a;.....&b.....A.%.y.,X.@...i.l...6.@..}_iB..~.3ME.K.V....`..L|./gsqP.)...H..4.r......2o.<[i#]X...HC......b...../a@.=...fM.T........u#......X).a..(.W..G..../.r......kf.QK..E..3...1... ...0.ANnV.}.....L.....rH$..=.l.A..Xl.i6.X....b..1.......2&B.ud."i......{.._.Z...T...)...(y|.....a;..}...Hh.M.......{.c..\.&%^%m..\..9.J{'g..>..;.6sy$...&..[..P.~.e.Zl........3.&f+...K....X........Q..b..K+..^.....3..../r..5Jqw.B..`.v@...nM.....k..'_..;.r...M.#.c.../.S...}.c.*.....Y....`.2J..M.5D.&........c.L.{.yt.....XJQS}p9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120656v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4CD40917CEAB78ABD33E97C0E007152E
          SHA1:A325A0AC337F8EDB7B4E2134662AD24C7636F20E
          SHA-256:03FAB516CEC8F465BD2C453D28D6EE49FE23B88B13D8386A7C8E7F89994FAE22
          SHA-512:9E2D2CDA6880B73543D2929DB70DC5D80ED7AE6EC5BC439DE2E2D333554D5C1ADD6FB44E3227E9680A8886B6EB4323C46728A079677943F92E34E7767AB6127C
          Malicious:false
          Reputation:unknown
          Preview:<?xmlu<...J.f..^.y..p..Pt..tK..1Jx@s..X.F.!h......8..b...]..v..I../.$.............5}..d'.../.:.aP3O...k.....,vx..?>*w.0..(.D7.vhq\q.[..4FO.z..j..J#..].AH...%....4<x...@Y.z..... +D...!"..q.==..I2.S=...+;.M...Y..N_U.......G...).... ..~uh.8..k.R..z.D...T.+.1.t......"....X/3.N..{SM.Z.....O.B...w.i.Z3.Gfo..1*".#...dE..?..}.&.w..%...Yb...p.\pR.B.[.WF...99..SUy.j.....@....G. a......T.z#L....-.c...............t<..v;.A!............&u.9?V...ty..6.z..v..1o.......pC.N.S.mWz....K..w.#l6.........A....|r..c.J]^=.\b..a...0a,E...#.Pp.......n.=..D.....kf......\.e#../.r......0G...B..H`.u.c..:.. .P...?2..7..Z(2d..Ts.i./o.."...T.f...\...*.$G..."....p.S..X.3.Z......}..A..."+.:.>a.....~...58..@0....3..._....6r9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120657v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:AF314D03B7E795A3F8237AB17C305193
          SHA1:86264C36F681C999C9B1887C1C4DAD4F76132623
          SHA-256:55F62F4230185A27977676977C5E7BC46EECA8B73EC3929A80CA6EE46978D5B8
          SHA-512:C5CAA762366F5349826338FED8C0FD391BF3614102CEFE4CFB6C1FC1F352B054D65F2F3A7250E06A2D5A47683F536E8D71F48C2861D4026F29CD5DD951B23A15
          Malicious:false
          Reputation:unknown
          Preview:<?xml.4.........0...................X........zT.|.u..P.f`.E.W....}.i1......g..$,.{)..V.~.].W....ls.........&..........!.b1%...?...x.*.. .m....~...........v."E..o.....~\.y*e.Gt....3.../lN.F.B....z..-..s..J..SC0.3R/..r.EJ.o.R; I.JE.pt.i..D....Su.....9O.b....^.7...\....O<O~.:7..>..7.veI...+cm.xV.....qJ.`.:....f..r$....u...K..fn`....9..x.#.h......_.r...]rg....-}doi.....w..'.7...K.Q..^o. W.9.....M.z....1.......*]..P......+J.t..X./..|...I+!d7......u....._I..kb..(I4....!:...'.T...{...7.j...sh.x.,......u.@.....+...9.,..0..h.).o.......d.u.._0.8......QPr.".h(..3.n..g....@...H.y.?}.y/...@:?Ij..n....g....N.D3.....L.q./>.U...Gx...,.Q.p.L.../W9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120658v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0EF39FFE7A6F88D4C3C73B6A2207AAEC
          SHA1:C18AF2B6725A577F3A2B0C84DB99DB7A015AC205
          SHA-256:0A0F983DC64AAA6677675D374A11DBB102A9D87EBAF3FC080BC4A3C9F9B0188F
          SHA-512:EE9BF4200E2F9CB86D45A05E23D8C631E60BAAEEC70C059F63B3DE5D7509B60274034A989F15D6A889DA313BB506423A2A45023EE933ABB23035EBF5BC025370
          Malicious:false
          Reputation:unknown
          Preview:<?xml..'.?....<.A......_....,.;.....D]I......;....].|.Kh.:.... zp\.v....;6..i..w...V.Nz..r..c...d@ ..]E.(K.).l.....F..J.^...1"$Q.u...d.N.....J.1hQ..."..`.......l....=vu.</A..1...G....V.ni.s.....LH}..<Y.vbsGU....\_..._.Z...$.Y1....p...dyF.....[...p..c.!.w..t.u.,.`..2...B.I...l...;.<..o.L....-+.VsBE.r...Gh....>xm7e....,.2........-=.E.......S.....wR8_N.....`..Aa...b...D&.}..b.....(6..... A..S...i...p...Is..Y..j.N....**K....A..w.......!:.........@...'e..k\.l....X.H...]X.m.A.!(..qlat.{....'.l`.....M...D,.L..y.<.....I#Y.'Z.s...8EH..z..Y.tz=...a}.}....):.....V..R.t)3.1[..F.....r.3.7.E..oq.9X..h]_.9..G0..{../.H.B...'..*...J.l.v|..7 ......<.i..'o.S.F...X..:.6Xa.a..ph.x..r.d.hB.;..Q.z.Z9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120659v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A1DBA5C961887DEDCDD6A56BE82E5387
          SHA1:C639194DC9EB0C0E7356D652147D53D39E71EAF4
          SHA-256:209C7F8BE3F61F64D342028D2DCE35EA63BE8DD38AC89CC1B12E7F53AC558883
          SHA-512:4738D14A37283298D08339CFC72867E1FE0DFC890526340CA84A35DF1707F96E7D0E51652CB49B546D2D593F8553572FD5D780093EE0DC7BD019703317D69A15
          Malicious:false
          Reputation:unknown
          Preview:<?xml..%F.z....r.......5H..83.....jNo.1.4/..Gu.5. LK.....>...y...=>F.).....w%]....yK9..PH!......P...G.m.o.)y....o}.bu..._U..........&]..~.Q..4.S.X.%.P&.`.....j.3....O..SR...f+$.o^...x.P....G..X..C..)9tQ..kW....K..<.%&R-d>.nx..Ut...%p...C.......S..{.sd.-.#`..e....#..............?.b.W'...@.Ln....\.......L./..>p......I..sQ......g.q..D.%....M.....h&B.Q.7P.ln.i...*l.].....M7?.F;....z.'...8..n.V!l.e5.`.[.f|..O..=....d..!W?4U*....:1+...uI...][.F4.(LH\..D..I..<......(R...t.....W..l..I...}..V..\(...s_0@..q....;.#w..{.',,.....~[...QvA9}..EY......4tM..I..,0.<......v...v...~....6._.U.M..j.V.Y&.L70Y....s(B.^.M;.#.w...D..$.'.....}...".|...\L...U.M..K.F....H......E.....MG#...xd1.G...3:.-,.P.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120660v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:53612141BFE0AEA4A364312D21F8B989
          SHA1:3E034CED4ED4C79D8EB3466E12288F10B87E6E37
          SHA-256:802FB1E83AA7B2CED726A79FE786E8BD5A84F764DEEC69A2E92C3F1210BE4AB5
          SHA-512:D49F20B794E5F29316C78DEF49E7605F2C3C1B7B2FC5245731381F3C116AFAB50385DABD76A903B98E90C9C2B3B9A0E4D9562AF51CA9FE90DA5A86EF396016E2
          Malicious:false
          Reputation:unknown
          Preview:<?xml\*."...0.\>.e.J..I.q\q..ne..]%... ...t.....3.....x..Kx......SL.h...K.o.....>.=..W.?....Qmi..@9.."....b...?...J..\.8\..'....Q...~(KL...a....T.'E..B.)o`i....&..f...)..M.d.._..K.MJ...E.{.P.....:.A....PAC.....C.O......i!....k..k..L.....?.'Dg.G%..;j.B...7Yd+.>.A...[.w.....-.-..H..x......u.....L.,...t_..G.[.0...k9..J[-.!.*...n...vj....... B)g0!=.{R...vl...".|& .9..>..\.W....(LT..4....!..5..1......MVa..Z..EU.\.......9:.}..X.V.3l..../....e..9..El.{q0.Y<Q7.+..4..0.Wt.@..!.G....Y....c.......Je;5.h:.O..'c...M.#$.` +...\...+.X.%.!.P\)KL|.$...A|..<Z..N....X....S.:.R...2.ddkHUw....l...|..4>$......@.fT.S&..Fp_.YOT.b.<..].3.JIt..e3.p!..t.b.Y:.s ...x.... }P..j..;.v....m..9n....3.%........)l..<U..=.%.d..U..f3...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120661v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E9AD98617B12A1646C5284D37FB4BFA4
          SHA1:D4A6DD9C62454831BDBA000C30C21C6346D27FD4
          SHA-256:C83B5D8E20C2F8584594121FC37EBD8836A747C42642BBB6C5AF60AC998AC07E
          SHA-512:9A4D5F3DD02E4256DE4D455870FD74465AAD4008843F1B41AF7D95C71CEF17A698BDFEEA8B7141B000382780C49A40EBCC5E2EA958FE4859987CDB751454D871
          Malicious:false
          Reputation:unknown
          Preview:<?xml..]oJB..f......OB{..n.r=r..n...Z..A....|..69....]Dc..i.5....+...8XI....2.~. .....}.=.4`.U.D.E.p.Cgy..Z...<lWT.m.s&D..d...k...Jz.x..>(.^c...GM...m=.V...5.(...#...#A~.^.G......Z.....B...p.....cFf....b..M.T.tAT.NKA..]s+..~.3...u.#.w..XL..0..29Ck.k.J........Jkw...x......5.es...k.1...2.s.H..w..._........y.(p...d.'....k.P6...n..Bc...?n.tF..rK].J.- ...(s.f1.k...w..XN....h..~2..A&.r8.H.D.W...........pC.y...-:...(.n...9G......]...n...R..0....k...<..(p..."f...1.!..E......>_.*.[..g"....6....@..b...{..........z'F....@._....y}....:.9`...I...O*M.Mg.........8..........=).j.$p..........N..`.v..:.......h.BfJ...G.i.j-_*.......{..u.?K9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120662v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:568AA17EAAFAFEF7A54975EF45D1785C
          SHA1:E7E4E7B40D0545D54398040F920AB41B74092789
          SHA-256:49D9E8C83128FC8CC51E2F3685CD872E8CACA83031D35C9B543985529FB59A23
          SHA-512:86A1FBBDD39EF05618553731FFBE2239FDA0DD3164428C1519DD3C266102F5F8016CEB60A15623CEFEDB2C18F52729CB5FD3D589A66F552A8247276ED0BC3D02
          Malicious:false
          Reputation:unknown
          Preview:<?xml.W..l............8dK...5......E.SA..O......Z;..!..1.{m..+......Y...Mu>z.=...+.....w.^.".Xa...8..k.....7....)..B.....]...&7..s..,.]~U.Gb..y>...[.o..N.Md..:Y....!..jnG..+...@..........A.8.].#'V...p..z..=?.D.%......ZN.MQ............w..j....Be....;y.8a.J.2T.S1L...b.Ns.c...}.."....]..J.7..g(.o$._.g.........C..l.{.h../-.V..YajRw..*.f..%......k..^./.......V...Q.A@.. .......=3>PX..R...:........9{_.l-.Y.lK...2..D.I..g..3}cokl-....@..f..j...O.(v<br..S....%a0...`.n......B........)....q...5.^..\f..?.LF.=...t..2....$...FgT.vow.Ap .t.&Q.G...U..9.....|&.A>y..t.%..vo?..>=..B .%N._.}..Mr..?.888'..@.7.W........l8.-..8Z....2./.0..s.;U.....)..2.,..<.$..W..y...i._L.....3V.....u.....'+5|>1Z.t...k6P9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120663v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A21F206586A9F45BE27CD458783AC29B
          SHA1:FEDD7A0491D2A2D8F21D2486D15178FF68ECCB23
          SHA-256:6601711C97B4F91D045F133309CAFBA17DEF18F41043BD1E91229D8D04DDE042
          SHA-512:4EDD1FC3120641BA7EFA9431AFBD318FF0730A74BCC24F3D56B7C21415C1E3A7166EB04EB6DD2C925F1107880A9B3DCDC1EBB0B1BEE39FBF311F59EB8B3D23E6
          Malicious:false
          Reputation:unknown
          Preview:<?xml....@.A...x4......U..E.._...)..EfH.?!..^.. .L.r.....'..F..2.#s...1..@lik....#d.:x.....(2.h...........x...^....0.S<..;...b....D?k.Yp.W...?.....Ya....'...t..3."s.....'...'.A...a....u*..}...R.4#.(".\J..U.uV.......vs..N. 5.[..T.....8Ls.m..3.. .U....D..b...x.9..,...+..I...,A...6B-Pl. .G...C...\.r.t.....=..Kj..X...=...H.nr...-.J..d......XtC)..!......y...csi..I.f....T.n.Y.....(..t.2ITF~....h].q....X.......'.W.fo-.s1.'`E.*^.......(...p...:..%._..t....F~.....$.....g..As4%......Ib../z.g.F.h..'c.Qx6.y..S.......`B........gh...D...5.P"......A....o..FC..d).....K.w..w).w....Aj';A)^.c,D.>...."H.8G....2...r.3...*..$.....<B.V.a.3.@..&Ur.4P.=5...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120664v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:03A7DE101B6B22FBC8EFB5FF4174F52B
          SHA1:D31E5E3BEDA344AA3CF659F66D3F9FF19B90EB9A
          SHA-256:CDD83F1DB74C58BDFBD73E17D3FCED6911C886E368DF745EF8F3CED8832496B5
          SHA-512:6F1FBDB29CDAA5A36306E510F682045A265AB7D59B8EF2AC04FAD7880687DF633ED4D8B41D7C32408E23AEC38C0918E90E5C018BBB9C3BCFECC34C38BB20636E
          Malicious:false
          Reputation:unknown
          Preview:<?xml..`-D...f..K-...@`..).).....&.....=i.......K.^.G.V.......e...[|.c.N.a..08.|....8|.K.N.I....N.m....d...~.2......G..c.d.jG.W$.bN.u..@.I.Z......".q../.....X.....F...i............A.|!O`_..N...u....,.m>..~...y...!.U...I..L....R&..A...;..I<...tL.bRE.E....zY.D.../oY.......s....f.... .,1=..p.1A7.7~.FQ.f>.3.z4.......S....;.......7;.t...bz.....^wHj%F.y..[.C.E*...w.2.....L,B.......4.>..K.#l..{./..H..3........ ....*.m.S......5.).t...........p.5....wc.S..M+_..g..f..e.L....$.D!..d.\..J...P.....D...U.[.?.UK.`..C].....I.{....E.n...<.u..w..($&5.*.g!=.2..Qg......\s..U..............$..5.a........g3..'Z.,..~}@.kA....R...0....8.MvXLs.UCq.;9.My.{..A.I&a".{..$.......4...3U.......E..W.R.._.E..xA..H.E.e ....T{...uD.{..P..WY+..;..W.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120665v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C9B59BA6307A79BD39467447DD289C89
          SHA1:94F8161AB9713F1B98744DA3AD67165796546963
          SHA-256:F6EF6C2C30E48CFDD2FD071A199BD15FFC509950916129006F227EF6A49AD9E7
          SHA-512:0E471C4F7FC298CDD37CC5A9615395E7E0233592381FC396DE090DD2554B8F8E6EC24E86D00D02A9A86F95DBFBC7621E9F6E37DC6A388EC064F353B07851EB4D
          Malicious:false
          Reputation:unknown
          Preview:<?xml.u,..^f....y/ZUD.;.........~.QZQp.c^%m ...r..........n.<R8.o0.....K.3........... B`W.OU.....].X.8w..Z|).m.......q...p.AiD..}....w...q.0.!...Lv.NV.....A..U .(....... .w..2.......S._*.T.F.`..YF..$..G...z../..V<\...&..N....F..[..k./z..<...L..N.E.$.61._[..B.A.(.?my..[.G.......#`%6....'T8....O./...a_..Y..E6.,Q..E.Gl.W..:4.{..*.2h.]1..^+..y.].^.O.......P.....jrD.c.n...yx....^..k.%..i.%.G...g..9.l(8....63qy.\.:..#"....f.9..tC.n..Y.....dw....w.~:.>....^r.Y....V....e......S&..t.jV.~.P....2...|.N.t.H.$,."N.i..........Q$..i -d...2..o".h...J.w;'..`.g...D,w8..-U[....N.k.....c.bKC.G2.H.."f.....o......)......T..P.l..V..W.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120666v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:110C17B6CF2203ACB5E942F5A22CDFD8
          SHA1:880FC1A9002DFA43B2BACBE9FBF52F54A64A45A2
          SHA-256:007D3606EE1D6B98604728ACA0E0F9C31B702FB3FA688C904A1D420FCB3A8BBA
          SHA-512:B69EACA43A88EAE9220E7A4DBF93A55BAAADD036BDA1DA0847375E9227875F8D6C75CB8B7A278B8B040873126455013515F24464499E51C115DA4A82BFF9E83B
          Malicious:false
          Reputation:unknown
          Preview:<?xml...p..9.Q....Z?15@....8.....vD.u.....#dA.:..A.....{4....fA....!.....TV.....x-.c). .27.i....-...k..z../sg...c...;j.P...5...^M...Oq.R.-G..R.N-R..h....<1.]IE9E..(.x.......^.b .j~M.$LF.....t..&Q{%Id....ET.v...._nO`a....X0../.z...c.'VzT4....~.......;7K.....z?K_0.N..w........s.n...:O..<.6........tz..Kx.....Pc;.).dwT.]..z5\...$.ce..s..[..+.y..........V....x..x.[....%2...X.Aq...._h.6.......]..u.'?......8...}S..c....?..9.X..E..v....'..[@^.........:Cu.0w....,...4.V.V.O.j#.o....JXF7.;F<...s..XV..2......M.Z3k.....X...Cb...>.......M.../.bv....x.<J.2!.B.@.l....N+o.y;..]...w&.iKzB.T...'.%.\^...MB.....tN.R.. ....II.,{.....5..$........!xG..JEk.....4......y....i/........t..j.T.?.e%.gH..u.Xq...'.A.b.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120667v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:57847723F66571F8EC0865675C91DBCD
          SHA1:49E7A58E31FCA182113792C62F09D5240B436797
          SHA-256:CDCCCD1EEF61F409D3E4974AF7B2C52BCBEF175A8A2DDC1D560F9894676EBC1D
          SHA-512:590178DD8C5F368F856B33AAF3AE260E99829828AAF22B1DB6A537E7A0AB4F0CB5FC75E32FC11E560FB247EAB552BC85219400C8DDF742BDDDD42103A5EAF728
          Malicious:false
          Reputation:unknown
          Preview:<?xml.).q`..(...c.~P;.....wv..k........M....*.y.gT...V..$c.p...-FM-].....kJo._K5.$.[.....V.hP.....F.t.L.....GC..E=..O ...8;..V.....*.w..J.#.a....yC.O[...;.O.@.sC.....d....`...)...H....[4....Y.aP.nK=....&=..:.....a.5..K....+.V.....@...7../.:..w.}.A.....=..@....f.....R.~......L....0.r.V......N....W.P/...;><.o}.&......h.k>...._...ni.lD.R=LZO{5.B..5xEx..v...8...].%../.+s-..N...?......o.TX1...w8nr....=...s^.....za.@QP.$z..^...TP.$..M.Y.7...U....t&../.e~..%.r....u;.e..J-F.\i(..R...z.y).C..3...K.,....{+!%.ta.u|...E!..7./'E.gM....E.-...c.}....cfK.'...l.....V4EF<.#'B.i..&./..b..-R.e)/. .....A.=...I....pA....bm.S.\.9..B.....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120668v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:955511E8FD4F6849E8C43D035547E1F2
          SHA1:2CECD8D17C440D440EC02CA2B6FAB9374BBDB2BD
          SHA-256:6230BCE33A7085C037D41CBB986283C58AE2E38FED8788A0BF5DE719E2FD5233
          SHA-512:129859E095D7079FA9576F4FA40DA875B367554578CA8695819A2442ACFA2F96E5A0AD4C2D3314BDD37FBAE84CAEADE656D8AD722D8121308F66B6AC17FDE4BB
          Malicious:false
          Reputation:unknown
          Preview:<?xmlZ..6......}.ec..W1.|\.....r.Q.3..E.,..=...&..V=U.*;..JJ_..M.;.."36.J.Ka3W...9r...c.q:m..3.$.J.)+.m...<.|6...aV..Z...V....)R...G.i.....{..jDr.x.....X._..+....I.e%0(.@_VH.B..<....L.K........U...q.....7|..8p.N.......a..O...|.>..). j...-3v..Z$...!....S.y4z..a...b...A[... ..S..E.Vb`m..cwc.....DBA..(.*&..q....ZX~...;E..y.-^v).pn6{.#.ZQ.0iS..l+3Z.[...[I.@KFu"mQ|.Cz..6.a...,..j....g...E.D6...R.'.A.....S'L.@.>.L..c);+..i`_[.'Wq".$........bE..U@....6..o..q..0....j...<;m.....w......z..&../.[*a.....k...+!..,....N.3....f.....-.xj..h.|..G.3 R...~tD&...')....h,!..........*_U.`Fr%.j..5..A./.....d.y.\XZ*0....=7J.........@y..@.=.I.....6C.b..! ..Uy..n.C.QB..8%w.Cz.....4.w.Wz.?.....P..9...3.499pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120669v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5633531CBDEAF2A13643ED383C7B8A1A
          SHA1:EF409607A64528DF6864BE28FFAEB3D32556EF85
          SHA-256:0D4B5F41753D662D1920BAC2EA01BA5B6598450BF1B37D7EAFDB7BD6A72D833B
          SHA-512:BF0E83BFBAE5AEBB0B682744983F28A1E9CEC8EB1905C9F81821BBB27D854589D55DC32C7E55C13F119E4445F48E9ACE60126B201BA1FA9FC0746EE05D587C51
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....E..5.`..:....<:;%........F..4upN.Y{``.Qt......).h../.!.L..g....X.._....3rD.WM>..\|.>...Fi.;.BF!...V.,Zq+...`....?........i....L.dD"0..:..L.....41n,.x.....\vj...m!..^..t.~mc..n....SU)+.+...F....(.u@[>(...1.....zP*...4`..v..?.gR8g.kw."iy.......n~..].P;....!..xB..!..K....Of^D._LkQ`..py=.R.....{?%.JB/y.c2%.k..(.O.....x._....;}...&.....zM..K......UQz.3.O3..#Y..K.j....LUL1..Cf.c..F.}z2..y.N..3D'..~6..:}$.....*.....Am~..u.B).Cu.6..8Y..'.;l...<<.D.uZ.....^..F.W.Nm.w..k..*;1.....|....WU.C.m....p.b..I....J.rP.....V...Yzv..L.....&.a.p....s....".~..7.f....]...F....G...E.m....@....x.%zB......In.".U.kt..g.@.0.d........2.x.G..C59pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120670v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DD41EE45107F85C59C5C67018F060D7E
          SHA1:1617925A71CBF2B4617E3F0B4DCB80051D43AF3E
          SHA-256:DF7D8FCCF79CAFD9F6C29ECE19FB8D21276B845E9F315A29A02EDA1E2E4BEEAC
          SHA-512:B9C34F90AF812D7C335A5351A00F247080BBEB84E28294EDDE825C05493045D60A366F42923F6CD3974F7A58421F93D245D986D9E2F035CAECD292A37837BFC3
          Malicious:false
          Reputation:unknown
          Preview:<?xml....X|.A.6/....6.W9..../n..{.....UL.S3KB...e....Q.......?...xc.:.....m.p..D.qK.N.+.H36....D}.g...#:..V..NBa.2-.J.{H....l..z.....#....~.^....%PM.6....j..Md.E!.M....]r..`.....iC.L\..O.4O...[n.u>c.w^.L....v.e..o.{...<.`G.Uu....$6.XP.....:.uM....?br./...t.bt.vn...y..v.Y."z.-..Q.r.....XH(.SP^....F..j.A@vc_#..w..Y...-..Yu..+6.n....B$...........HE#...L.!A4-....>/.......O3R.|J........J..@....[O..c....`O...[.....+.....6...".\o..w.C.n....Vq.].N...T..WA..0..3C..h.B.....AE..5.......>F...'.......l=fV..*.a..R.J>.t.>k..C..J...8..P...../.K.........wl.].9..'*...-...L....Li...T.L.....J.Z'Y.......hgL...."....Y.Im..EO.i.../5G..<8)a7k.)c...D..._....4..F..-B.L.Y.94.j-..5.-.....vKw..t...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120671v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D88AF97C319066C553A0251A4A76770B
          SHA1:CEA7F9B1DCF3C8639FEE21CA1AC7C3F7D8307E11
          SHA-256:15B7F1CD6804B93E90C8A428DDCE40FFA50F73766616F06F3727CA596909A599
          SHA-512:F23EF37D5CFB610E69CB725F9E5128A9D3B28D38B73EFE868E28C70974B331B631C13D7B4C7BCC62220F1FA18A11D9B988113932EEBEEFFBD5373896FC900572
          Malicious:false
          Reputation:unknown
          Preview:<?xml....)dK...>p..w.|.n"..."H.*.S......a.wM).7......7M...Qp....qP.;..?...j.;]..0....n...V...^x1....K...2.......S....[E..Fv....a..G2VK[$M.....4.:.aN{d.|czfm.(.dvk.......;.y.K.Fx...N..*C*ui.....4..=.l?.@..:.<Y..|.,....*7..;A........9.p..;-p"..9..|.....4.m.M...1...k.....*..}.?.a...j..r...8...MT.:..VZ....&...PE-;.{>...r.[.....{...........A......%.D../....:.s.f.d..A5...,..,...NU.A(R.T.............G............6..g.[~.".8.T..c9..S. dV.....3..,...Kb..-..tz6.2.q....2...?O...GTQ....@.c;.d.H.f.)F......k...>R.....k.....~...R.J.J.ik.).lIgI.\..1..NX..:.o[..|..(..^.W........W.kGk{;..s.,9...O..v..u\@Gk4.V.ap4.e.].P......I...&bN.<...&O..tD$G......=7......s=9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120672v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:42683B49C780009035E4F0E11C1DAF50
          SHA1:8ED8254B8FF0FEE8AB31E609E1C56F1BD0FA45CD
          SHA-256:7DD54CBED7DADC2A2D949B9E21167232FF19C7358B212803EE3C474C921527E0
          SHA-512:E3FE340D0F396EFC81D76E966CFBDCCA2D71F8DF161EE11DFE9001366C4D25EB6D6209E99CD3D31B56B0B3C6B9EAC2FB85B393167F0DF2A242279A21501563F1
          Malicious:false
          Reputation:unknown
          Preview:<?xml..+.S....P....[w=:...u.,ci.z..G-l.p...m....F.lJu._.^Z./.'.f....=.3`...y.KS...E.P...sf..r*.\.7U._..:.....T.h..S=, .?.v;...7.-....q*.)g.1.....yc..h.Q...R..$.H.."~.="4......j.../...K.. M$....g ....r=%.]..&(&.r..1.[.v)..]...%F.,........2.Gm.U.N<..q......O^%b....1c.Mo........m.1.I..(...4..#>...B.~R..T.....IB.?.h.*aCk.Su".a.<.H[...k....+....6.gK.W4a.....Y6.+?...|?...A..$.P.a..q.8.Yh(f..V..]0...C].1.....h....5P|iJs... .4.....T3C...,.).._j"......K..V.M...x...ln..T...#^.2.'...v.....!C.J..u..8T..t.:...^NE.,.c.!......nkOA..'h.....W.....*G".....w.?F..f.D.(x.....Z7~7.a#.w.B.,.i3F.:..8.G...w."1....&H..-.sU...-].m}.|.b..!..d.g..\..%...Ag.....v.da)..J..?..3...3k.?.X.v.f.Q5..W............/........9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120673v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F6CC127807B2B1A1CCA99B02785E7E08
          SHA1:D233948EEABFEFCEDDA10C0560B8871B55D139A4
          SHA-256:191FD3E7B4C71F50C98E81A67852C9787531B367C9EF07D5585434A29B900938
          SHA-512:4B79B8663413CEADC6C4C5DAFA09A628C3FBE7050DE3E0294687D3DB1665BC0B389B10511A35EEEB0E09B27CDA9529F3F271BC15A5435780B984BD762A64860D
          Malicious:false
          Reputation:unknown
          Preview:<?xml1...c...X5..{.....Hf._..&e.....{....\Z.....*;.Z...Zw.m..x.A.Z.}...6Z).n5...~.v..Bj...E.^...vRZ...Q>S.3H.Y...N...4.'_...%!..e ~K..:z...m)+..q.......$a.....)..so.]].9>b..+r.#[EH..n.@3.W.6x62..v.W'..xd@...l0.IT.w..liRl.W....F-.m...). .l..A.6.fAS..z..z..0..:....y...'........|..f./.p..T.*...Hn..O.L..EZYl....C.[...,..8Y..r.F..[.r....-.1,$$./Ji...o{Ng1...d..@..>..Z.=.#kw.e..0....."Lz$q.{..x..l.....0`.UP.0...wP.8..2.L...{&.C.....=\.d.w..D.jN.5!.l.G....M.+.N...r.f..w3..}p[..~.r....'..c._..r8'..T.C.].}.y.......5....q..a.......2.k....n.^......8H9....z.......(......wa....[E....{..:....y..^.(K_;]..N..}.(.U...5.#.......F.m...?q....MY..R..!...../....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120674v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DAC301A5A6A3B39A7ABBA8D3804BC52F
          SHA1:C4DE10B33C3C6B691587EB4CCD1FEE14B3B97A24
          SHA-256:FB8C4AB02D81421342F1E8F65E2A0B302223ED3275FF8D4FA197DA9E1F769EA0
          SHA-512:1B98CE30069895BDA1088F55E6AB45F02019C6254D55CCF150B712F4CBADAD77FA7D2522438216D63F1CFF74DEEAE21422BB1F71091BCE9681A43618747C2251
          Malicious:false
          Reputation:unknown
          Preview:<?xml..0p-.X...Rn8.w.......E...F@.soZ.pZ..e.....A*.....[.a....Y..=c......\.w._=._[..0gm:..m..Y2...E.b.\z-.r.{#!;.*.....%:%...G..](...j.]...N..b.}...F..kV.2.z].4K.D<..m....H.<.U2>.m6,...o.s...kiQe..S..u;.m..Iv..-.....h.q.X. ..nxA.8.>`P&i......u....?s!Z..t.4o./ J.Btfe$..^..G%.{..RX.'..G....../...0.=.&.}....gj.....t......#DJN...EmZ....x~..........+w4..$........z..X......l...5..`6P......s}3..+I.7.....F......)..G....e-...DF..Q:....j...D..i/.e.Y..Qs.-..9~...Dsz.U&<...S3..T.l.].0....3...8...?q..&?G.....}........^{K.U...D^H>.F..2.s0\...4n....%6.]a..C.Y.Je-...pz*...sR....F......SR.j...d.K?HT..kVm.1.Rx..(...at1.7~Uxo.Z>.Z.9 ?@..)?ps<,.s.W.W.sb.....A.....Jfl........\...J'..N...r...>..t_..1.....`./.Eb.F..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120675v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:494F47BD29FBA461CAD4CB75C9CEC8B6
          SHA1:315D617166D0F2FC88829563F78111A7055A913E
          SHA-256:F5AF44EB66279BE925CB5620392487B4574D2BF51569898AB7BEAAD66AAC6B50
          SHA-512:6EF54623AA8A11E26077AB70F7FDE5DD3F38A1E13D2B201379DD9B0851E49A174533976B77988B15DA831BBFAD03E57871309A75EDEF884A7478DEC58ED8427F
          Malicious:false
          Reputation:unknown
          Preview:<?xml..G..H.8=sGmx..9.. p.s..R........N.$...#.5...\....J~?2..m@C....'..++...Ct%..~..*<...P..na,..D.Z1...X.05w.&.{.@M...B.....e.yQN..(.\q..1K..0..c' ...N.Up.kd....h...,....FH.4-....9.. .|...Q........C...Q`@....4.r..Z.|..".....?..Q.Q..;h..~.h....m.S.]...'.T...WGU.../V."...<,[...4o...7bd..Q....59...u.......n....n0]c.....l..H..........nQ.U38.....A.AF..p.....;A."..U.>....g.;QZ*......no.;K1.1....}.a.<...o_..<..A...qb.#...CG.....:.}....<&...|...Z|.8$.I.......{wr..3C.x....<....O..'..Q..C......6..o%CD...@..!.8..Q...2.....yq...!.V.7.....-.q.p..o.t....NS.{.....0.?.axu=......T...S.NS.o.DP..z~...Y.D.q..+...:..Z.k2...[...$\..I..z.4..!$R_..7~.9...^....#b]9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120676v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4F44B518F9559FD0BAA5E4A5A740C20E
          SHA1:63CD8795C7A381B571D577053B34FC9004D984DA
          SHA-256:6ED171DA913A2364ADE63B18211C69C4EBEC73747364D0D4B65570F4D1E8A5A8
          SHA-512:91046B6CCAAE9E4407E4ABB1EC45370864B546DD738E4B3F7DDBB2882DF3C9AE419A4FE78062D977A412345BF3D2B8DB0F61201E74B01197E01128727FC1E5FB
          Malicious:false
          Reputation:unknown
          Preview:<?xmlzO..;..\......*.Lys....{)Y...s.vx....m.(../.........F.%..)C..3...l...jV.1.........J%...j..pcg+.R.........H.:.g+*..<...gg.4NRm...0TK.^'....<..]...b,|e.#4.u.\...9.....4.?....._X:...w.Rs..aO_2\.....iA"z......v.H0........Z}i...c.p?E.H..L..m.......s.....&.M...5j/............Me.a...._u...M........I..*.x.BV..y.=....|8d...Yc...:..H...>P.........8.Z}...<=9..w.\~...r:.[.... =g.h..../.x........0..n.;@...........`.bo..C..J8..T)&...f..0.R..-3.W;.<f..?2..6..M.m.6....].....0F.R...7...}T...S>.....`.....#..PN.....,..R....1.K.[(G............A.{.S=N..F]...]..t...\.{C5[.4.....Q.(2C=...mw-...b...Da..|...5.\K[+<....7....LG.,/.`....u.f.A.[..V:B....*.>.cq.4.._.&.J..T.^....\W.1../....$f.I...........(.......h.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120677v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3C492A008DEA92B57852CCDB84BD59D0
          SHA1:4A8D1D321C8319188C1F21710794E3C5A41D0653
          SHA-256:F5A31A8B77C5B318A0311C768F86CFF4B5B17EB60969083438052AC7D0B47968
          SHA-512:1670C965837891F3590CC03398F176B7CFFE78D1C3C7FD05CD09C6F0321292A5975DC031DE69DA8D234526B215EA57F17EC9E5341E41448E2FA06165779D2FBB
          Malicious:false
          Reputation:unknown
          Preview:<?xml..|.uW.WQ.........n..`=..`..w.)...(l.G=.tr..VJ..Gc%.o...~#5M,..,.m`w.x.>H...l.j.Y.....^[8.L..G....U..-.....yE..!.......fa..H\....4]..H-..(.e.@O.....u-M.b8G...L.D.l..*..i.....F'.e>.....z(..)...\.u...Vu.m.. .C...r.......D*g.Z`...p!R~.5....!i#.L..qEj*eC?.H....K\&U.n....+.`i*.......5.g.@7..{........Q.74:/..m...........gzc ...P.iU..,.i.1*...ys...._M!"..=..).G.o.."s-...u..#.>^j.a$..#&...!c.x.Z\.Uw.b.....v.,...u=]b...w....8.4.U...r...v..S3....&...O....[.....I>..!.M..j.J...._.H..F.].~L....\..}..<.\.../B.+.^,+..p.7....`.|..$...p.Gg>..4.......l....4?.....2x..H.L...}..I..k2:Y#.._d9c.h..V[..*......;..H*b.)......M.N...*..u...7..<9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120678v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4B5BD81F2E642E33C93A26F6C6FE56B7
          SHA1:CAFEAE3D8214168E9B0457F6134DEE8A51234B4D
          SHA-256:132789E4E3CD9717A5F2231D6B802167CBF6FD3A74968826B87E5BF13A86B499
          SHA-512:72078C0531F7265DB8AAD2D5EB5CAFD7494CFCA0FE59795336E93749E77E744BB6091056960C8F31D8A96081B3C6B0B5F3930F5B3073C48A6E497A36C5248DF7
          Malicious:false
          Reputation:unknown
          Preview:<?xml{......x&....e.ZP...._Vqk..b..+.B.F...Dn.f..E.....XJ......?....d"1){.T6B.z?.{....#...E..(".#xI.|G......w..O.+..}/..Bg..S..$k.O.A&.A.)......qf2...Z..cmt.l.........{....._.9n....\G...7...[.*.F.bA.m.....I`....V8}M.Z.a..wqb.TR_3z.i..OB]G. ...s..P..SA....k...j.4?.u..._V......1E.. ...I...7...zK.-R.G.....C.-/.a..x..o.*,J...B.\..T.p{.].5hb......bpl'.`./........|...{..)x.....u.w..g.._...lE.=D.YU.....R..D......Q....p..}`U..WmPpj....@E...6...G.....;bp.D....>.vm...%..v..O... ...~ts08.G.._...m...|.<BLz%...B....%..f..I......:v.....".A...2.v..i....,...8..l..F..&..`H.......a..H9.......w-.(.~..'.QJ...9......F-.R.`......Z........P....K......D...Y.sf2$...6h.O'."...{...1j..X......bAn....V..|....5.J.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule120679v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FDB9386959E08D6FCE8DEB7F95104874
          SHA1:1F1E7D597D1B9F96712E337CC289FB355B717568
          SHA-256:08C1D529F4DEAE1686372D01003E800D2C127D73290C1D1B43CF71D463C6D7E8
          SHA-512:C379E28B6F58BEEA198FB1FAD43B682C7D56BBEE10531476FD7273483A93BF18DFF8FA7A12A7D03CD8EBB5CDB69F198D79828CF4674F9D07E6ED14449876949A
          Malicious:false
          Reputation:unknown
          Preview:<?xml..Gn.2.E..].|..W4.!..Ev..f......R;t../";...8..<1^.jG..K...q*............ qGf..1.e.|.+M......_....^..w.t^....Y..}.C.z'J.X..*M.vd...8........x...o[...j.s#.g01.Q.zl.$:\!.:$.q.....k...!...].:.....7..9.f.)t....H..y. .4q.S...{.......f...;.c(.x.Vc...g.~..!n(SI.`;;6i.1....xY...t.t....h~..V...$=...1.?Hl..].+....;.....~m...Q.....@....N..!.@....NN.. .../.F...C....M.mJ..b9LJ.+Z}..".].5...0.rI1...~2?.~#..../..2T.. ;9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490003v7.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:50E0DEF6D5FF1D7DDB0A9ADA557E85E9
          SHA1:6EFA34A6B3C3F3B82D609BF139C22A24CF833A7C
          SHA-256:9903B3A218C1790760CB50D7905E32F7F3980048FF90E8A3DB9E8B75E5CEEC4C
          SHA-512:556F6F6920D89360D25CC3FCCCB6D38AD3C860B17B6EFC1C5CBAC01B8F1AFD2BE7C907B031B346C9B7D49F734861FD285EF0A7E6CD28CD6738C3B8AE8B42D45A
          Malicious:false
          Reputation:unknown
          Preview:<?xml......g...(+.d0..Q.^.q.~.....Q..o.>^.F...2.|..B..v.0_!...q.,HH.%...._ .;!....?;...y......j-..kz.V{..q..!..A..0yH..15.5..R......B......-I!....ME..z.s.ub....tId..b.@.N@w.........R......+%.......C.v..7x.m.s...`d.tr.1...e.7.5..VE.9...:...5...Es.|....@.(..to0.P.t_....~L.J.......9..`UY...?..qMi.=...s....b..{..#.!.AH@]q...a....4{.mQ..(.. ..{..dJ...(..w...j..Zqa....Zqw0f....B....D.....C..]}....<....rW..E..[.!A...Vy*av^EW....i..Mv..8.....+.!....6...<.-K]..3rJ...o@.!**?....m...+I].n.".x.f.8...L.'.C.o...c..y2....o...Aox...}..u#..}G..%..q..<...=...#sj......3o(.O.4;.ib5r..XR...8.xC*l../...-...y.9V7..y-..d&....).|...D.z..~......!.......,.%$..)..`.Nq..W.....b.o...n.1.>......Q.j;.Nh.".../..u.>W[.x......v...b..K.H!.h.T@f."..t.^k%S..P.1$.g...%.k....r'y.<..3..G.b..+...Y.h...\.B.y@CDW.n.....G*d]..b.A..C....0.*........x......PJ.\Y.|..>k\.....!'...|....i..J@..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490004v5.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:44ECD7C4B539CACB5C48FF5CB5282C6E
          SHA1:E5148F4EA98F44AE8AAD15E02E456C7921065186
          SHA-256:0B651EF8E9D66CDC16F7D2E13AB0F6B5B59AE581612F4C699D93D79FE096DE01
          SHA-512:049ACFC2BCE270D5AAA81BFB8F867606704D9F1A5CF7D5A453D43BA6AF299AAB0ED758DD517CBE595891D3CF233B3B792D9BF7AACB01CB7E64814789095F0147
          Malicious:false
          Reputation:unknown
          Preview:<?xml..dE..{....G.IP...&V....>.KK%.`..u......~.7e.v>...qI.s.h[....a0"..1.%.7q...X.......q...[....7z.g:...-T.A(H.Fe..CL..y.........g~5=...*3..x.Q{..n....i.......\.b.z.y..U...(..rwr........0!.....$..x...Pd.......}...h..3.{..Hl..|...z{.....Z.HD..E..Em.`..b..T.w.../..cc ..pK...........1Y8.s.g..TdD.X......*.l..*..P......,.:...<_.Z..}_M")...V....6...F..2.3..r.a...^..=.r.R.....lb...K.{Z.:5}6O..n..8...0....;X.H......_..XL.Z5...&dy.....f.{..|6..Y........y.......1....,.9.J...Y..i.(f...[..e.."?..?|.b....'....e..9%}1..`..%. IMo.M...>p.=p............j...[FP.n..E.D..E.........M[...iK.H....{..mQ.1[.;+.t......4V_...G..(..?.^.. .&a&...:34f.........%.:.3.<~.j.P&....']...,6.[......[E...y_e./h...<fD.....{...........po..]..$.......\>g.k..)IP.m..E."..%Ab[5-o.W.R..%...}y..h......8..w.........ua..+...b,_*...@4+A..r.v^.$h,..8......d.v\@..Zf..C'l.rmi...T.I..8.........>...#I..R..K.I......$.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490005v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C9C4E446B824D9549A5F0AA03D30AC07
          SHA1:05E6614A3B73716A6BAD70210D1DB3258E6318CE
          SHA-256:8E9DE138FAA50BFC2F9E84801EAD5B308B16A6E8E0E25982A4E912BFAABBDDEE
          SHA-512:DBA7104A468A70279917F07D72F4B67966DB09DDFAC447152CFA4437DC0A320BAE16D657E8FC2522DDC27B70F15AA252AF235C02809227F917EAA2E8F5B103A8
          Malicious:false
          Reputation:unknown
          Preview:<?xmlRFi.^...kc%w.\.j..j#L.C..b>. ....4R....."*Od;k.A-N?......:...X...~..X...Y....s .O5.#..u8'e.M..v.*.Z...y!..[.6.".f..e&...!....Q.A.9..',Pj......=c.`......R.D.;`m..96...7......#U&dR..a..V..ZE..W....F.|.YA 5....L.M*..G..$.....t...H...Snz...)}......^.?.V.B.....K...O5..ImF........B....>....luO}.I....p...4.gM,(T...a].4...K.?.bf.T..../0..Avb.....7..Wqf..+*...j..a.1..H..F.5..r\....".1....X....S..^..8.v4NvPnX..W-I.....5...A....:g.Y...K.(.=..P..x>..R.6..bt"P~........x.,v....R..f.....r-}T......pE.^.%...ECD..p..z.2^|6.hG.APF.X1.d..29].....f.yI..^.\?..6...}q...]_.aM.6.O.GMO.a...H........C...#9Y..r.....q:&....p.j.X.{.)..#.....8\..\7....n+.....)..C.Ut....#qx<....y....y....."5...._...."u......>..{......o..(.20.....Fu.......@ +[....[.b...........K..\.HV.~..xB........9..V..s..}..6.B.#..D.M......M%..]...p.'.Y,^?....._q..%..7.&...a..P....6.@^...Z?e?....c3....#E'...c>c.P4A....9Q..7.!m..f....In6..8T.2....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490009v5.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:54D03AD4413C162F0724A071182E1E31
          SHA1:86203B80BFFA10C0E3A3329628BBBCA0A4CB34C3
          SHA-256:003388DC17E8904C63BFE53464A8A5A574E7CDD890AC992FAC192919811C3902
          SHA-512:662B5BACB581A0F6C74C50A566DED4D60AC316391C4AAFCA89FB212CE2D6E8D04C7559F4856B5D40AA798C8EE3F0D7EAC5E89757CC0E2FDAEFDA4328F9521A57
          Malicious:false
          Reputation:unknown
          Preview:<?xml..9..:_...8...."K..3=.L....36....2.....6t..=...[.Mt....]...F...8.II0#M.}....4....7.e...Y0m.O/.N...."-.b......}O.{..9..M.'u..qK..K.2.yek./.......pdu(.......jg...h^\mET.....,....K.q.*Pd...@:4...y.n..w0X.WE.r...6.v`....1..O.lW..K..a..p....K.g..3.3...<...O....q..@<.....G..B..T.;.e.<I=Z....V"...Zq&..0.|..b.u8..N~..G.t......+..n...1.~..|F...W.....,.L....B....o\0....U....r<.o*.....`.@.nf.....B.%6T..|u].}t...R..7Z.-;.?.C..d....1.......j...a.8.C.....G...x........5.b.@.7/....n..G@. .HC}.......i...P....,o....<.l...........P..Kv...H...8..>..C........]...k..F.y!T...*VF.cy.HW....z..b..].gJ..%...z.8gs.V..D+T.S..G.KI.I..,*.`........s.u&.4...b..6\ ...<......h..H.'..=...G.</.B&....!.H...d?i.A..s..iM....0.%4..Q..*..2..D.N...8!..Q..,....~...A.....5^&.0<..r<?...A..>.R..-...-MF..gW.Q3..-8..vU........'A,x.....6....+...r.FP/k)..C.[..N]..C...".j-+e...rP...0..k.^^..P.q..~cR......{A.%..o#...c`.m:.P..Yr...1...|...(...\pF.....Q]..........&.#Jb=p.<...|....i;G..(.+.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490010v7.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4B0FC5472FFE9195A0689D4552913A30
          SHA1:27AC04317E706405EFC17469C2120501FFFB314C
          SHA-256:4C46C59B93CC2D189DEB744E4B790304651D0C0071BEA389912621B16F4DEE67
          SHA-512:2BF550D6BBB85DCFCB73A1C7BD073C34609D355CAA99E08FAC18FBB5FD3F5FFBDD886CF15A6D37AE00A2CECD91BEF2D3791CF61CA35ECAEEA68EFB12DF4AEBD4
          Malicious:false
          Reputation:unknown
          Preview:<?xml...uc.~4.|-M.q(.$..u....O..Hs'.uvT.....b.S......9.^.M..^..F9n.~.........X,\`..\M........^.st...'......I.1.......].[5........z.#g.X.q...*.nW......P.8.".,...|Bt._..f.a.N n}...e)......1.g..|.........j.2<ofB.<._..f.U. .E...Wt*..........h.BJ;t.."..!v...]..G!..*A.,.C..k.<_W{|A.;......pR[.....:......z-`...V.F..5........d.~..........d.v.R_.<..".......}...A...R\r...6.$..Ez.s...%..AoI.A..|oG....R.O.k...,+Y.k.._..%.0.n.Lb..`-p..c.....A.2.f._.....l..l..).{"..K.76.f..(}.r/LeEv..?...Tz&.I.U4..v8S.'.M..eu.aD......H.iJ3..P`.LB[....S.n(..+.o..&.f...L-.P...P....Kx.....Y...P...r......V.E...*...A..8....e.G.H....`..C..o'..%.\......FTR...g.qi...(w........rj.y.....sF.N....FZ.'.Gl).T...R.B...[...?\>.*.W^...:{..1`*.H.#..."..:5.....bm...j..I......g^...~..j..6q...e..]....0...@A.7A.x...<.g.Q.{.e].:...f...1T...u8..K....,A.&\....l.....V....sx/.].L..v=.....m:....kB...N.%~XEv..G...........G..T..2G.....}.jk.3"sq4..l.m.~....UW.(r...g.]..5]..1C..|n...E.>.l....<hM!

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490011v4.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D9A0049EC3848CF44EE02D5C6BCA2DDB
          SHA1:5185B383EE085ECBDF46D3CFDEA682DC6DAFE9B7
          SHA-256:6F8AD82848B7720805DE4D877A3532535E2704B47612686ED8C694BBA51498FA
          SHA-512:CF7DAF888F51C1CB7B8F197569DDB6A9B2894269719A061FAD4A56B10FDA9F3F89AFF7894D3EBA6C3AD975B5359C0F7EA9C2697AE9E42B16BD177F48349DA5A8
          Malicious:false
          Reputation:unknown
          Preview:<?xml...kPx. (.L.{+E...w.w.A#K|.|1a.2H1K..`;X.TZ/a.,....B...O.x].......n.'.v..|g.E.x....A2...td....K|..R/.c.lc..i|.^.......@........z...Pm.]K...l(.#0...G.:.S.+T.h,.4%b*x?.....:5)$..]6r.Ht.... ~..j..\..J...I&3f...C`...C....".@...~.B....Y&......n.w...:>.uY..x..C.!......3.z_...y.Z....!.....)..k......OC...... .E".8....j1....p,..5c...S-.xs<.......Ag-?f.D..z.$R.*.*.......{....D,..}.j..J....q...b........_r....-h.~.-../.4_.Q*...e)rV^.......z...J..u.._M.....O6..Vf.@VhQF.fux~..../y.M..t|| ....M.=..](>.w..Q.'..).K=........V`.E.$...V...7"4=jWVk.eIH.P].=..................Gz[....O.....lH=bJ..,."H/..k..Y...m..a..=.X#>..g..Y4'a6./`...........2}.....zH..@.......%.Fv.....^...jt.....GN;=..>..y.j..:x.t..v89.f.....9/.,..U.CL..{[M5^.rD6@.....`.s.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490014v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:94D7DC6392E5C4863DF829D9A973BF68
          SHA1:CC27761FBB92A8584F015E1F2B7921D7542C44AC
          SHA-256:68ED461D7AC71B2350BE8F8070CD570FBB326EDD6D7EB35BF23D1DDC77EF3A52
          SHA-512:1126CED5C81F9918BA25FBB78F57B28EA700D70C59A30BB758DF000F46D58B514895DF8B75A9A62B71CAF07590181C6B9788B347FDB5DAAF55EA16D73C788C1F
          Malicious:false
          Reputation:unknown
          Preview:<?xml=[\bFJz)p.,v ..X.C....H._`..O.i.0..HK.?.lo.m.......w..6.*.E.%.s.5...`*~.|0.0K.....h5VD._...#3.. ..q.Zb.G.#..3. ..QzA&..pJ.l..(`BJh...At.....[........./f{....7)v;|.v...q....N..J.IR\.W.u+|...0l.`Y*.C...O...`.m.y......].P.&ns8.sA..!.t...>....s...... V..W.8yR...jw.....G..Q...3...'.../.(N............P.{.l.r..Y..C.\$.g..]8...'.{.....#.u.:.2[ .h..@.U...c!..U.....@Q.X..50A.).<..L.....JS....-.........!y.*".1.. /.....,.Y.1..1...a..cc.oh?.> ..T..+..2#(,...."..%.>y._...>...5..s....zs....6..v.4.j...D.........S.P..k...>....RP.K.3&..2....e..H...N<..$EK...&..kQ.3U ...D#....3....m....s.Go}..w...5.......j.u.Y=......Z^F[....X.Lm.........o......KR.I.+.V...o.6.=5.H..o....`../.yk. .U.`.(..ToG.WGq..v..sv.*V:.!.CI....?..}.......u7x.X...E.k.I.o.E..0..P.8}q..v.e@..g..>'.M..h...7.P.+.k.i........p..*.x.rC.....=..y...{N.t.6...R..=b_._....r...|q........x..&..._Y6._..<.a._....$.(. [U.{V."[c._........Nx...... ..<..e.HT......N.P.Tr...V3<..$K..C.C'..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490015v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:91A4AE66CE3A93BBE8C5C9974DE2E05E
          SHA1:02AEA4879F9C1428DBDBBD59AC4B6D9CB817361A
          SHA-256:896601A84919263ABDCB331121BE3EB872A994FBE44CBA47A465962C2A669F82
          SHA-512:BB39F7BE886D85DE27CB7F91F7113D232EEA544A2AE02312F08639380E1D4C9EABE3E6B033690A0E6B6CE20779CCD31679547CE22E59C41CD15FC114FE66EBD5
          Malicious:false
          Reputation:unknown
          Preview:<?xml&9......|.sL.d%..I.D%..=...S...;.`Sk. .......HNJ.]L9.e..M..6...w.r......DS~@..........p...u.=....U..RH...l.#.=..?....Q.....xT.......Q.4.1..../1....c...4.>.,........X...U.B..sL.R.....ld......... .....-'.,..ux....L.b.]F.fr....K.B.....1.......D..1""....&.c.Qk.r."....n....=~nv........q........].?#.i......bf"`...@.L...#.$./..]o.D.1YR..}...N.[.On...KR..|.%S...}..z}m3v.B......k.fzJx.o|i..R..;u;..2..X9.....u..m.y.X..Lt....w.R...VS.<W...-@v6....c..(.k..`7...._...bH:\.q.tI...w..(.}K.L.w....O.H.2...U.FU.d..d.f..V.fI.a..........}..f........;Ge(..b..p.NE..6..F.........w.:......0Q...m.P;>..N.........4X..^H.:.....$J.{M......K9`......._8...#(}.^......JM.x.-i..-.@...>...4.S.@Y..m...z..$..v|Z..O..<....i....G.....u.2..N....L........4b.v.{1.{.....85.K...io.....2.W..E/...B.......|.F.l .T...<.:[......Z.b9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490015v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:704FBC7D98183E639DE8564403E801F8
          SHA1:9C6FE5DD75A89E98E36B94C5EBD50B21C33BC73E
          SHA-256:0B05CE8CE1D19EB311F710FE3B9004D53856A890D00D5AF13D5D28BDFC904DFE
          SHA-512:F5BF86ED0F406906DAD304C24D256E7C0F5E5AF07B0E47ADA648C3BE19A2F8C1BFF198A09215CE87D28240F662FFB549CF4F93EFAA9ECDF8A73C4F054F02F938
          Malicious:false
          Reputation:unknown
          Preview:<?xml.yGj..at.$~.IK.. n.V...z.><6<2.Xo.hB......./...PL.A{K.).T3...<.v..7..ah$...'.ln.C...u$......Y..3.Y...p.?..B..W......)....Fd..vxSC].'...G._..........{]MF.T...g....T.).{i..9..~H..](.^..u.R.+Z........S.#.x..........&.O.....$....].....bH8.@.......YA."yW.m...p.._..F....:\9k...w.V.....]' .#...Rz.SNo..M..J..g..@......A.J.0skl.......a...z|Mz.N...+r..\V..E.........8/._...V.Mm....7.*3.{z...=y.g...{...MJc...3v....E.#.]y..Z.Z.{=I.v_bnF.....U.......|.5Y7..f.#./.{.!.w...?.F..tq.....`C._..!5.~!.5..|...].e.2R...e...7...Q..*.....*.ip>..+,.Q.B.S.....)w.c...l.....0.[.[K<^..l.5...7O..'eu..d.....2F.^....03.N.^.`[."g?..g.X-.w.e_..t...M..dS. C_.....3.......)....`K.t ._h......=........."U.eT..WBl......<$..<.b.{.X..U...L.@D..Ny,..91....g..%*.J.2C..Qn..}.X.7..De'Q.s,...1.o.c....)GB;\v.t!.m.+h[ho..r...g.B.W ..5..E/Z.~..yGU5.K...z...`5R....I...h..[.PR...z0..C*.*..bc.......L|.9|.J.4.....Z..U.M.. ;U?.6k..Z.[.K....8.j.....3.licz.!.e.h.%.h.G..R.......l.].`.9|..b5(X.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490015v4.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0E7E3C36B8AD6E48736EBEF0D0167504
          SHA1:A4ACE4A6BCF4ED937B5BAA94FD0B9A0D22F246F2
          SHA-256:06DA6A8E6D3A2CC771DCACADDC300225D21E5D1B89E758DF06DF9D9B9D9D910F
          SHA-512:43362E6E5EF97D6B9F80B41285F95AB21FE7595B3E45A0167929821A157C1947954F38FED1B15BB20CBE2BFDB3964AA0BBA6F14CB8BBBA0D6B37AC50D8B7BAF1
          Malicious:false
          Reputation:unknown
          Preview:<?xml.3.MP...\....P...(?..-...T......m.O......~...?...?..j......i&.4..e...._.V.d._.I.......F.^H...Lbhu.....[%....o.j..P.2....m....K.+.......M..d..,nh.8.3q.o.b....{..d..l..^_.OnS...9.{...6.....0.l|.E-.zM|...K..F1.N...a........}+...LRcm......A...,..[=q.@...2a.A./dN".b......MF.w..(.......Bh}t...b6o..o...0.i!.;..D....i9S... .bm...L.t.Zl].J...-......!B......s|..B5......T.d...;\...BEN..P..9.t.*"....Z.....r.BU.eZ..*......~..3.k72...."d...YU..a...$..,..T-?....P..o.......K...Z'A w..t.=...............}..;....rRJ....V31.O..3..;*...fm5.x|`hj.._v@2&...K9.[...8...&,....i....oqy>....,.....\....sa^n...bPbFX.T.H.2........$..p.@:..)..+;..{!.x.V.....J..k\4...6....8J;..$.I.c.......6.8S...ey.......:.IC.k.b.r..m=.. Dw1.....=|.R.1P...p.P.p.d...%[.%N.>.\...5.(r.~..}K..Z...FZ..`o..8.-B.......Nm..'w....v..M...~Ri..c(k.a...t2...A.x......x.@..........8...%.r.q...........6'.{j..IT.6..=@..g..'l~.....$.Q..q*..&-3..]..5...r.....+.....}..p..._%..>w..}^]s::W8..{v|.....m

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490015v5.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:AA5D61EFD1ECF45DA6A858DE4DFE2930
          SHA1:245B3560EFA7B4B35F93BC99EF96016146D16625
          SHA-256:D633B32948761E601350BEF23F089DF2472C9406F24F625577A14F9C1EAD85E2
          SHA-512:8CD88C9405E6FE12E62F0AB26D10CE0B76F1E6B2AD5BAA49E28744D2F476131D9103968CBB7DC29FADB42F04F8D0EE10B69A62B36083E97BC68E8C232F3C492D
          Malicious:false
          Reputation:unknown
          Preview:<?xml....O.."{8..h.p..#.e.....O1*....@o.....l.,O{Q&...C...)$..*..M..tAy*Y+..d@.....#....;3O..w..I.8].. ....>...$....$...4.:$...t..`.....n..h..b.."..A..q...3(........6..\G..'..}.....s.e.04..~.8.9...>K1...<>.4}H5.....Q+s.|.C.h...^..!]=2..y....T...b..P...i..+g......\.3fC...[..H..9!..p...c7S}......k.\...PB...X@.J....,.y."u2$.{#.J.S.-..oW....g..`..D.]f3.lq....\..... _.cc.B'T..>...".&..O..._..(.......bo_.2'....@.....0.uVq.8...8.....h-.A...CP.K.N..*.Nm...FGk....t.....Z.".M|..".......z.9......O...._u|^...~.[7_.............bJ.......s../.=Z....K....5Eg.)......)+......F.H.fF........iJ..b.H.\.QmB./....UJ..T...>'.B !3+....:.&G.m.9.......~d..:......h.Bqd.B/]..6a.7?.w..p..>.a..8[.y......X...B.4.I8pNB.R..c<.....|$...8.B1@.G.MMj.....T*N.Td.Zl.]........7....G....I...4...;...IB..[b.<.....;= ..... A.=......Fw.5......05.....s,....6T....]...8 .b.......#G.[.......7.C.5..;WT.s..6.b..'....)Znh...`...;.+.#.....b...t....iX..R.v+L?.QLF...~...U..p0.YS.*....t.Q.\z(h.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490018v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B522E6023F8CE5918307BBEE61E119A6
          SHA1:762EE7C61A1287FC2E9ED3499B722E2F8289B6E5
          SHA-256:70397819835AF6CBBF4D6CC2A0CB58E490C0637ED8156B25D1654BBCEB7129C5
          SHA-512:D6F828C3FF59165128C28B0A0CFAAADC8BD28D8C782D4C83B9569D4CC1CBDA9E30383CE8F0F2B55D4C0933C48E9D44F41B364C50ABF69B1263AC6C96DB0FB9DE
          Malicious:false
          Reputation:unknown
          Preview:<?xmlL.s...GE...!{.0.Y.k#.6. .R......A..yB......U..0.f5{#c........F.n...II...m.......G.!.Z....+.X1.k.NHH..r>J...I.K.[.....jv...?L.z.d.. ..!5k.'.g.U....@u.._...J...e...W.......i.(...B........-F.....&..7Ai..-..d..E.....).0.nq...d."....~.M....1zs%..h..s..=.....`Q....t.w*/....@. u..%.._k.L.j..........W......]..G.b.}....-.._u:.m<..}....L...ZA.9F........l......:..+.h.....]c.m..V....ZY....U.5WT".%.p+.d........J.^..`$.-9)A.E...(..o...~....NV.O\.`i-F......y...O[..U....8...N...@.#_J.S.y*...-..=zF..2z....;+"........t..Q.448.s.kK1..N.........I.m....#bSO!.I.ZrdHa..Fd..PF.}.B8*C...t.`?...TiAY.`G.....-...A2.L...!Lk]....u).U.<:./R+_]do>.8bu4...b-g.~6...Fx...#..".J..9;w.Bb....ff.k......W^+!{tx..*....FP`..a.!..O...k..'oo...w;D...-%{O..X........R. .SP.acs.IA2...7...t....)..=.....3....%c.=....%.N..z..8.F.R....c.=rL2...J.4.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490020v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C634B448A659BA7569133C5C6377E032
          SHA1:8416913E4D77A27EABBEEDE8AAA4C6B7359B6A44
          SHA-256:0AA0F8F96CB978F9A434167C2BE259F5BDD389A5AA0B52064B94B2F53F3F224D
          SHA-512:44F7A1BE589BD7A47B36A5ABEF2FA1CAAC5FF4EE3FC66CBF83DAD241C279C7563EDF803D07C290608C981E4BE25825380CB21DBA0C50367FE87FDD56E6A2702F
          Malicious:false
          Reputation:unknown
          Preview:<?xml....k,.`Cu.6C...."}.....x.$..%...TA.f.:v.WY..a2U..1..W..l.."..=\.7n.....1....c.d}....r.6../.pS..QB..~...1..f......Dp?%U.(p.a".Vb;.I..\......:......U..*j....q.......F#.. .S....6.~....m..^.^N......B.g./."m.b..a..v.A.?...=.>...`9^.O..5.>7.4..9.c.....n..0...'..p...$.E].=r]k....xjG..q.B1.&^.M%*.8*H....u.....l..%^T.m..5.`_.......Z...*.Y(<.....3.b#..A.6d.r..$.H.37.5B.eK.~...+...x!.=k.....I.......#.........D....L....a...W.vc~)...p;.P&3bj=...".E].g..+$yrw....hk......G.Z../H.v.....p...k.Z..{..:....s..9...6.D.....w...c.D..c\...I.......g.....VX.>j..>.#.t..y.j..-..E.....b.n.&....f.y.#9...F.&.........b..z..oo.gS.`z5J..N.<.Q@.`b....J.......bz.(.s.e..........e.}...0.l...Y...Pk.I....0..K.a....1.a.U.t6......H|.t....d._.......~...)c..W.+~..^[!...(J1A......N...H^......&.U..+.iF:...4....gnL:Hak...*.x6...2|.....N..p&[.}.cY~..f~.(.....r..f.......e(b....O)...LX..x).S.l...t....B..._\.o.....;.lK.........wR..T......A.....19P..`.d~-w..0.x>D(.......G.+}.....$}.mdxz.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490023v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E8D12FA4C4A2EFA41B1F3928A13076A8
          SHA1:40EEC9D5F476C4721163FB2C90E76B4B57369CD3
          SHA-256:24BD7E545A8DDCFDDA207855C7942883B6845A1C8C737FCC7FC6BD4A9E91ABCE
          SHA-512:FBF3229E3B9962FB90F42C2ADCA0ED8AB798993DB294342A12A8C1481774EA45D52254A8537E5D795E42CE118B8D7B5C0DC0762EDE4633CC56B2AEC63CB38831
          Malicious:false
          Reputation:unknown
          Preview:<?xml(..3Q.Y.N...B....'a.6+W$.$..Up...+_~9..9.;.x$.IQ.5o......}X.w=6...JNKX6.MS#.e.m..K0.....n^.b....q.Cod<..7.Oj. ..@.V..._.G.S...Kf8.'".$>8..z5.V..`...rw...?S:.4O.Y...x-.&y..].i..h....r..D.Zv..G.....1...w.PiN.rGW.mB..iepG.T.......{FO.%....=.a......+r6....I.....6..............C.-=7K..:.[X.n....C.>...[L..h .zT.}.h...p.-..8....Z..5.....4...Q......v....2OV.d6.O...e...K.o..^.#.Cfp..W...$...0...q.K.bT.Kc.)(e.d..LZp..b.....Cj.g.qu.{..WIr3.w...6.y.k....S..&...@....0..@..f..dX.....Z...7.p.8..o$]..8...O...:........;....S6X.G...).HK..>.0.t......A8t.........&2c..;`".."..O<8.....e:..?.\Dl.....fFF.W5".<.K....2....`.z....../.E...;Q..89..,.x(xC+..X.tq..6..)..nT..g..~.4.9.6q..1V..z.w....eJ....1..s....l.o.\N....5....N260.Yi..+0..:c......Y#..e...m....6bkti...y.....&.tp.........-...?..W&d|3...D..`U...aJY..7..7.om.S......U..]......kI.~mJ.n)h./...)......l..C%..N..X..jf.{...Rt.3..,...y*....+.T$...2.LD=l.$.,..j.P!...=...T........)....9/.HE..4M..[.svh...1U.y.T.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490024v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A4F86AFEC2DB54FF3B8F0C8082851734
          SHA1:05101300AA9DA0FB1AB42DCEA38FE0304CCF6666
          SHA-256:AD9B039290A804EDB2E3BEA211185C6452E075F37C086F12386BDDC25B12AA91
          SHA-512:79764513971D55392DD70027CDA5FF7A77E9EEE681ABC2658A5E75DA8032A43BA445CDC782A32FCDADBFD6C840C6A5F5D6A35B3CC9DAF7C02E98708A10E83BB8
          Malicious:false
          Reputation:unknown
          Preview:<?xml.b.......$.\..........+Yb..A!q.7%....Fi.N.B.=.I.........+..M..y...np....qu..5...Bcj9.-....k.....7.x.......??uB.=.v.Xqa....Z..a..l.!X.x...=.....=...8..E....1st.4x.".4.L.t.~B.....L.....8*........i...d.Z.r.[.{..u.nJ.B.5ul.c...i.....)oK.ab)............{{>.....s.J%.i.6.[.":Rn.EF .v.1.........4.x.=9.Y.G....7.hX<..nc.[~..cO.4.M.fa.].@t]7p. ..*.....&....?..u^..I...1a.1.....D~W.[...gS."......!.G..m{..^f6?g.[.6..C.w.t.T.PJ..j{F.......F..e]e.I..<]...L)0.co....1.>.n..i.P......OCT......A..]Q..5[.J..'.I\..s$...[-.h#.......L....X?#.Q..w....W.E..<.B...y.~.&....<.s.(5.....Z#7.d.....Ble#...8.ul.^.QH..Y.0....O.._.O.1....`I\..V..Y..5....L..jU!....a.n*....h....`..q#..9....=J.a. ..C....k...D...s).R8/....cBR...Q......Bv1.!Fh...sI...4...[.H.!...!r.do..%&.R.f(9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490025v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:07310937DBAC2AAEC292F85EB1D1D6B3
          SHA1:2B540EBEB0A365A414B272B338F683A234B7A71D
          SHA-256:BBFCDB55D757F44DB35EDB85B43915E38CF2C40CE35411E35681417962E78F64
          SHA-512:7CA7F693B0AF5F5A144CE7EE589386C8D35BFC942DBF9359A3A76729C12B72C5B1E54B4802A00B5DBB2048E7E5E75E6C10476E8EA12AC642A22282971C6DA264
          Malicious:false
          Reputation:unknown
          Preview:<?xmlj......6N..........c6."...p:...U.N.....QW7tz.....c[.......7..$..3.....Tv....Pr.C...-.$,.M..}..S..;.(..F'..!.Q.}.GG.l...,..Z...U"..M....k.G..b..D..4...l .N..}..v...H..<p..+e.Q...GO.2.)1....pcK&....m%...a.G&..L..}./..nS..3.v.k.....%.6.D.....,....._m+....<.P...XE.k.DBW.4UH...$...Z..i>.]...w...^+.o..d....<.j....QKn.._.....Ie.d..5..d..~.K.@a...AS=X'.g.;PE?....rT.......J,.....H%..@l......._.n,...&..E...hV...._.A.o..,j...U......sa.$..$]1>..zD.".7t...4..&.k.Y.Cf.b8..[BB.|^1...N.\..v....'CV.W.....h.I....,.."..c..z.F-..:d... ......:.T.I].l......^6/......KHZ.s,z/..e3.sfJ.q...x_!..p..;..'.$q"..c.1g~t.~"...l...f.|r...UFo.Mo{X.]..8.?diU.C..>bM.O....e.....BF.L....9}....4...U...\......c..%...T..|.-P~.DA.......7.......J.K.0{.Lo,T../0...G..R....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490027v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4249FD1751EDB6D4418CAF633991C1F5
          SHA1:0B9760584FA16563ED1807E97153F06909BA6C0E
          SHA-256:CB0C553F45EA841A317A9BDAC3A990493177908F67DF2A142FD1D0938B6CD05A
          SHA-512:C377437F19DF80067FE71B32C0A72C21045757ECFB128EC8ABA7C7906C68DDBA2D6C2F2EFD99DB6B7E49177E514E5413DDA059FEDFC8C42D9AD182D0E13EBB27
          Malicious:false
          Reputation:unknown
          Preview:<?xml.s..M..L..cf?.`.Z.=.*._..Jr^..x6......m.#.,6?=.E..&.)H$Jdhm. .L..,m7.`.zR.W3....<eZSp..I........f}.2pf..O.8...I.#z..L9.P.\L".6.....z.c?.\..7...s..{7De...O.O..A...-...}./...#.Hv.c..*..^.)MR....2.?......!.X2.>;...].....\:....Zj.T.; Ym..;/.zh.&i...ax....s...Mnn.H2W0,.8..5."X}../M:../......F...[.f.~......L..#K..3..../....k!.x.......r.3.R^P. ....l..{...y*8...@...p..Y.Q...Yy.+.,.b.u7...........i.....w..?T..2pe@..h..oJ2*.G.'..U}.9..#.x...|...E.....P.r?.T+...t ].>p.....o...P..J"`ZD.Yf=..O.8.~.. . j'.....I.?.,U.t..4..?K.=.W...lsB.9U.3./...Pk.N......o..E.."..W..8[V....+..uOG..|Q...0.V..Pf.aA...W./x#.@.Z.]k.;0.H..(..J10.......I:.......1./.4.H..5v4....,c{...D.!....%o..h?...l...h$.|..Z..(.t..F..K...,.B..I.\5+..i.XE.fAT...G..P.D.......HaR9.A..d......9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490028v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CC21A00D977F174105632551D25A93C8
          SHA1:115F91B03A2E3E2E7296BD18C69368537492FBD4
          SHA-256:CB4A5BE6F0B0C16286FBE25765308350F45F9ED53761D2D406FF3100221C1674
          SHA-512:4B8EC7A657C500361833AA911A55F26A63664EC76756D471711208C215DDD1E8246F156096CCBFA52C71ED40D9F1003D2C361CD5821DAC88A87DDA1659A74C49
          Malicious:false
          Reputation:unknown
          Preview:<?xml...45.}.F.L.....]?O.6.'...mTs....>. )"U.....();.O`.3.1...LZ.~... ..!....t..".e..1.....9..V...P..8.Q+.T.._......8.x...b.. .Z.(p..t....p....."....Q.....}.O....F...1\..;|..`...r&1qF.F?.t....G...Y.&.l...wb...;.9.^..a`'..F.:M.+..._.....K..4..}K._.Hf....q.......P.|.\...gm..F.....R.ki.../5..\.......>.Mf.u<.8...Q..()c.OF.M.j.S.>.O*#..ug......R}-Y....w...P$%.".,Hr..l.... .$@O.wq.?T.i.4qQ._u/.X...k.....[....)..' ........O~.y......4P3..H........-..*..}..N...B3....^...g.6.[.5.}g*.Ry...T.....FjM..........:.....|..a.&.........G.....,$j.n..[)t.%7...u..c...|.(...2.v...Np...z..FZ.u...#8a.........R7.6~..j.3...)_..{.V..W...;]..-9...Y9f..s.B.A...d]I.#.....G.......~.yJ..]..4...9g.q.....{...*H?O..A...E..0.-.\...d.B....i.:Q.u...fib....o1..mpvB...b.L.y(7...%".mv.e..i.9_.......z.^.....Z..4..'b.g~.uOc..:.....p.....M........W.......V...c,.D..2q.l7q..*..k..E.....b...%&._kq.wA.I../...8......G...8..i4..../..|e.....y.^...8.K..=....Y.$.S.t.&k.Z%.9pbW1L8qQshua0c0KnGl8

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490029v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A437A7E06014E7EFFD6FE9D733EBA324
          SHA1:DC988C9FDB76DDCE1819A6443E6FF4FD7196AC8E
          SHA-256:BF8F3339FDC7B7FD4118645D32A5CDB5B9E2C4E7F8144ECC2307D2EA89C950AB
          SHA-512:DD18BEA2BD8E5C3289A45FB0F13946E48A60F647F9CF073D37CE0BD1E2FE4CD94E72042548BC16495C3A5FA5A1D3D7EA045EC4E2B4AF7A79221BB9DB4A7AA354
          Malicious:false
          Reputation:unknown
          Preview:<?xml.[..s....%)H)(.4......\.A<..'.e..HG.}.!l..*....r;.-..$7c+.2.X<.2.}.;.}..;.-RBSv.p.GsHb.Y.DQeRl(.....%.........Fdi.f...bn&..O.m....H......DL.O.u....M....{S..c..L.....f~.>..9....[P.3R...{...*zX./f.r../'.aH..K..2.Ibd".O2.r.......54....0.u..!..K}qn.3A.n@4?*.2.....,....sS..2.D*J.h.}@<..I...o...T..A.2Blg....i..hD.t+O.......T..q.8.5.9_...2.2....e......v.L...!F|.+y=,]M%8..<..G..A...;$..B.k.*0-.`Qz.Pw\.....x.ok.....Zh........|.w....o.=`..m..>....WJ.Q.e...q..I./.3..f....'G i..^Asj.`&..t...../E.L..=...@..I.GN.(..".hR.=`......?..0\.[....i.jPs..#.Q.!..#-...z.......%..Q"~..E\.`#T...L...w...f..(.G.3N.R......={....y....$.}@...(...~..........%.0....+9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490030v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5A2BD99454A85A0A3EE6394192865FC1
          SHA1:A4B48D005504E29DEED9F354013AC5D143829C32
          SHA-256:1DB7365495607DA9A77082E900AE994FC463D19484B4355FB12EAE1EBA15C9B6
          SHA-512:639B6A610E1DB83472859699E4FFABCDD6F76683C486FD38B4A41AD1263DA6CBE566D9168FD69974FC829AA31A1DCB5AEE2DED72D6F51CD1F10D3A2BF15F7F36
          Malicious:false
          Reputation:unknown
          Preview:<?xml....*....V..!.:9N....I.=VMQ?(..t....i6...`..(.C..&...1.t.!.~./9..?T....1.M7....Q...y.Fb..x.....n.!....)......36b..?t.\...z.\...}.`.f...~...Yf2]....Kg.jS..4..zsh!.3....{..b...S...o1......O._p(.N.A..A)>..Tr<..i.|......i]....F...Z_b..ug,.?.rR..BF.!.$.#W.._O...-...L.,.....l-9..F!.p..T..v....B4.../.j!....L.>.h....2m......j.6|z.n_....!.!..."t5.;r$N...E.*..$...U....g.: M.z..&.M&a-..N.....I.!...e.[6..>j . ....r#..qg..*.T.L:...".K..2.. ..M./.T.......LM0M.#i.[.f.J....k..h.8.\....o..U.n.U.'3.lR@._c..1....!j..a.'...k.v.~3....o..2....L.rbGyf.W..?#...5.}.<G.0.ca.....8........u2*o...%%.h>3K..7?r..@..!.....%..d.y..G.F...D.b....aT~.O..p.(.#n...]..P.&q:.4.=7._.....0..WC..8w....G....N..M.ld.|%?e.....\37.........5.Jc.O.-..n.j..O..*S....._o7....g.L.2.....G....`0...<..1.<)..-..(...o...V..>.........aw..6r.p... ....2.....]......O.\..2V.<8.o.A$.YU.E.?.b/G....S!...ZbZ..}..`.'..h)..^`.....$...\..&..&....2....o......].9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule490031v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:52D8EF14C93D52EAC932B79CDC30C4D5
          SHA1:0EA6E205A95C1873B2041B6C676862AF80E1CC51
          SHA-256:2DFD98E95BEFD639074968164488AE9F06DEA5C869885F680D6D8939CF7D0C8A
          SHA-512:C1218CE79A8C02A4501D590CE37AB2DFEBFBC6E845D9E7210DB60E6865526E67E2E1C336DB72525BDECF1108D611D21C9F944E7D85AF15D26F38D420A6F006F2
          Malicious:false
          Reputation:unknown
          Preview:<?xml.kq...`..-:.7..1TJ.....X.k.Fp...2..J.U...w..QIA[.Ow....y.P.o.&...?7.......;| H.`.....<.....+T......C.S..8.J......4....r2@..h...) ...K..^3I.(bc.7....!.H...dL..Y.......M.....>..-.....8O.}..U.......kM.'T.R5w.Q.NQ.p..nA.,l. <..l""...".-.If.u..l....T.>.)2m..0c...k...nln..|..h..>.......9.Q.J-_B....-B....m)FA</......"..'..bdR%.q/6.....E&....(.op.....P...Z..l....Q&&P....9...%.6.....d+...L.N..+...EO.k4.iKV.N.H'.B.*...m.Y~{F...p.....N)....0..ONG_..Y..K^M...j.......~\.....E.&......n..8.rgx.Q..=..b.*...&DlHD.[..;.?t..Y.Y...f.".zF.u....T.hxfyL.C..*.O...6.J..h9-.f.<m..V*.....1.!]...".H.U..........Q......w..e.W.)..g.p,h.m.H.......&o........JC....._....zk.py*.[F....0.<....j......C.....<.........q...Y.}....3....-.i~..Y.....&....{.k7....5..!B..=.=]G.G.|P....W.U....g.">......^o7n......\`dj.....A..=..F."0..-.!C...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule500000v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:728175B7F094F48BC099B088A5F5E2DD
          SHA1:AB45CE1C9550AC60C05C1C9B64E0E34927CFC4B8
          SHA-256:15145128E5A2400330629B69D2079CD99901CC97F203C642D45F754F8C44A52A
          SHA-512:1F9BD5F3B500AEFFD1F667918247A93566BC4FA66FCDEA1C1A4CC69475D252027A6E90087F47E2BC60D07606B88FAC03719D10308B36147F954D476E3C0A1493
          Malicious:false
          Reputation:unknown
          Preview:<?xml.X.v3.HaKnE!..O.U.y.a..q.........p.,...d/.Or.*H.."..%J&f...k.0...;.bm...@\.....`.(o. 0G..S.L..4.?@.o.KQY......0!.phWo%.R.]....U......nu...V..HP...G.K.T.......I.TX.....).......]Ql./H....L.).RY......;..3.yXp.+..R.-.g...z.....4.......!.v.S9..`..$<.=)[....tJh..B.4..H....9....C..8{J....T|').O....t.\..x...-]....Z5..]VYx..vM.C.V4".{fI.1..1h@J9.a..l..g.pV..Ub....%6..I**..,+m..-.q{R..cB.;...u1.c..J.3n.1.e.M].&.B&.fV........i[3....D...?W..#...9.`.&|..F..w.X....fr...P. .......A.|.J.....qX.?.*<%...)#..C9...Hu.....D.z.../8..0..-...d...3v.......-T..*M;/S...\.G~$....C...;X.....uctE.0+... J....pZ..}.5"zv.[.ed..o.&.J!.e[.#.gu[.r...t......p. ..9...j..Z.$9.^...$.<....*.L...IT..i.p.z"p..I&=.....^.3@..Q..A..Zp.JZi;..0...Kz.]z.ENV..D.Q .aM..e.e....-6P-.S........B......6....Qn.RC..x..!...1.k..p...".9..-..4...5.......q)0y..;......%.I>K)z+.0z...W..(..{.c...k.C..[KJ.ZQ..1A..]@...U(.H.1*...`.&+..%8v..0.jx...]...,....R.;....[r/....".....gO7{..,...N.1...DA...0...1

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule500001v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F63B73AC2F5554672E4164D1D42B568E
          SHA1:9256962CE199F1D503518D9F2A621EDE6833D7EA
          SHA-256:EA6ACC9CCF25F35D862A3DB8C554077BB4B1DEA9B1AFAAEEFE3A94D933302EDB
          SHA-512:D4AFFED433410132C4D13B36FC645D97C519133A6BD096034FF98308EBBF6977845DD3D113C8ABC05754CE5AA7E28B1DDCAC34602D55679C1E5C9470A1BE3DA3
          Malicious:false
          Reputation:unknown
          Preview:<?xml.j...5._8;..m.`.!.).+.]..O.........K+.C{W-......3<.o..,.......8|r..&....".V`%.....h..>3o|.....a...T.R.....N.s.?Y.3.G.wh.F!.&...Lu.J.I,'.D.].......wk#j..Ux.Bc.8i..`rT.I.\Iq.i<;..21.Q@.v......^A...T....v.f..=..^....>.,...f./X!.R.,..kF;.e(..%....p../fcKx..`E..lY(y=2.iy&yg..8..\YK>6m)....-s3.JS.z..(.x~L....4......I...Mi#..F.h5`/kF?..Sb.........X2..p!....G.\.z..w.T-..r...E..f.6....HvCg]..o.+...'$.....Gm...5(.2,.D..E\..y...?`.>o....n+-e.f.'.tf..yD...,~.3..C.G....@..yQF....(PD.x:v.......u.l...EH...-.T...B.4..M.s~..."..S(eb...(>t..0o$.l...J.g\..b.T.U.x.."....U.9Y.N..25y.'-.1.....\).S0M.c..k<..^><f\K..8.....F.[.....,q(.bpY....mhM.w...?./........!...F.w.L.@Y...u..ed.>2..D(;..$K.......N..K..b/|.....#:...........0...X....-..Y....2+..t...H..9.(>S...)8u..D.J.w..x.........LS......3.|.r..L-..R.4..1.j.m.P.?F.C..U........v....Vds..........c.Y.)44....5.T`...8.x.}C..A~.....b.xR..,<k...m`.o...S.J(Ka..G....Y,...G.3.....).....k.x.|m..V.Y........U..h..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule500002v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8EFCA0A7262C9D0B2EAEEC8C14E71C2E
          SHA1:7B7D5DC5BBC6D6F3091060E8B33E25A114BB4A5F
          SHA-256:2AEDBBA6BA327E91F18A98F78547A3F63E7041D08732463108ADA164997A4693
          SHA-512:8DD46DD2B5F1DBD2E00B4C3907C721F4B4A536B28DB12504FD4F87F27C2F903969EF654C74D0F0135F0A54CB88B8425032C41F59587C4C19A1041F6109310728
          Malicious:false
          Reputation:unknown
          Preview:<?xml...v;.z.uuc....6T.Q.v..]..%p.#I8..N..m79.H.....&..L.....~M.R...d8..1.9.X1...+....$GT...q'...3:i......!e.L.{.fO..n.....H.c{=.,mp....."...1IR.Ic..[...H..v..>....W....HV..I.V%../..p=.5....4.....pH.V...J6.>..S2..ht..W.fu+.. .;.L.._..h..1...x...E....=.....GO..lioqy.%.....'..N....@n#..0.):.3%...<....{..^........W....Z..+.?.@.!..?..E..4..Sc.<....4N.....q..+...`...O....-.d.*....D.^r......$..B...._.........C.....Dpb0...@.g........-...O2..Q...G...*..l....F..B...L.Q..l.?..3......O....J...~..H........nq..68?.T/..tA.#v.r..._a(/.........~8.....b.........,9V6@P.....2kc.|.v.TE(.H..e...!e.q)......%uG.....l...J...P..2,.[6...2.nr.e....J./q;...z.a..H...C(~..22......q.4=./F...$g..?..#.....\ ..].Nt..t.w<.D..j....{vRjX@.....C.........4..d.i/.N..&.t.:T].W.P.2......eSE.:..]`.u*..`...*n?_.:...I.3O.e....){./....}Mt.c..u&.'.-.;.z.....4.n-+.bb+5..p....hH.8M.7A.&....z...`........Q.^| ....6U......>+..W.......+...M.;m...gq.0q...0.w<u.4......K lZ.3.T.>o........>...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule500003v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:43856571B4FFBB84965CA936D3D0B3BC
          SHA1:670AE22790EC24997E217E9F91E8838B487BA6AC
          SHA-256:47FFF077337AA2938E6EC52A9E6086D4FFE11AFE000A548F3F14EB68091EE915
          SHA-512:573E566486864DCE0833E37F390BA4AF15924746FEE80E3CEB186A38CC29A553AA9A49750082584312ACADA32DC27A349EBE39049CDE02A46CCE9D25EC35BCFD
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....@`.E#m.SRa4.m.....Hm.G.NL.6..H.N.r..]8(^m-...E[<P.%.!*G..I.JHwL.Gy...y......s......tV/.Y.5t.D..w2dU.....C]eE.!.........?...(.w.......;.%..iO...6./J..XT.]dY.mT6.....U..........s..T....[L..D..K.+.O...E...-.......G .1.|...\...p...NW8,.... ..*.*...a..G....HImw's.<........V....M....[9....h.g.Dq&*....i.....}.i.U..5..^."....~..h.......rf.c..!u:Xr.X...jz.=.$.g....X.CGV.!........]......7Ls.....H.[c.....rh.........$s..O......l...k`..n.4... ....4._.g....mM....=........'.Y...>...o.v....B.S......$.....:y.....ox.......s.........m.^C.4+|r=:}.2.-.-.p. I.<'.........:t..sqI..9../.........I.......G.4.....&...o........r.?.6.C*...)O...fk.N...!.3....V9.]..'7.]...Q.+z...o..('.6.)qw..K0.76<U......f9...t.^.)....'..g.. .q2<...Qy.}....A............1q}..._.6.(.>oS..Aq...m.s.#o...tVgk..:.Rv.....a...G..n..S..(.m.".P.A..l..r8..m...E..&'zG..8...N....NM...R.g...:.L.m.l..n..b..qL...W..Xu.m...r...1.4...X..)....e.,....Fq.......rub..J.u.c...8.$./..&...D..y

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule500004v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6F5CE522EE03DAD34DD6F0B506444BB1
          SHA1:D1896E00BE3AE67A02C440B50FD8904D2A039FB7
          SHA-256:8D0F5B335255808A9D347C1C2D272EA9007749BDCC7D29C6E50769972C42E55D
          SHA-512:11D8F977F803C06FCBEBE3D971DAF9826E9FDE1D356B8138DB74E753F6D4BF7B4BC9094341678F9FE9D30ABAA40F61029DE609202758EAC6DADBA3257EF74732
          Malicious:false
          Reputation:unknown
          Preview:<?xml`.<....m..s..[..y..Y.B..v..t...3...t.1_.....&k\..8.#[.....8..0.YB..~..D....Zu.~.O*..pB../..io....XQ.....E..J.z..TD.2...:#..\(Q...1....(h.E.......=.G.[...=r...C.X....j.$.96i....Uo..........;A.`.?.<....F..(J..a...~-&....(.2<...fT..Q.6..b...ff...H..J5...e.uS....|.....D<..<... ."../.3@.nq4../..t.`.3b.Fr.....?2.E...@.........}........:...P...VZJ)....y4....5.E....^\...EY.T....+...v....dn*..P.P`\I>...........K.Et.pXU.F..(|.>.Z.71j.m.......X..~.j6D..7.......)x.3].y.V.!....aj......Kj.Ng.ZS...T...Fqx......3...p./L/.}._.....T.h...O....sL.Q?.......(.."o.t..%....O.].f......!..q.U.~..T"....kd....."q..%^.z....|.m....-....H.a"n...`..h......SK.....~|.Zy.`.a.x.d....rU5..B..f$._..d.r.C......B...4.c...z.F../$U....}...M....]5.1x....X.C.o1.f51R|.g.Eb...oD...1y[...~[..N...m.E.......t..PI....~..Q|.(....G.>/%........z...;.......j..l?...A.=..]!R.o..4..$..PM.G.....?...N............ .v....1....1....!G......@.S..0....A.kU......-...hu.z.`s...O..w/.qF

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule500005v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:24F27E1195E7743B68FAAC0AB4291159
          SHA1:20F9EA904ED600C97AAE31672B423B35882BB61F
          SHA-256:9FFA4037A153D0DB8293B778D1F78201AB4C8DDADB0C63D1C80BC1D321689809
          SHA-512:32F8C9376814286AC2339AA5B43E8BD9541E913A8C056C741D554C0DB678F0ED092EA720129971383488D9A0E6A305D71AC8F848970467AE27730522069E01A4
          Malicious:false
          Reputation:unknown
          Preview:<?xmlZo..YZ.....X..sC..8.*Jv.......st..&M}N..TuB.C.+N......X..vn....5^....._..vn....nrI>...".&.m........4R.<B.$.:h.J....>@...Xv..vIH.^{.".."`]'..%..t...hl..S.h..v......."M......'.D.U.Z.....". ......e..p.z.^(t..Y.&H...u.=.X...(._.N..m...j.LfO. {y.Q..=.t.... .lm..,..h.D.(.....>....5"./......d.5.q..'..+...^d5.(..O.FP.."..f?6..|Sr..30.?.Q..a./~)....v.. .z.i..Gm...(...l..1K...f.^{=.k^W.)g.b..N..G.4/..v.n9W..,..o............<.....`F.. .#\0,.....3....v....$..}.^...n-g..08`..F.......[..e.X..h.`/y..D=.=....N...!..-.E..Uj.....39{....k]....os...I=Jz.....`...,2.~.<..^......Zp.....|. .....\p0Tf.zz.CX.9..G.l.H9.8....F.f[.e...Cn;.....b...m^D...p..a.i.........w...{.A:.mmX.&.. :b...y3S..H...{..$.P..COE..}...n.,.W.....g.!..`-..rc....#..bJ.b......L..\;.}.>..U..-~...y.fN..w.YXZ...W..Y......k}.......O.s.~.E...U.2@.$....V.&O..3.+!..*...o.|....t..bT..^.9k.vX:...5]..LN.G{,.S...z(....7D...%0.j../.q...H..$..:......g.0.....~..".....L...F*.-....?7i}].w]....5.u.v

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule500006v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:127A0B7307CF91C5CD302C8E8D73F07A
          SHA1:14CD3A3B0C2E8AFE9341B912446671C1D11B1CB9
          SHA-256:095D2FF18369F0951199811B532BB7AAF2634F86E49EC7B9C7454A9D202B78BB
          SHA-512:34FBCE6E1D58454D24F37600C4692BFD6B344AC43416810C229B1F8EE6A2ADC326E284EA302A414DAFFB29471A56A87E77F5CB04DB836A484E98C6BF4A45B632
          Malicious:false
          Reputation:unknown
          Preview:<?xml.,r..k.U.%#...L.._.6r&.yN.f........9..1D..J....".v...c.jfy..........i.W....m^..p..X.........zO.....,...lu.lE.a..|..k..Q...k....'_g.>.D.....0...#...Y...e`.x...B.*.f...l4..h.l.\.}......!.......=.......E..;P..|k.w..g.....c...H.....:....7.T...wI.......A=.p.]C$..2...VH..e.G...sL{.u].gU`E<R.o..H....?.y\...P]..C6.]|...S...ruu.] ....$..?...$!...m..[.!...U..n.\N3S>ey..S.A?=o....u.ej...!Z>G..q...b0g..A........Cwx..s..F.n..o.....n2l...2..J.}_.._..95n7MA....-....t...%......N<..o.x..B,..;...8C..4Of._...y|,..|Y.7X.bLb.u........aJ.8....jX. .W..|4......)....7..D....<..x.<..K.jM.K.......X.2f.g.........)....}M.....K...Y..8.......W...Lj.^.ha.{a..A. co..0..9.5uaCy/..(.}.+..P..T...;..w...\...I....=N.@...t...#{#r#...w.......M.....e.A.X...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule500007v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C5C2CAD28CCFBCE9403EA5E3990DDA2A
          SHA1:16F8A45D9F46E20594540ACE66A07F09042FC0AE
          SHA-256:0B2F15FCC71C8AB073890C9CBE7EC1C8D747C0F403E6D628D1886F61F009BFB3
          SHA-512:056954EAC1C69A0C151D388B5411B84C0079F88699AB1596DE05BDE084577E48C20DF774F38857C98F93B75B49116F80A214EE335DC608B2DCF713CE62663598
          Malicious:false
          Reputation:unknown
          Preview:<?xml.z],.+.B..y.C'7_.q.k......p....B..!M..z.!.0]v_yK...<..Qv..6.8.....>.f..!A....7i4w ...^......p..2...0.l*'\z...-z..g..r.eBJ...ey].!..x.z.S'.~..^C.>.V....Y4hI.Q*c.4.Rg.....Cz...4.....".g[.....5..M.#uxydD._.erL`C"..:h.K.~Z....O.....<.M..2U..."..p|+.6..K$.X.6.........h....q.}.>....W.F......].w.../.JK?}..V.I....JKW...O....6=.g.....w5.g._.|..E....E.z[v.....B,T.D4....~...b.ih4..Z..2.9.h.G...Jl..$..F.......E..IU.T.......e.A...a.m..2k^Sg.........=......S...1.@..k....t~..V..j.^..oP.(...g.?...N.Z.....@............U..O.k....AQ..lx....q...i...c....%...u..3qyF.y.....pk(..|Ot.e....4....e.l...d!...G....E&:.7.]SJ.;uiQY..........^.s...$...C*..-:..4M.>z.Z..."M.`}9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule500008v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8FE2FE9D7DADFE2CB0809C3A4E7BE498
          SHA1:F8669558E75107CECBDD24DA16794324009EEBF4
          SHA-256:F3E78D7D92CC7BEA201B37AB185003E8050AD09CDF1FD4B8296AD1B23DE38EAA
          SHA-512:FBDB6317C10E2B3A907799B9B66131B585493107667C4EB1D57649A31BAFA8F67EB5B5D49CE4BA07522BC331F8B51C041DC6B1E4FEB6A61E12F9EA59D28EAECC
          Malicious:false
          Reputation:unknown
          Preview:<?xml..r"%kJ.W(.T..+*...5........j.4.....@CP&-....."I...NA.wx.n2...n/O..;..+]}...4.li2....L.,m5.p..q...([.P..>n.Wf.K..[..J..o....`A>.^.D....+...9.F.Xf:h...on.\...T....x.c...4wM.....[ `/.f..OYv[..\Vo.E...!h..e....]N...X....;..X..>i..l,.Ot..a^z\.,<......A.n.AYp...em..[\.8..17y.yP&bh......[..o...<.....eL..}...#v...+...Ggq93:..EQLQ...J5(... ....0.M..........X8`......~X..b.-C...c..z2..Fc..o....we..6W.......m.9W.f..V....C9......L.c.9[b.F.].V.^..(...IS........y..q....[u....R...L....r....Q.?..eXx[.vWR.'..7................p..Z...ChE[gM......%.+.+E......Aav......gi..r..8..k...fI\..a.c.....0...N~~.6t...C.......tE3\*h.....vGU..e.....Q.._r...q...B..Y.............-.h.S..+.........<.....74..!.^u.KS.!B."..1...+p...MgcK.<5x..>.&..!~..;...<.b9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule500009v4.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3A6D8266C0354B260C162D211E3946D5
          SHA1:8D65C342369723211ECEE22E7BC2D4596059B310
          SHA-256:EB086E881B28CFDB377B4870CF45014D567E50024DC5DD29FA0202F08440C1C2
          SHA-512:3D3DD2A0E909B5B2038957512F387FA04CB264471575864605BC59777923C15C3BF9F31DBC68B6FFD489478822BF4ECAFBBD2E5E7AE3DD3E846308A996964ACA
          Malicious:false
          Reputation:unknown
          Preview:<?xmln......!.5Zz..-..0..x.%..)m'...7....>.>a....W....(.......ZrXR+.pX7.....b..7;.....&a...........^.'L..6.k.I.Z./o...K$..r....Cx............GE....z.6V.\.(w.d..h[)....)........9.:.jf0.*!..C.t...j:....1.0.W.[..%.sz....]f.........?,v....3..o.@.o+.o .q..r....n........*..O.E.....}f.D~.....p..#..`......y.W.Ba,..P..RoS.0SJ.-..*.Dc......Q7V......!7A.6...-..K.qL/..m.Dna..Y.`N.q+.." Y....[{....t~*a......4..P+G..n'..+........U......`.4...Y. .D..4n...l..rm0..J.*....JF.rO...K..2...~..1.#.Ep%.T.4,Ri........XS..<....'5..>Z.....B....f.......$....4tk..VS...(....)...HC.$..u...i....--.6...G...t.?.^7.+.M..<...r...6.3RE.s.*.?I1......3x0P.s..{Ji.../.N..]......<~.0...B.4...G...GB....h*?.A.aG...Q...*...e..`A.D..t.d\..0I....].7u.C...eA.C.>.e.r.D...........3 2cf.`^........B......V....H.`..>...a..z|..1.H=...Yg%Zf...Lu....9GH\..%.oR..S........}^"....x..G...N........M..&.s. ...kb..ES_..X.7.p=/..cE.T....ucg.>.....m.PH"..M~.*T..@Fn..t..\~..g...X....;..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule500022v4.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C778E6D9C13AC3897CEC4A3A2B73E4A7
          SHA1:15FF066C5E6EBB9F6E62A24C64AD841F7509C9ED
          SHA-256:D0ED37BC4F2E20CE337CDC91578E28B7AC11BB68E06797EBC3E8FFEE9321B28C
          SHA-512:0BCCAA10FA373B4275A546D06D24DFA2E06F1B26E2923C32E4D080B58F1F85BFF298849A1BFED8A44F0DEE13053124DD73ABC1A46AEE1D39A909D285A608632F
          Malicious:false
          Reputation:unknown
          Preview:<?xml.zY.z.......4.Z...Ab.T9>..,.n`.%.k..O..)./...,S...p...p....>f.r=....9f..#.8.O0...p........-..|.^..(<o.}.(..6hT.......pDZ.<t.P..D..v..V......?..|. .N....s...R]hy*.O.Gke..h#./8.U9....^D.g...A..GDv>x.. 0.Q...........k..P.W.S.^....#.0{m.O..Hw..UH..2. .........T..;H-;j^_..E&Us.s%.b.8t%0Gj6.mj.v.;.wn.5oT.A.R.N. .d.IZ3>..|.\..^C.....3z.2...{.<...k.X.9...}J..PKz...3..24.+..^...e.U......Ka..# ..../..)Z...<........ ../.S.x.S.n....62....?.+.0.z...S[Z~D..z7X....p|..&.K=..}N......NVmN.H..........P..."..M~&F.[.]...Y...].IO......U.......`#..s..gTo..Q..u..Yz.].'.....&).....k.*!...F........>.......r.c..Sb........Y7.~^.......G...y.`0.."v..|...b8...1D.,S.Q0j.]d3.m.........h...."...w.e...9..idn...NT.>..j.......`zA.`......!:1.2.h.6...2..c....dS.&....$[...(c.V*..@U........TG#....k.......8.....L.T.a.?..j@.....rb.y.r....'..."..g..?9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule500023v4.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4B554261ECD27C7B95342352BA7EF142
          SHA1:6C9CF644F44AD333F5D99750D288E665A4990BF8
          SHA-256:9A1A513E0C7EA4278E8D2AFC26D9D96D2F79500FA39A9F54C44B7CA07CF62115
          SHA-512:C738D07F866C8388C4451E4E92796B87064C3C07F815D1389372CB902B1727BABB103F08B17D1848C636FD1BACC76E21D2F5F5E8ABBB6A6D260759035139CDEE
          Malicious:false
          Reputation:unknown
          Preview:<?xml*gE..J.B..J...s)}......)..Y.p.cD.........lqp..7.jE.,...8.n.....^H.F...L........H".p..4.Z.....~N...l..@.*:~[..:..#...{.....m.../k..?....6..dbW.......*..o.WY..P.M.X......m............`:...kTv,....w..y....@.&.^<..=....*....u...57.B...aNi....0..]...@....0a....\.{...0.r...[IcO.".q.,.-.rftex.0..H).x.5<..b9~MS..+...t..R..w$01.-...9....7zNI.........u.oyI....Ys..+.....2.hx.i...`...=.E.4..7.l.z........T.<9..._.[.S.(a.c.<.....|...\...]&....Pn.%..X..j.d'H.<.$./.E..#..|.fW.kh!.,..)1.)T..y...u,S..".I.0#....k..}....C`.........L.....)..T.0eV...sYCe.....<.s.RO.&h.1.uQnAP......-...j.C..D}.i.n..g....D"G.^.........G.....Z.].j\.....K......FD.$/`^.Jl.N~.d.5..K..g.k<...D\...o.....^..V,Zii.3...50K./.....]<x.e^...x.....P^.Q.#!.._..+...:....&.....E.0....-..%.M.)dBt.P'..Y..n...................E.^}..c......GZck+.g..9*.5@.v...;E..#qi.@..&4.......O.@.j'-..u9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule500024v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4CDF5BD8E1FFA300FA7815E2340A1EF4
          SHA1:4A59E7691F503020E2E0059CB53BA08B2A7871C9
          SHA-256:A446410BBC4F47208ACAF55917EFEBF2758F5AF428858A7CE342BEA8F8A5186D
          SHA-512:33CB1B14B549291A4A437565F1EF6812ADD5D200C7788AF66FF0BD55D3A56DB04A721596ED8231D3C3A8CDFFEB5CBD8C335755700CF529D526923823401584DC
          Malicious:false
          Reputation:unknown
          Preview:<?xmlMP.....y.N.s.....?esD..v?......N..\...^.;...)|k.{T...u)....W...M...G.t..dQ.nbF...w`z......q.r.-.|...Tu.....F...7... ...b.H..b.........%..F.Y...J.k..=-7Qe...N.."......(...r...Y..)vf.f..?T/'...;.P.kq4<.w....L.Oj...n.T..r.?..Ro.i.s.&.a...I......>.v.MkA......r.b5....bh|.Q.Xt.LR.".A/..r/..>.JCA..2.T....|..C..p.....h......i3(..#.."..1;.%.=$P..T.>M.T.X..\.....i...4....+...6K...-.' ...1F=.s....\..J$.......?...)...4...x...L#;CD.3.=O.Y.e.q..".)^.D......V}.iw..^..$..tQ.*s...2..b..*...>?...)8......w..OE.`r2..c...O.n"Ez..R...Mu.B..g.#.I`:.{.[.wgp0.4..>.....H=J..M.K.7ozwRV.]...%.i..$...UD..I....5....&.Y7..y@.-.X.a.......2n_}.#.^>.;....X..p~.E..%5.q$....O...r...`T...8.x.;.Ia6F....-....L...I.E..QY)............N..8..*..8f.uI......]$.......I.....`..y"....Y>..|.d..U.Z.;.^eA@.UJ.".....sy.dU.....b.,6..q.....-../R.....*.M.1.i.zkW]n.{..=...}...y.2d..fj.=I..DW.{...N..W...Qh>M}cby".'e....4Z........p.l ... .(...*a...>.L.o.n.B...?0..7..1Zid.\#.`2v.xFf..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510000v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:07CBD78DF9327483B05F9ACAC5865ADF
          SHA1:606BD7A0004B6C8A08F3AC4A34C32C274F924659
          SHA-256:8C77036D57C8FB29FF639C8675F570AD59E9C4DA06B6F26FF40D78EF3008F781
          SHA-512:8220E88E77DE978F328F20453D36D78BBD781528CFE7CDC738E524F2F54BDED0558D5425B32F1684F3D43E414BA45511D01C5270FADB6562FA4B4DF7BF2262CE
          Malicious:false
          Reputation:unknown
          Preview:<?xml..+*q..#..&.Tz.~w...'..Z..(..2)c..Z.q.M...(M-vVF..A.......K..^.yu....x[..,...G.z\.l..%.!.}..t...B...W...N#...S..4.Yw|..{.8...3]....w.K.-MG.I....9B.}6..$n6.,:..=.r.v..&gN.....wb....Xt..E...}%[.~.z.9...1.....Y..&...... ...G....JB.3.....dbaq......u....*v.F..z,,..'H7.5,-y|._S[.[w.."....+,.WvC..x..[..xJ....^.B.u=.po..^^E.<?CL.i2...'.2Pi..!....s...eUF%.%oN...`6u....?.......c_..........H.....#K...#~...n.=.n~....}}.Y3...V....f.e.K..jZ.=............ .).....{)g....1.f........!..E..y5......).........g.....c].L2..}r0X.N.r.9..............n.C..H.+.T$.....@{.%T..n%d..'..(8...?.b@].s{.&.{=..J..^[.xZ...0p.s>...@....>..s....<...&.....3pG&t...t.x..J..G.))...k<!..R..j.]y..c_.;8..{"W.y=..:l..O...[...p.h..L1..n.o..]..d.,.&..$.........7|......K.^....F.....D...Hq..]"..G-XQ.:..(..)...=x~..YL.R...&...A.tb.\..-...q..+A/.x...5[8.......rB.~0......N.2.r.R.v.RzV..S.?2.\..F.......k.^.a.o.]-<%.tOZ.....).....:....yW[;..D/4(...........W..m.^&r....E.A.."...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510005v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A345B7187A1D09CCF03D1078C311E794
          SHA1:F28DC7B28B71A9498460185ADA8002134CC674CF
          SHA-256:24B6CF69485B9AEFBA767FAF26E078F7AE215636E2213178E73512388FEACA19
          SHA-512:A71C5677D3F2026AC7E73A8D094B6EEBF913144638DC96CA0021069D774D22E424D22FFAE1F476CA4137803B81CDB8A1CACDA43BB55469F214CE503938F1268A
          Malicious:false
          Reputation:unknown
          Preview:<?xml....a....[.A0.V.).m.9.."lN.j.....?.."...x.7L.Y2C....Q.9.....%....%s_h.E. P\...A...qhX.7v...F..X.....V...U..m'm..j.T....=......d)..w..G4...".w~!..dhm.T..a`.....(.....A..-..=5...g..9.@...,..'.h.P`.....q../i.. +*.k.37...PN..t..0...8.3.DG. }ly(?.Lzj.d.gajvj7V.....|..X\.e.t].....V.A.../2..4...w....0.9%E@...6.#.s.O...o..P..%..G$...Zft....q}A....`5E].c.V./..R|..O.1K..y.n.<...\)'...}.m.z.)..h..f.r..>.;Q.N.^..*.<..C:....X..\...G....r ...F.M./.9.`.._...z.8........^....N.[.o.v.ZE..F...-..........eV...0f..9.7......D.,.f.p]...,....S).W..T..B.G'#..n.m/[.,.^...r.......G.#v`.7...Z.x.H.h3..F..c..V.wo.-..0.....?e...u.E......]..^....(f...U...........:+r...;bG..e......m../..=.|...E.l.Y...b!.....%.?L...J..O..x.wV;..e...........|.[..\...)%1J_.U3.=.."I#.~.'>.....}.......J..j.B.t...&w...z_'.no.U.J....<M..t-H...k.rq..on.%.a[...#..Mb.8,.]p3_i(...G|.....F...8...x.d.......^.%."....A........\.......A?g.........d....=*.).UG..#.#*Gq.*..f...*X.S@..&.....>............

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510006v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D0759825EE2CBF054887FE28557E7D06
          SHA1:7096A90051601F85814EED6FCCA5BA5F0761EB4E
          SHA-256:05B01406AF0E6B091BD010FBE344EA77160191FC4D250C56356260E631CAF91D
          SHA-512:F470BFCD50CE96989DE5C9A0EC0FCE5753A8D56C0853DF22025D35A2B72E5D013FAE573E824D91F064EC0C5EE6C5323C2277F7B8D8FEF96C093A945C1300F47A
          Malicious:false
          Reputation:unknown
          Preview:<?xml0..Y...mv.}..'......f.sO.R.ti.<....%..,d.<.M..3=....p....'.6._......t..Qny...w.......c.<P.wh..l....fv.m.C.j..[b.`.J8...l$....[..}\...6.v.?B.........9.,%{KN.B'.0MV...2.Da...W........e..Y.h..RD.......H....2....e.....k%..GV.Y..F...j...t.F..w...c.b..N~~.l...8.(....}&.X.....|.D!..E1..(..e.e&.....T.(, ....Z....'....H.W<A.n].~8..<%...,8.....V......H.-...`.UJV.hRyaoJ-?zT.G....M.:......t...:...4,2.....f.p.Y.".U6!..LR+Bo..eonE6...9{......g..s.gC.$..uR.rD.0....{.2.D..YE....z."..$....^J;....O.a=i.7t..w.x.R..2;!B3S.R....~..kLI....R.....tR.zu.g...+.F.gYG&...mr.L..l.....m.>..........+.b..ik.0.?uq...gv;U!}.R......F..AS.kr..4`.k..S~..;Uys..../v.U.$QaBICaZV.....e...h.`9..{...q..O#..|.,...g....<..+....Hm.....i....R.u....k.e....[p.y.Wo.}k..?p...%.+.j......m...(.et..:......|h..v..h.#......c..A..\-7.......@....QF..B(`.....2...y....~.Y1.>...4L...C..a.I..............9.{t..A!...."{z.S=.o.>......]..)K..H.....E..*.......-5....O........EC.*d..k'$".j.)..G..^.&G.'R."

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510008v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D80A19429515B1F4228FF7BA5B585D43
          SHA1:3FC373B9A12E33CB70C7F837496098D77B2486BE
          SHA-256:EB1CDE7004510DB0E7EAD3AACC178B05499892855B0A272EA78879E7E65248F3
          SHA-512:9FCC0E3464229F16122AAC7BCC01F34EE3287394E37E141227CE0043B3628641FEE794A5FC89F447C2007720FA8DEDDC20F441B715AFFD4DF6AEB966AA8B355A
          Malicious:false
          Reputation:unknown
          Preview:<?xmlN).h..R. .....M+Y..H...w.JdT......e.c.}.diVu9zP..(....G...aj4s.qn1.*......_...X<...."..f...O>.....5y..W.b.1;.@..b.'.mAr.r...h".E.....}.:..............*_/.W.0..........8....2O..^..1g..Hs.dM........_DQ.T.Py. u....W.}.Y..i.E.1.O.c5t...{..........D.?Qr..S.L}.N.Z...U;r-GW./...9.; ..^.}....[...>/..O...4+.N...J*.P..V.I.9T...{....~yn.A....| ....#...fc-../.......&t.oj<.b.....m....u..m....go.My.....}..[..5k@.m...f?...{..`_...........D~XH.@{..s.y....DH\...W1....=>. ...[..O.....~....\.#.|.<u.+j#.x]...B.y..@.X.1........#..2~.Ox..k.N`....[;$.xsI..P.".......,9...o.+.t$..f..hNl.h..4........R9...s. .)...q.[....5AQ..|(!w...Cf..U...v|I.u.s.9..r...@F..NnT...07H..n...T......En.'6..#.....AY-..,.<.....!..$./.`.y..N..a%'v.u..........C..o...=.U......._.-j..e....vD......V...gqc.#..<+C{^?c$Vt*.....w...A.......2N6....t*.....(U..i/..m.Nf..L..I.XH8..y.k.....+...c............e....c%.m..e.T....L..P..._..|..0...)9.%$..|.q.wu....:..F{#<r.r....IJ,..\....a...m.......e..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510009v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8ED9323A12C74803740FEB2474F793FD
          SHA1:61975C5055C9E62CA9FCA95F9784817B73B2D709
          SHA-256:F37F9A8B9A365BC717F17AF66C07520BE28FA978E7E6D5ABCFC029E03BA769A2
          SHA-512:4FC9D44C361335B8736F953ADCB810060A9FD37E80CA8832F8839DA41D2E85D4138AF349A6031DB98831626934626213656B3BCCCC6F0181BC4705D1F634319D
          Malicious:false
          Reputation:unknown
          Preview:<?xmlG.......@..8.Y,Mx.'.:..v:...+L.C.s`.r.P..k.6?.06.rK4......W...(qj<]A............m.[G...A}D"./.QASW;...A..............9'...w8`g....T.(.<.X.e.....h..l.2........S..M.5.q...z..C.F!...__Q....I...~bm....;QvC .r...p&.lr...........u..O4y.#._..]@r.N.............M.`XS...7.-"%.b]..W.b.2q.f...!.......T.K|dKQ.n.S}9`<..s.?..a.%t,.z....o....-8WT@.z6.fS.`..9e........G9.j0f.K.K.J...G..&.{..-...z..H...I..MW;@..IK.....r..9.f..f.!{..]....E...........U.....|6>=x)..,.....nQ..u...*..p..8.VZ...!.......5...T7...;...;On>>u..L._7&...$......Ko..f.H..@.......R<........X..^..q..;(...^...%.....(...v}.d.q.....c..<..`....x..I...L.z?#..E~...V:.....y............Z..p..2.......].M.7$.....SR.i..(....1.VhZ.YL.z.9..~..'..;Hk.G.y...'....>$<m.c=.<..a'....<.l-........~..9.w.G.A.......e...U0.W.f..a.\..I...3..o/......B/.u.......? I%...#.(..z9..?UM.fr..u..HBuAS....Z..b.rN~....]...R..L.Z.e.....OY.....[..C...74zg.........J..-...rW.y.q<.R.w..+...'...V........%............*s..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510010v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D7F65561F1D1CC099AC98959DAB1CBB3
          SHA1:8FB0CEDAB6A08569D533E143459A6DB5D0A4C1D6
          SHA-256:7E69F9CE2EB24D4812D60D84B5F6C2B94D0FD9E41C7DC869AD734BE2601C1EF5
          SHA-512:2B58CEE9C32B4A68BC362166D5F5DB72E256A2565D8BE899E0495A2682D8667492F8308AA81836256CF5F24AF92A69E67223F41ABD4079754B38889A0CFBE47B
          Malicious:false
          Reputation:unknown
          Preview:<?xml.2C.0.ko.ur.1N....A......x.C.....!.l.;.:d.d}..<D......S.a..r...}.....q.../._....)..c.pUdP...U..d.+.3....\-i......^*.x..@..H.<.D:.Y.3..q..!C.....q1...T....2.a.)~.....d...i.5k...u.j]JAJN................P.|)...8lZ.L...5..1F.>,...s..KC....e..*...q.-..+f..s...Re.=..E...."PG.....- ..\.l.e.R.E!<Q%.rY.ib.;t...w.h? .3Q.rb`X.x...v%W(.<..}~.l\..t_G.c.*"...s*..@..s..<.v..A}...=...b...X........b.E:..z..'.f.x.........=...8.<..<a.Q..$..op9.j.....t$.,.hf.....O....9o._h.Q..E..b=.xbR_7..F.{.8...{.Q......S...M....<.Q....c..3|..;.e;..#.Ar\.t...H..j..X.a@....GFzn..T..Im..&(L.9..#RO7..P.F.U.P2.()!.uo.R."{x.YjD.w.......g0.N.....o.H.C...:%......"@f$...........<.....q.-.)..;...:.L......N....n..j..sq..w..O 5?X..Q.=jf<0......Uq".5.........2....JS...6.[.H....g.....ZK.uo...j......[*..Q_.{a=.-5/^.d...@R...w..D...,y....T%U..vG.J...3f..............hB.X..o....g.$.e..l...L..a..g....h../.6.D=1e.jA.4...w..c.n8*..pY..`;.[9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510012v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6D686EA0015AD56736D045C58D0C8EF3
          SHA1:219E3C348DF0CA062B81A65D3C36082F6E030D89
          SHA-256:A921B664162E40327E0EAD6BE6A87B21D06E9CC8B2BEDBC2C249E54CCF7A7BFE
          SHA-512:6E302962EB6EF7719C6481148EF037CE60ED8D1CBDCF2B7F99969550507E759A23868A15CA5532A360FD4A5FDAC12A920D3D54F8BEF35A3BC66BE3B69C25DD74
          Malicious:false
          Reputation:unknown
          Preview:<?xml.".u.xt(.Q.`N..'][.|).g...wg. .p.../.Ou|....v.....^..X7...T.u.]...~.....E.?...a..9..........K....].vj...._*..\.l...[..z..n.J..S...(.y:.H.X..=..O.....gj...6.b..-.I]Mt....M.).K3...&y..!*.Y.......}.43V...\Zh%K....Gxx`U...3...F..k.9...,e.V.......P........B..D..L.,........H..Fq..9.J.'(..^6.....s,h.W/..F...S....!.n.....F...S...?......#..j...qZz...6......Q>~B.&..P.....R.;.P.*.Y....8\!........H.>.5LI.aK......".......w.?../.|2J.%.1<5...bz.=Za...t...$I.~.....5O....c....=..K.mv...{.<Ae...x.....VFZ\.....U<..5.d1YG.!..."...Q[.....Yqg7:.&..{.<?.C.....k...f.7...?+.V W_.Y.Ltw,}..D@8......Q...&..$./.....-..vsW..g:....{........>k..S...-.._.*...~w.....hgy1I?X.b...x.....#.R."...J..Y-...d.....o.......cN........]....dr5z.G...{..../(.w.]~...4...c.....rf...8.>{....L....0....;..#...br...P....SK..f...Tu...r...(.A.u.=.s.h.z=..G|...g.H.XxR......3......&.......m2.4.}..Z...G...@..N-....^.0...ykV.D..;c.7...(&.T.dm8...7.;.h.......+..1.U.AXR;v`...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510015v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:63EFBC13019087DCC0A6C6586318832D
          SHA1:76AFF54AE83F78B568F6FDD42E4CCCDBEA6E568C
          SHA-256:A56E5FCCEDDDA1076B340CB6EF2F78255ED75832142207ADC8A8D9F6B27301EA
          SHA-512:C07BE47DC8FF735D53DD5BF5200BCF05D36B651F6B669AE26E643F0BA926A97F2A742B3F56EDBFC6774D1AD647192620FBF7CF5FACEBF3255730AAC266187C32
          Malicious:false
          Reputation:unknown
          Preview:<?xml'"Lw+...#.]EcKL.0._M.S...~."..].x.k._.!..vf;..y.J.:..M...$']1.EAl.....^..B...c....w..Z.L.Y...`....J...B@9...}PC......kB...+!.n.....nm.e...w...m...n..$...Z.S...>..dt......*.......X...%.y...o.../....}u.~.. 4...I...........,L5..3U..6....+..f..\....g[.U...~^.FM..G.......5...R.....(...*\.......^P...I..y..K.YG}T:zX.h....,<>...\.5.$...`..|..........za..~....%.........T.h...M.0.M....B.1<.|....J.T....(..g.^u.d V$.D.h..T..2...ES...0....hE."O.....LyPr.uC.{...%.>.l..c..T.(Y"f.:..y...o....+..U.g..L.M.....=.(QO..gh..n3..)..;....c.h..../.@...2<n.`GA.K...<.sxM.h..?:.._.Q&.v.w..8a.b...U... I..n,....&.D......w.Z....P_6.......NO...M........W4..f.HF.%.L.~...;.%{9...G....x..9.q.\0~@.-.J..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510016v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:75A381E5E4B64A7793DC8FC0B5BE2E98
          SHA1:D0F4012E9BA7FD7A04D81C6D8E197D91768A2607
          SHA-256:CB2256C8107FFBE12AA0863FB2AC0CAEF4FA450C1788AD155564085D03992C1E
          SHA-512:44DFBBC4EF327A7202EC57C2D5ECCD82506AB8FC55A7D91182B720DEA4D533D220CA0BBCC07450C7B3E90A608162EB1347EDC283D520711EA37F75984EDD5E64
          Malicious:false
          Reputation:unknown
          Preview:<?xml..lN.S...?.......K..r...|9.|O#[.b1.>.k(.....5.*....M.L.-.Bj....|..E.n".0.8@2....Dr.*as........1.R@..1...]'...LT~s.M..k.....\52......Z..qs...*.SJ..p'x.....g......h.<m......B.H..XU...._&....d..7^kEJ....d.C....Om..<..9...P...n.....).<..">*2."e..P...x).^..V..k...?....Dy`.B.DU...../qp.i(.{...g...7.*.....U[.r..g+HJ..=......H.)...7#.+6..(....Z.n..Ce..g.=...t.j..%...e.n:..w..2.......t...v....m3...=..{....^dA.1........F.$?.iU.{..@.v..|.f.N...[..@.'{.4....@...Kg*..p.L.K.......E.a.X]...5.........Q.Jqh..+w..2..xw./........$?s`={E....4.9....8C....aj..............\r.:K......"........K.....9TZ.U...a$.}.]=t..[.._.^b{2..y...Z....-..J:.....u..{g).y[.....F.|.R..'.t..3...>.....sd0B._.I....c....w.wg...v.._".>.'..%M@8T..._.|qs...r._...X...H....v..D...[n..=..=..N.u./).6.).l7.H.p.$....0&.5.:c..k}...y..I.U..J#..+......L.hE.\.......6.....M..K....(V....eD..a.....#.s..;8.p...I.Q..}r..Z..k%...^.....[-\`._\E....j...4i/..J%.....Cs..F7.P.m..:I......S`.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510017v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C3EAD828B639AB044E75483EDCC96E45
          SHA1:39E47E18056B1E7468A7B4646CB237A669ADDEB0
          SHA-256:B7C0C6D3E6B674E225E1642674A03AABBD8BA9AA40A06A0072CBFE9A787AA18A
          SHA-512:1A13E854DAF85CE8EB2EEFC1693FBD89B83BF8F06447BAD2A5B6B76658B00C604948FE2BD0D6D3EEAE81856402FB139CFD7F74E775BD90F9B6E36A354A87CBCC
          Malicious:false
          Reputation:unknown
          Preview:<?xmlM..S%eg7...'.5.........QGU.j.^..~.eg]...y`...~2,.U.g./71Vk.c...gJ..l...(.54l......P....._...9J....<...T..{T...?..4..s....Y.R..<>SM..$o..l}.*...He}..9.......o*Jy.........g....![....R..t..>G.j.<.D.>.....0..... ..1<.u.....T%.Ke^]....q...dt..m...S&=..3....I.s..,.&o.*..[..J+...N_.!.%..w.WM.):.t.`......*.........F&..../..$...._....0~.9.]VU...\.o.=.......P.J=.\p..N....1e..g.pI...yB2.L.z.B.(....S.M..u..A)..Qz...'..0fl].M....&....h.IT..Nw*.....`c..J4*....l......>..n.T..T.>..?o9(%.+.Y........-...`.v....j[.....8xtt..B..fh...9......,.\U.m...p..?..y.Nb._A..nBAn-..#.b...%...k.q....:.W.nI...Ww}"...-.O...l..UY.r.....|.".e.X..J.........mq..b.z.?..{.3...L...Pv.q<%..T.......].\r......a.g1.....}....h.....k..}=).vk...OO..8$....*..;52,....R...#g....YU....A...j.....=.rdf4.J.UDx....Q.e*.3KP;h.0 .D......y;.D.J....-....Sp....E[.9.?..3Y.B....M.G.g.G...W...h;.p.....q..H..-k7......e.y.....A.-...8...ZYK.>..qn"..s.1.....=R.`...D..`.l.AH....X....ib..28Q......9.3t

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510018v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:38E11C84BAEC9E24AFB49FBCA5DBCF7F
          SHA1:1E37A04AE2FA18BBD2606F711E7451BE8CBA63DE
          SHA-256:17E56DA34E3D988E62353E8DF56B75E4052A62D2FAC7BE58C8FB8C6485FAAB19
          SHA-512:E6968FBB6E4985EC4C568A761F50820070BCD2F482BC1E80E2DC545282187F53C1B9FFDCFC64ADA29BD189C1905CC8324CD385EBA0F7FB0C86E7C676EDE4B6A3
          Malicious:false
          Reputation:unknown
          Preview:<?xml_..".7l.....a0...w+...W....k...3w!...........C.;..y.r.W'.V..-...?..n.,..+.)........c.f..o....R>R....T..l.@1..{k..c..3K.-^W...X..P.C.r|NH..9..DK.\.....h..].R.B..f..W........(}..f.....?.Cb.w@3.J.z..'..M.....P..[..5...K.f....4......u'.+._1.C....Nv'4.N@.>.:..m.$..<3..q......o..........U.....j.UD..tt.S.cr?.N`j.......K.F!...7x?.j.g{@a.}.....k......_....+...Q.L...S+..g'..`.C.-.......b,]..2xO.G.?..8.<:.......W..1{.m.tv.$q.D.x/R..b3......n.y....f...^.5fJK.`.`.0..`....N...i....8....o....Ng...t..b....i.$.$..v.?Z.,._..,O.._Y.MI.....y..Ii.P=..P_...q..mys.$..f....K....M.5.7.....t.=..E-..wb[I.-.hF=......:.l.A.t..p....,J..PBb..N...*l.S....(e.+..2{n}e..........]Nm>3.~....v.q.1..x....t..k..'#.H..d.7cZ.YR.b..o...8j..5. O.X... ..Q.}@.$)..@.._yDU..?.a.@U.yt.F.p.[.Jk. d.Sx...{(..@.[...lf\Y.T....L..=.P>A......7^p.N.$N.s..Bc..l.BWQLE......0....<%T......$V.w~b..m3...E.[.;.^.#.g....@.?..5..Q..:.S.}.x.Te2.._..N.v.y.8.~.]$ .]..2.V.^e.Xq..[`.M.Q.(.....$m.B%...4......e..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510046v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:79DF660EE6FEA99063C850262CBEF0DA
          SHA1:464CF05115911D794F095B276FF7E79CDA1FB125
          SHA-256:BF365DAD7A79A05B004ADBAE814206098683816EC9792656778D7FA35406EED3
          SHA-512:616F2475159DFA3A429DFB7BD527A2578641A18F47358D74B97F8869203FECDBBDDFD0DB1C257F105B274D3204B79274C03D4EFC87FC603724B7E3FA0803B990
          Malicious:false
          Reputation:unknown
          Preview:<?xmli.. ........!..b]v...{.}J.^t.{.'{....O..^..r..}B&W. ......y.G._....._....G.0.G...'.q..p.f..s.e.u.2T.. .n@..4|...m.6/.p*B..7...Pl.W.&.L.Fd.?~.\.N^.....9.....1:I.;........W..WNh.=.^...3..B~N.N.U.s...9.e..`/O.?..Y{..C..P..lx?.Q....o.F:b=.[..wg `.Ln....}M#..phR..1..,D.u.7k..].I8..%... .....j7w.^.3Z...(,.V....)..H.Hj..5....|..U.Y.# ..<...2.C.....K..7.$..].6....E}./.GG.e.r..z_...9..p+.......m.u...$..7.f.O;.....Sv....Y..}...y.6\k.8..}7W..?..HV..#P..I.jr....B..*...U(.U..m..R.._.Y..Y...b...../].........a....e._..w..-..u..(...?_MuY.....33..]...A.!.V..8aB.].b{.....2....@3.....4.D..grrK...i......B#e.$.;(>T]...4....xu.sX$...{Oy%.<.<a...d..&r.|zy*...y....jX....>.a.......U1..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510047v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:807FF213936B5CC2CB4B316ACEBAD8FA
          SHA1:9F9E12F3250B2688B0305F1596CCD2B3DB5F3A68
          SHA-256:CF5B5EA338C198CB6B4B1A9B974F5364E0622248692266AFB933A6047E7C7781
          SHA-512:68B99521B38F6A8404F4613840F73747D0EC3034877CEA2DF7FCC08D48D34FCBF20626FEACD311A9549757351F1C7968E8A2C95ABDA80C12FBC2D9E0E21477DB
          Malicious:false
          Reputation:unknown
          Preview:<?xml........1...j....m.\..2....La..'_......x..<.S...I].... !...H.e.3.@CVT..:g..f._..t.3l1..... .9.MH..o.6...h..~......iNYDE4......NS...n_-.?C..=."-....0.[...m.Cry7`W]=..g..%zN...Ou..Pxc..ZK.+.O..y .|Dr.^.*.MV.m^.O..wR.9L3....).W+Y.....Y..,U..;.,%.....:...EDQ8}Y.%&.s....i....J.w.i.......:7.2......(.....v/2.aVe(X.=.{K.Y.<......yM..5......u.%y...e.pA.bEB..E....-..=.m..((....F.._..j.l9t..j.........A ..#W.3S`..8.0<.._G..Y.Y...s.eI.R.8. T..tG;..6m.N.j%..&..[.=,.pvT.81..b..}o._..Y.G...i.....R4PE.Q...H=r[......kP.H.Y..lI^....#.`.E4,..\....%?U.C~o.tOUoQH..!..PG&...n/^M&...;.......{=..p3.+.......vq.;.Z.C.z..SnX.2.%...>.Q.}...7i.M..}.@.-.......s{....`.p2..Y;.^.+a...f..o..N.`.{........|.....o........{.`.p....wo.!Q5../.9......H>.>. ..PC\.*..J..y'.k. ..4.._.0....L...B..|1....>......q...p...j...etV....v......&.U.`.n.G...R.....9........I.1......M'...]....6.....X...O~,...6O...U...&...S\...i........s.$.j.gYK#.=c$M.Q.AJ..n.9v.........)..!Q..0.4....8.g...r....#`..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510062v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4B31E1BC42272E0760FFF3BE575A0094
          SHA1:F1F14C53185A1EC2F46098BF772D9E9343666E8C
          SHA-256:96EC66BB3072A33A3C45D15CC8E314D9159A45BB106E7FC535ED47C804D14952
          SHA-512:592A6EC8ACEFA79A898EE4D402F412CB08F91746DEA117DCC9073EF9EDCF7D58B2CF7D7A5CD3A0EF7823978CC59C833D0CDFD51787DEE9466FCD51E1034F36B3
          Malicious:false
          Reputation:unknown
          Preview:<?xml..tf.0.....u2.[....;R..)..4..\..p...\.......(...$.6....X...V.c.cmX.....2.f%..8..V..o.....T.4........L....k..<..-.L.&.6.....?1#+..u..;.wVB....,v.L.....yl..O.^..... .^.a^L..Ce.e...\.2.g.&...#.9.'2_>jP.z..m.....,.....?...5(.Sl.W......^h._.P"...!.J..c.....+.".*..F%A..;....".2.QPo{3.....,.l..1Gi...y8:GK,...M..<0.L5....M.....z....y....8ys.../0.`NN..kZ\L..[.P...[.A..@..^..03...|@...B..?c`g"..TC.>....^...m.3.I..E...jGA.../....G.d.zq.8.y.L......>..G:.u5G..a...=..<};.*.K....O..#J..x.(..........]9..|P...W..{s.@..f.........V.3-/.8...z_/l..pU.V....x<......vD..i47.\..V........C...)..z'ReS./.m..#...4...........>...g..V.FT=..+~..g...I...<..>.`;3.#......$Eu.sv"...K..t6|.tJ.6...o..t........|.?.....R.......&Jhqs....Uh.......Y..i+r.R.8.u.....y..^.*l.o1.2.....n..U.b.....z..5K.....vC0.7...&_...V.Mg...<...I'rn)...q...9..jf=.J6..Y.1oQ.3...l.Fl.+.0.d...B...h.y...H.y.}#..!x...!..."..."[....(...+.&..,...z.cVr.,Y.....(.......&.F ...O.D...9pbW1L8qQshua0c0K

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule510063v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D187A62AA31E32A0AC86134DE6CD4912
          SHA1:06D9ABA931D1614AD7F3B4A2A70484D69A26AE01
          SHA-256:1276686CC9D873EBE9EB61864900FB48FF73B352D03C877068B9A969ED052F9E
          SHA-512:3D3A3864C65A9877B8BBF06E7BE205CBB66DB2886BD6800909F24BB6463CEC68F353664AA125D14342121B037682A8E56C0FB9D3C28419B9CC0B64E703365541
          Malicious:false
          Reputation:unknown
          Preview:<?xmlwZ..N.......M.Bi.3...i....@..L..(w"...8z... .....1.&...M~#L....8-..@.h...9.wt`...8._YG.+...#.f'.....B..Vu...k....>u....1.y^........m2~7s...~.@Y!........S.N....'.m.../..jW.C.(.....L......g....7.@.ZM.D..5r.LhH.R..."....GZ..*.+..^.,......c.FI.Yj`.....u.-.......yR.kk..]...H..b..c...5....$...+..\..[..H.`.......wE...H.....kI'...U.^c...e.nd.....z[...........7.E..!..p........FR:.udt.G.h.eK...c..Q...D'*.P.J!...{b8.}\.8R...c....?..YA.!.......lM1...o....k..}.DR.+x..a.h...5............#.J~...-....j..M....?.L.*..cWsu...^oIN.........Z<jl.....(...!d@...$.B..m.......;.../...x.a<.........G.'.._.~..4....:.. ..*.r....W2..`.|.d.N>.ks..;..sH..M..7.#.# ...ti...:Y...i`_[.nq..r..).!..P.>..f9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63028v4.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:81C45AE656C954FBDFD84EB24DBEF2C4
          SHA1:4315214684F5DA9AF211082AED237E42F2A7100F
          SHA-256:8EC39BD5D239D5F007BC8E2D00F098A753B46B400938218A412B2BB741578DE8
          SHA-512:84AC0FC3C7047E33081CBC1F091AAE268831DFE3790790132544537AE1121530A34575BC236B5615088B459978EADFB77DBB34D8B7E5C932647415BC7D49A97F
          Malicious:false
          Reputation:unknown
          Preview:<?xmle.....:...c....B..J&....s..........;-a..g.+..e....S..B..J.*.36...]J|......\.7.@1.f.....2kG..... ..f.4.....)....._(.%.T.$Ic.6.X.....*......o.A8..1j.W....H..R/D..v....v.\2.Z3.......T.<..i.%...v......lqLB..x..2.7..RA}O......3.......4...SB.79|.8.I.Ug........AO...!...].KB..\.1.2.7.....a..gf&H..'D.|.. OV.7......!5/..?.s..........W{B..3..~.?L..\W.;._~......._ZX...^lH.3...H..x..O........5.:U....X..s..,+2...."..]....Ip;.c.}...!.V...kaB..`..e...aa..f.z.N..Z'..@.~.M....Pe{.$...o.?...5."`0....BT_......t..Hv..qT.vn-...h.....-..=j..E<P....NcI{.9S6E...]=4....;..~..MM..IK.Y.;......1G..o......=}..3`...?.5...5....`' #;....9.3)U...I...x|.C#&."A.F.B.j...]......|.....w.|.0..Sw..*.].YR.Sf$!......Q..]..q.....}6.T..z;Qm.s..F..U..q1...e.R.......6.......3P..$i..XKZ...E.rW..W~.O..O.n..Y.8=.=..2$...F..Uh......1H[.h.Yg.N........\..D#....42..../...w.y.v?g.....r....E.@.....|AQ)FC{V.1.Se<...}w..0Kh.=..jD.<$.N..l.@.;8....P&...q...i<.!..z+1...^8=..|-....jh.X.zr...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63030v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:05489312F0C770A67C8BBBD85D3DA80B
          SHA1:CEF446EAB3941B0C2D28E2BBD3E9831D4F2F8AB1
          SHA-256:A2153A4736C490F7DA644A44DC912664054722DACDD701DF38DC21FB642454AC
          SHA-512:231063A789D3CAE9C33BB119236C9BD8FB6E72CECE764CD6C8FC998EB7498F043BB0A347E6E33B51699B560E6F5787417B500EDC4A42E0A678A0A2A186F8CA0F
          Malicious:false
          Reputation:unknown
          Preview:<?xml..J.c2.Au..0{.H....{pL.Z.xzM.......C.M..p..s.5YP..@.N.....J.U`.ec&..r.O=..3......K..@.*.K...X$........&p.xz.SG......R.....f.'S...W.#0.Y.>.k....zWqc.&..Z#.h....T.jk.3..MV.,..6...>.E'..Yd.j+..h...y..7....6.....\u..T.......0...g|..l.....C...(...]Uo.nr...i*\.i.J.h.-.I..7@.".J.....q.....E<}.fA.u.f....rE%.......R!..."..q";......c,.4..3%.2g.fL...Vp....QKr.H.=...GY.=76..E..:.F..%!.nD....%....X.$]i..2.1.Wmu...<7&....mxU.Um..<.....<.).R.....r.5..,."2S.n......._..@. ..V..CLg....?.'.t.M.;.tq..-.(+....$"..>.c...%.<...^/.Q*.X.=02.1.fF...3......U........yH.N...$(k.>......\..\2.=+...(. ..m......+....zE..*.Q....G.....Ak.{,|.ZC....M.to...w.....Y.L...3.S.....`.{.O......q.@.....9[].Xl7E.q..o..w....#.....~.....9(]..;4..U.%....@e.yR...x...s....>.p+.C..".G2.*..V....F...|...3b........y..#..MP..b..Q....h..-14.. .k{.W....G)T....k....:.c/@$U... N(..&..+...x.`H...(...`.6N^.b...,..7V.....#.q....ap.e.6Ts42.y.Rz.Li............Y.%3.>..,.>c`5..u{M.B2..k...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63038v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:60F756BDBABC006AD67CDC5E0E95885B
          SHA1:022DCFB90E70FB99607BFCF024C2EE543D7B53C5
          SHA-256:FCC502599BAA59FB1B76FE4095047BAC4BA2D1C3BC38DB63DA46D69154EA5187
          SHA-512:AB681137888B1FFDD4986F728B0C6A420837C6017B217C2B67EDE463BA9C26DC7BB1ABF8120EB98AF292738D234E00A89BA2F1245C5EAC9DB12427733039C511
          Malicious:false
          Reputation:unknown
          Preview:<?xml..W:.e...j..%...%....x...4..].kU(_.~.....G9]C!@..-.....~.qM..qw.....Q.e...}.....O_.%9<#.U..N.....,.e.....t....cN.%~D..-H..I\.)..}K.....\..:....dvwf.....A..o..N.$A...=.+... o.....8..D...U.%.jO.J...r....#.Plm....*.....4.o8.}.....m.%(..m....h.g.....\.u.Htr..s......_qr.&..).r.O.B#..2...}.....'.5...B...!...3......Jl.x1...u.......*....w.B...I.Ze.C...q...$...........4Nq...>.....B.....:....@7{...(6e.+Q.#.1..Uh..*.b.......T.klc...v..ryt,.....Z0..Z@di.7p!..@3.w.#...r...:....d..Ni`<_C.~..C8...1.jg.'Z.....-..........H...0.*u..!)... ......M.d".f.83.a..... ....8....U..n....K..q..c.h.~..x...N.2.c......T..4Jq..d....X.s..{2.yKM..V.}....._l..}.*..I......R...#,.r.p..l....6.Hjb...<f.#......)...../..P..N..U@.....ou"........H).... .zH+.....j.......\~.n.B.5#..r.....q..#Htg^.4...Pz.."...#..bJ..o.}@.%J..A3h.'..........n..T...f./...}..WP8t0UvwG..`.....~.....HP......l.}.8..)..M.s..t.....W|..t....)..{.....U..Z..')......=kb.b'.....{.j5.$N.W.Z=.1.......c0.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63040v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DA0EA20A956B675B295DABD97252795A
          SHA1:9E6F5D277C3BD79406CC991EC642157AFDC163DD
          SHA-256:95228DCE1557900C921FE2CAE79ED50A65B052A72F332A8670E04CD8D6D474DA
          SHA-512:3B004AE7D7C78B6F3EF5CE05EA88C4EB06EB1BAA6DD9DE83E1C0D9717AE518141E4027375536D10A4C8B88B1DF47638592E6630F14C8A0C2CA917AA8669F449B
          Malicious:false
          Reputation:unknown
          Preview:<?xml,j...60.Xw.d:$.....].[...........W.......y..|]B...)mR.....4OG...%F.T.NKvY....m.A....#.....;....M.#..s.u...=u.:9z...X..L5[.q.O..e."..J.B+"...o.X*{....kL.z.3.kiv..[".E......p..B:Q..%..M.w. ..R.A..J..e.}.P.FGG.]...O.....{a.F,..(R..}$@.Y..u.....I#.:M.5g|6.4......%..$.j1.:`.P. .R.1G.j...`.CC.'.R...y......b.Z..F....u>.p....]j...-l K*..^..:o.....g..r...'..X.R]$......9e.....$. \.........c..-...2..}...g......H...y".....$%..^&.l.g....D.......y...oN...h'CO.K.B...p..T...P.....O.\G....Z....K...A....FYd..|.~tR......0.C...v......V....K0!H.4........C...i.K47.3...y..).....r@.X..........,..PWq...~.P.X.y.x4....C......\..\.w.8.,...4.dLw.df.%.....@t&H..B.?Gi..%.:^..y.. ..WG>X....k.8..16..]D....T...I8I.m.m.u.b..q......x..."h.e.~..u..l.{.%)i..Un^..........`.E..0.qi.\d%O[.~0.*3..'&(k|...;..&#.......*.m.k....P@X.BJu.]u..WZ....-qC.;...o..b.....9.......b.`>E..N8...f.".[,r.]2../...7 ..l>.b Z..`3r...tn.>...............:....+.......t...E@. z.k9..........3..=.+...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63041v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6566A76CFAA566597B3DAE0EBA0C616E
          SHA1:746E020B754C242B0F0E7300A13A73769FAE8B6B
          SHA-256:7D4D6467B19CC161A95EF760EBE6B450A7B3EF3220974C97CCF76C091D425FAF
          SHA-512:C0824DF40BE261EB91275A9430DF36F1A4C491D16A18EE0C61C0126E6755078F2ADBC954F6EF13C1B3183A135F38B41C289DF03C6E14934ABCB95C89EABA9BC5
          Malicious:false
          Reputation:unknown
          Preview:<?xml..;..V....nw.n.e...............u..0..X.Q.......g..mFoi+.......?....M..Y(..I."Q.2F.s.D(.L4]...Z@.....P..x>w1;....5....;:L...l`.!C..S..a......u{....#...M..e..B...C...>...2A...NEK..5z...o.....D.?o.....a.r...^*.O.....^+iU.r....b..|...=o.v(O...N..]uO%~.`....0.>.Sr......."...m..........L.....#.r..9.....D.U@p..$....Y.I.M_..^.........j=D.85....?c....RQA.....u....1.K.`....../..f.(.i.....r.nyF6.A..!S.I+..P.?.}.XpJ....4b..^.8....5......Rp.D~.%.......z..Y.....|...5t.o..k...m.F.a..'T..a%F)..A~?].#..C..{.........)....RN.l..C{......6.9g..@k.9.N.S7..~.qm.........Sp$..\...... %...f[...[..Ru#*.}.Da.(.-..?....P*...h.Q....H..15..J.]....p..o.....Qs.!.yM...qj.U(x. .*n2:.p.Y/..A..^..UF.`...lP...|$...6..`b...^....U.=$D.dw....y........8d.-..z.c+`....FN3.......1.S.d...i.....{...xq..9.{,....6...X\.r&5....#..rBn.Q9qNk4F...X1..w.X.?.&.. .22.Z......F.....5../..a.....7...^.... T.H.%R.(..;.\........~jQ.....2.....<........~..88......4....F...voi....H....&.8.w0.}T.....p

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63042v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:391366DCDF91E927A3A7A7A2F3CB7487
          SHA1:83C9605C8327C9D3E82F745F7B28E76C269E2124
          SHA-256:5C9B0B134E9200691C5AC3B11F334512616528015B9F508D72EAD168C07E5146
          SHA-512:C6B706953C1446B5E701892B63C073CCF2062B405C3DE16F7DB5FA97CEBCCF12B6F69C5EF1E9F1B8BF066C84DFBFEFFB9467FA0B8449401D7D43A08EB76F67D9
          Malicious:false
          Reputation:unknown
          Preview:<?xmlq.../.L ....q<Y..BP...6...z..y.....<..w..5.*1..V.c.Y..g.........iQ.I....A.Hq{................Q.8........Yrv..+r.o...N..u-1...a.... ...i..OV.]m..2....+/.a;..bL.1...o.....-v..m.K.{..&~...No...YmC....-f...6"s...k........ .K......D.....X.J..N:$...S.;...-.:y0T..UY=....r....#=c'..c[.....z.aG....CB..a.>......`..{#..4H.1..........SV.a,r........J.^.W...P.........k.....:..Q.ZcL.p;...M...............C..v..;C.....&..8.>1.X.S....?.y[...z6..1.K..p2.*..Qt...82......c.o............N..>..P....P../.1M.+A....2..#-..r....m./.........{...(...A6&...3\...E-..7.#D9.=.H.|....E.....~V/....].u..G.\b.AG.O.."...|!.'..o_. k...e.Rf....U..hUj&.S..m....d...z...=.J.&5F...0.+..\.F.."..P....,..8d.....e/....}.z6..Fe.......w&+...DJ7.%v..t.k\..C....A!..0'...u....h......LjS.0.V.YD..1.T....e..{..Au./@.]..8..l.q.a.....z&....Q...^..X..Z...~.A...8....i.Cu.r1....71..Mu.G.@l.+..hu..e..?.........M..8<.5....'9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63046v10.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:631E07AD348F0757ACFB14BFF7BEB3F3
          SHA1:E33CC6406924E646C489AF38B1C98F766CCFA803
          SHA-256:4AE5F2E7007C3041CD6F5FD21E03FD32779A34CACD3F7A79BE19C3C775FFBB47
          SHA-512:6E14D4A8962A608EDCDE203D24E4E78FD2B57BEEAE697F566B56E2D4C174B2D20D6D413939F6E3FD453402C919869D5F662BB8AE1FC140FEE75D3FE0A48BFBDC
          Malicious:false
          Reputation:unknown
          Preview:<?xml..ai..S...W.j?R..p.....QtK.g.uM..'...P......n^me.l_x#.kg.)...fvO.....C.9?{..@P..rM.C~.f\n......00.M..\.....v.....-....9j..bk.P..M.....@.1>J#...~Z...7.........$....&...=.o..@.E......|.A....|er...`uS.....!.jq.'/.S..o.:{....o..Ft....x.fqx..T.k\a.H.^....I..9q'.........^l.5.....pq....z^.[J..8....5TZ._.Y`v..U.WGc.kz.6...q.[.`.C*."...Z..&5r._...P..A.....f..m.. 1J..........k.....>,...[.........U.w8S.X.cs.+.bB...l...90f.C..Q2k1@.....D..2..\M..:...........,.......Q.=".*...:+..xXIX....N..VQ.n...L..W@.FU...Gm/..nAu.v..)......./A.<.&.W8.!}..p.2.7.9....YP..C.......t..`A.Q.<V.|......'...[......D...*....A....q.*b... .8.D.j......x.t......Wf-....L|.....YD...r.`.....c"~....U.X..............{.....q_.t..|*.... .eU.{{.D.hE.Ht.....~.A'^X.|.F..y..tq....u..7Q.A..,5.">..J.'...6.I.t..w)[.}!...~..O.^@pl../...K.n/...+.....&...&..ITo."]s9....`..\..G...k....Y....3jY8.....'..P|P;4..c..R.....&.Kh..}..ZXc.........rA..U.....J.A`sR...Y._.p=......6/'..p.s..Qon........y..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63048v6.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E244DC1EACD781F81C87F43C66E82A3B
          SHA1:332D71BCA39B7F2BB71307DE478F0734E3A42D60
          SHA-256:61AE2E8337D78B911FC46086879055C08DE78E23665FFA65957893C5185B02B1
          SHA-512:EEBF018E222E125E2F8CEA67B2F7A3E890CC5872BF47962E082A8AC293258D635064FF656CDA4F694B8AE0589F80382D26E78D896F418A2FC77E48F2F1554AB2
          Malicious:false
          Reputation:unknown
          Preview:<?xml3.....Y....S...,kV.U..B...y.gDED.|..........KQZ.......?..'.>.`cu...o2....&.`.7>A*...<.oQ=(.i..!kos.G..g6.d .m>-..f5@..h......Q 3k.J...L....V.$`...z.s.....u)?.`....y..@.....SiZ.m.g..,...CS...a.6.Z...j#..{..'.~\.....`..2..J.]1..a.(.N.J...'...2.h.!.O.,......2`.X....~V].t..[...n...SZ.ai.Q.x.r.....K.N?.J.D...(..!M..m.c....s......&..hN-.t7MJ..B..*Mp..G.'p.$..u-S....5N...j...#U..M.E.?.8...P.......#&...a3.Ec...r..rE.3a.X......Y<...G&....z....t..HGP(..U..-.Q....W..........!.D...7...z%...w<...iv.d.u. ..).....*$"..7.=......@...z2...8.c..A....d......n..%....*.[.]...y.j..nq.\&..<..)V..t..Eb......Po..Oq.i."rg[V.+>.R........:t^vz%......:......O:..H).........(.,O}..N..0....i.*."... ................Q...y...@.3.s..4...!L3.....bm..<...T.../...m5P.....j....M.w.....C.H...$.o4a.^.8A..............|E..~...'..gi8p.|...F...KU...t)D.C..)...$<..y5.U9..&;.f...zy.G+'s..._n.U.2R..AVG.,{.O.V...:.F.<.a.i....y.....mu....9.].....Q.;..Xf..D...>...C*X.q`2...l..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63049v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:871C70EC11ACA77E14FCBFF53C86D8D8
          SHA1:F20397241E8F9B005CF6C201B3CB52F4529DA01E
          SHA-256:7779D913B905B150D4355D0125B6B4F3D24D1706D62812EC6C02682FE9386972
          SHA-512:A8E5C58288FAA3E0C18FD807386C32D8B1BC66A9EBFD53A2BF56E2FABCD2CDF4656313DFC9C98F7D3582A5DD3F26B9A0B2AC1F783CAE01869CD2A4A925BB783A
          Malicious:false
          Reputation:unknown
          Preview:<?xml.....89.._.\.So.Dh...........m..mU...g..~..K3. }!.;.Q.....a.]v}....R......oz......5..H..`..@K.)j....LQ).A..........[D.-.bN..'zl..FdF.......~`4...y..o....n.y!......kE..^.F...X....X.... .H...~.$..rG.*.....F.8_. W#._0.C...5lBU.US.b.....}..a7....C.c...{...*...!9.:.N.e...Z.........S./.J..a....E..%!.>k..T<."6.@...%D.<...B...a..F....#hz...fJ%..8.........C{t..T.,..Y..mQK..Q..#...e.if;..t.-.....@....oz.9.....@~.m.....Kr...^..J#m.X.h=.z..FiN..E..8........}....(e....(.~R._.[.ip..`.L$..35..L..%....G.....~...q4~{L..!.K]m\V..;3.+..Sb..?...xw.....Dx....*..qW....jj/...6G.4.X1u'.ge!/|C...j7....Z....o......./.q.....m....t/...1....f.....pUM..D.A..?.6..1R.... W~.!2*di...h..Go.)ne.9|...n....:.ji.5...|b.g..R.A...qW........8^..$.I...........SO.n..1.Fs...]...." .o:.5...z-.......X..LT.v.y.rp...}.}..1.V.g.=v.V|...6............Q..p..RDH..%....`..Hf .(D&...0.{K....t....b...*.ha....t.BS]]i.7"2.<.....S..z&........U.R..y..}N.*..._G.X=C3..j.....~Lq...ke.n.B.?Q!.(0..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63051v5.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0EA01AF8403580BAA3E5178DE03A7234
          SHA1:4383BCD13D664003C6C6105AC1EF3C62917B5434
          SHA-256:93FD58B552D0CFC928A86B91C0ADA1CD290D8254B2B903CB10FB35255F05836F
          SHA-512:6B8C49BD1E1A5636100638552C146190F34C039266729A437D87132DC5E6912B784BB74CE4DD4984942DBD1596289B4E72D5C6CC65114B2E1ACE34C72C2A80C1
          Malicious:false
          Reputation:unknown
          Preview:<?xmlM.S1o...v......\....d*-%5G.E^..S\.axVh..lw.....U.....o.*Xf>...h..Tk.L|o..>[...I~...."..O..B..q9>c...p.;.p)Br..#p$m&...E.C:....c.G#.f..i.c...D...."/...v'7._Z^...2;....Gp.v..u...;n.......a3.z.S.....b.\..w.E'[A.........,._~i...sU..08.H.}.a\2XSU......W....6..b...)..i.."'....b.B(URF&...C"..............BcT.;..<GB.....RJ....S....?x6....s........}......r..D4...W.1..?R.i...?/.P......a&^.RM...F..3-..D,....*~:.Bb.k.EZX...fbQ....*Af..D..o..@.=....).1..'...X.......e......zs..?.....<."...m.-}.S........|..............0.]..)~..W...^>.#k..3....k..b..L.4K...`....t.....@..0....N.v.v....]..K..M.U....$..bm..s...o.U....|l....B.P..9.De..3d.c..Z.A)....:.v.W;Y...|.s.lyi.P.fK.W!s.G6.../.Y?...W.q?...q.,LRJ..$n..h..._.T.."y.(...8.{....+.\A..K$...*DF.W...X.X...D_;&&.U...xm..!.&...;.\..w..xPn.F.......x...a/.2.Jp.2...k;.2..ACI....gQ.@p5......|...M.Dx..Jcb.ReD..`.f..A. .g.}RxELO.RK.\#/b.....c6..j"V..........~....L...[....'....f&...-..s}.{z....\}..x.N.N..)

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63052v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F4EE43539394672B90D7ED3273054BE2
          SHA1:FC9CDADC02F8A97A5E358900C967FED6BEDB150B
          SHA-256:BC991C4245B1B83C11C6D1D9AD308B761DF46BCABF6F075BDE71D8D8A59C7A68
          SHA-512:C07D1E5851F445E7E8B7429F50C1FA9DA60C4E0FE44BE5F279C8CBD59F22501D713620009FC289815DD8718B78FFF488923AE76913AF1C9547151FF5211CB73A
          Malicious:false
          Reputation:unknown
          Preview:<?xmlu-..5].~..E.f..qi..*.....0....\......v."X..n3'...$..NT.../.o........x...[/.!6"W..C...F|X.G.p./'.......g.s.e......b...>G.N.w`.M....47n h.m......U:....?.@Np"q..sR...B..L..:.'g..{......o....{........=..=g.?.....X.f,...;.p......7).?.[Z.g..m4&....8|...._..U.m....DX..#.@B\.......|....._y.*'..IY?4....E.|.?..m..V.l..$W.....Y..g9...v.F.#..S[....|.qq..>.UQ.........*0.i...v..+..#..6s... n4.|.oW.W..4...p.h...L......2...,.+.L".]...;4."..N...0..Jo..*s.U........t;.hG.f.Y.CI.G,.A.7UI..]......l...[.S....@v..\z.........h..o9..^..eq..~.+...&..,.j..1.T.R...b...~......r.........w&c..qj.6...dSS.z...4.N...@..9b.}."......A...]$8.?.......!._q..(..9....0.....h.T.D.jZ..O.^...~ ..|..U5...258+.....Gj..YzC..R.j.E...#..Z...e.d.B....Z.j..^,Oe..."Z@Jyf`9T.`.&.C..@+T.].........TG&.}.F..p[K..1....}.....c.m....BQ.......:..~.....c....<q...HF.I..X..l5...j.........W5..dp.+.n.a.Xv(...).%.^...$g..G..* o....%...toB..k...._:)z.)o"..c.T&.I...0.x.L,c....k.1+*=..A...-`X.....xH6...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63053v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4FC84ED60E947015F1D17B3FF7797B66
          SHA1:FB22420B37CE3DCBE881BB559136894312381B5E
          SHA-256:88264F7F1B01C2E1D747E8E1FFF25AB82D0FCC2E7791C46BEA119A13A12CC3F7
          SHA-512:63E7EBB31733782927DF7835BD4C51273D54BF0FDE228264BED44248C78BA06A4B8245C4A7ACCA469377081534C334D647B2F64A937ED3056D5362F20C30F1A0
          Malicious:false
          Reputation:unknown
          Preview:<?xml.:x.....-.U.....9.......f...MTNtNX.........GM...).........P..,..L<.j..&t.._..4.x..A.....'P.w...z.#...I.....P&.E.Q_E...$..8*X...f.J...F.Y..\,...i..E..x....j...Q.P...L......5g..sL0..p9.{./5.Z.v..7.R'..v...T..h`.:...}..;rj..m-m.....0o...eM..G.1+...+ j....M.S.......I-B....Yk.]Y..Y..Z.<u'0u..$....7.\..&......Q...{...p.....$....'.'..k...9.......o.ZN...'........w...m..Fm.'&Zw..a.4.:u|Q../..r.y.......6b..4..8c.P..4..z..W.....|.E....#j...*&g.S$..h.=.~\xoW|2h...80MKe~..S<...a6.=u.#7.i.u.o.A..+.#..$M..X.uZ........M.&;.U......q:....S...faN..{>._*[r..I(.F...Pm...`j.3F&f~....{..Zpi.7~d......w.0...._(....`...0.Bw..]. L....EJ..'e....-.5d.e............,..O..\..`....K..@<];.q.xZB.......d.L62-5J4 aY..M.P..!X..o,....T.E.i...?i.f.}.m.._w.....XV.J...jR.....d]..Dc.!9`...Tt/.D.&.;.Af.C".@.Z.a#.Hzt....,.V.p.`.USh=_.)..........*@~.._...6M...&V.....9}I..T.....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63054v5.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:360A2A8E17BE56D9C72702EB6159ED6A
          SHA1:A9723CE5648B66EE38314FC16A33B2062FB37411
          SHA-256:AEFA63CBE7592432C34D9CF8D8C9EC61BCFB9371E61C2B45D18ED434853CFA07
          SHA-512:39F6425A96D0107D7911FA5AB319A5A24769C33BF799721DE2B4D98B6CA82B0EAF9CF042A7519D4528E5C4E686CE4D5B6723FD1CB5ABDAF8EACC751AB7C66D0D
          Malicious:false
          Reputation:unknown
          Preview:<?xml......WM.._....`.}O."ng....N.3.B.{..s.3.1.0v.."d.b...yKyn......d..?..<.._....9..g.S.........F.e.... &...0#...c.5n....V-.?c........l/.\lux.S.]..o:..Pk....V.K...........:...P...5..Oa....6...HG...Dxqn.E.f9..S'e.N.V.U..S'>M.j....R.Y.`.m....~..e..s...(.X g.6..0...iHzt)<...3.s..~.`.....=..O>;..`6n..lQ...e.*f.....]...\....:..........F....P.a......1,B/..=.2.<..4..-....L.Z.....d.Dgh{.=.1!+..f/.+ek5....`_....4,.l#......h.n..9../..#d...;.``.:;.Jv$.'.]....B...g.[.F...Pg.Z..G....i..J(Qt.-......P..L.2....t..3c.*..r-T......j..s..lL...rv^0.........$.|..4..)|...0..U...s.....KC..K{,..2.x.s....0Hvs....j..Ke. .I7.E.".O..m....$....`k&0..L.+KY.>..:...A.m..i........]S..;;^.9...X.o....&.4.3....H&....;,:]...."...4..W.,.G.....(b....{S...R..2..{.Wx..y^.d....*.7..Y.F.......j=I9$.7:.oO..1...?.rn.J.....h.[l.. .)..........8...!.BK<.....N....W.... ....=......T..h....n.U<.p....{...j..u[.e.p...V..'w..F...A,.g.h.K.*.b-.R..4.F... .X,p:.0....X.b...c%Q....Q.4.B)

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63056v9.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:321ADC8D41CBCA17B87391BA565D61A3
          SHA1:B01A7C2ED7D0AC21552BC7A69A87781E81A044DC
          SHA-256:F0A7E18350DF11F1D391C24569D405B44CE05221055E115D764498B2A1D703FA
          SHA-512:D16381321F9A1DFC85CF04F1EBAA40AF6F23A8DE2C43BFF79E5AF506CBEF3954009BE679C96E61792E7422AD6E80543E537E2C3C997D152EDBB4D0AA35376989
          Malicious:false
          Reputation:unknown
          Preview:<?xmlA6....^4h........-.r.....H..J....zg..4H.3.5.(....n..1.(<....._~tw.x..)..jl.T).!^.P.....d.E..Z.:.;.u.?..n... zk.]...B..]....v..(..dd.\m..zd.-...;Q...=.<b....}.|.W..8#..+.fGQ..$.j.@..../..@.....<..cM.&.t...P.>\..U.....YA.5..{.mos.U...py.'.......i%...8..B...H$...FF....w.;.....9..!A.n@S.Q.....]l}K&....L.E..A#.........#.RH.c...g kb....1.........?.2.G :..._.gb.@.e.+.;...UK........I.=.3xY...G*u63.g....8^}l...DYp...0.R..n.-*.`.....Qf...........OS[8....?.O#A.}n...z1.d9"aG.t...+pS.b:o..[....h.{i$.f.2.<...Qw.....0.....>..pY.p....m...;.:.....*.kD.0..3.{t....et7..u...Q8.1. ..........F...:.7..@..*...u....w......r[....g.+~-...*C..i.......A.=......y..X.eQ.....:...O..5.....(..G..y..h..}0..u...2E.h.F..{...\.....L...^....I..LH.9G.....<.#8.B.<,.5..".My.%...Q.Y.F.z!.DV.T..B......Nd.....J.Eq.rh...X"4...#`..$L..H...U..JaZ.(.?.....>eX...!\..P%D.#.O.N.....pY.(~Y>..L<..*...Q.....u...2..=Q7.........6..\..z..<H..<..B..^....X.z......ao.\.Z>..b.&.~....:...7.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63057v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F3D7E8CDF618AD16210EE7DFBE45F6F2
          SHA1:828841403EFB429E53472C49BAD17ACF3205C2FB
          SHA-256:2E6034BA314BFAA91B46B0DAAD3C95125E1D534CD0967B85A4FE0E0B039A766E
          SHA-512:FA87397E0B4DCBA19ACF9B67514769998CC9E2EEE9153937DBBDD08BDE67544171C8A5970FBCF54BB2529A125E8220FE003B262D24B09CAD09E160D0F0D8133B
          Malicious:false
          Reputation:unknown
          Preview:<?xml...C..^p.!..?.......+.=.}QE<..l,....Rj.mc.a.U..5.)WE.....N...e#.X^.],Z...B..d...V\.6.^.fEM....6.......+x.;v@.%...... ..~ ..YBB.$J...l?.i..!..H.f^...5-....fp..Ts.-...D..n..9..O........,z ..o..$5.3..4..D.u...(....Q4.4[..9....i....8.....F....s..K...y%K.A..K. ;..V.W.....q...>..........9@.......U...8.35.....]..Q.@.A.a..04.1.*..;1....B...W._.c..m_........X..3|b...on!9/l....).B.).{.$`H{n8.p..=W5.3..Q..W.X.p1#q..k|Ju%..qa...v..#?^..wK.x[.?u1OW+.9.2.w*k...ltd#..DD....Jp..>.-...x...5AB.b...~..~.}.X...1Z..nZ...B..9.....a......B...}D......$.;.I..d._....V&.U........_...&HVn.I2..5..J.A..r..'..0..}...ST}&.Q..,.F.m..<..6.A.........U;'..%.v~..Ftw.0.L..a*..Mf..l.b...)....ff._.Ga.....<..v.%..`V.z:...*tc..%.&...Y.s....).`..%.......q,C.V...G}....P....C..-........n....|l.N.....c..p.@/.]*.fV.cQ..%....&'{,^.L..<.V.=.S.]aeU....u...\j:.wQC...C...........i..!O9^^.f.%..2.....5...0.'.u..p...s.)...7..r...c./4*5...l~SQ.|q HDq........W.].iE*....t..<.t.%i]..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63058v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7FD152929CBE93006FC8D0B62B3BF4BB
          SHA1:16675FFDFAB88DCE95E6508BE9698A7C41138DFD
          SHA-256:F8B295C9FEC3CA63DABC6260736C68F7ED7B0AC3AD4C5FFA2ABC65B82F971233
          SHA-512:CC4CB29C1050F21D95F0077381334D6DD28279E419714D2D0BB835D665799A02BBD05BD554AD5FF4AF0C7541C674EB1CEF3886D88A7368FDE6842281ED79EEA6
          Malicious:false
          Reputation:unknown
          Preview:<?xml..6..NnL%.N..j....HAl.N.k.U%.go..@.}.s..c]..]`..N.Yo.oh.......}.....:.!p.n4b...bR.Bp.?..M.3!7%.)....b..1...j.K0....Z.\T.X...#d...0.....|.....i..../._..tE..}~6...R..=.o..)t.C..V.-..r...1.Z/....@...(..Dmf...`A.W...k`....B..&.g6...[..........E.BU'}6?.>K.?B.X:.3mK..x..?.j......Kp_.8\E...n..^9.....@}..K.58.... ......q..?d..oo)......#."."........">.!...*Z*2.wd./.bB...w....wl..+(........$V........!..ZE....%Qr..X....{...J.>7...C86.^y.@WM.q....3....t ....i\....w.0.&..............-.5.'.+.>/..V..Z.S..X.1z..j.`..`.5....m.c.F..o.^1..T........&.+=.jI...'-..^..........^.tu2..I.w@...(...5.Y@!.I38.%.~....P...\z..;...P&...1..#`.iT..._u.x..m.X&I(....a...r../.o.e.i=..x7].Rk.g.%.K..U....g..]....!.t...?o.`AT......'.<.W....:W...k.j....|..f..'f........'...t7......*....E...RJ.gu...!......V..7.M....7.&..R...Nj..n;..c.gE..<....&=.[..X.Dh...fx2.....T.4....5...UAw....Kg..QP.Y.,g.....2.......<#..{"b..S.:E...,f|c.`..[..[,........*y....L.j....I.6..2S.Ot.[.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63059v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0AFFC3B3AC96670ACDDB108496D965D5
          SHA1:AE3279812DA216B02FB40086CE35ECE9CE087DF3
          SHA-256:907B451BFA688AEA61CFD847A42131324F830735FC4529267238F9CED4503F12
          SHA-512:78BFCBB11C351C72B2931A73149BEC8C7891D1D272A5812F1B556A8288BBE75A989AD5333B5157D22C36AF2A5B2F973259D73B91647E04C39DAEC86C13CD8AE6
          Malicious:false
          Reputation:unknown
          Preview:<?xml....0.?......{..=.......7..C.F`M.#.\.0.d..*.5.$.axR8V.].m.-..Y.~).0y...D..=(..$Y.s6#.5.g....@7.%_ux.^*D...{W..2e(\..H.Fe.0....?b.2../p..Vl.(.C...O.._.~.w...X...\s.1H.`.!.....m..~.ed|....Qs...v.C......c$.-89C/.H..'...Rz.k....H.d.&...I....%(.....6L......g./4ZO2.b.p.q..u.r.n..W..%.@.f.:a......U]..dM..y..W..BZ.<..4.|K.56E..v.....jP.......9@6.....* ....{..X6._..........[O...a..$[S..E..c..P..p..J..&?....<........PY.B>..>.Z)..........s.S..H.I..%.t..F=.#<..g.l..3X./...~..X......4D,....C.C.=R.qu..;R....s..f.n|..._..J.........:v.l....$...}..|......}.f....6_..}].f./"..n......z.@... .u..%^...F.....;&....+*........eJ.pz..+.{.O.q...... ?>.......+..x..7C.g....H.g&.NT..k..v%...=.#.^.Bp.....(.j|..Q.u.)...t......W.....q..C..c.O3q^AW.R..=....jl..'_....1..k....B..[z........X.HT..P...b...Ub.A...N....F.ncMrc8.T6.....z...`.OX..V.-....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63063v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B76C451D2E0C733B4B9607C0E227D385
          SHA1:116618983E628E8246FFE551EC1C04156C4ED2AC
          SHA-256:68FE048877CF7021AB54E64FCC410A738D4B537712E8EE5D028BCD86BC0E53EF
          SHA-512:76AD7F71BBF86E98A0D2F788BA1101AE92F39B1CEF988D265040A025AEAADB7E3144394E330061FE2E02D5679A7176448E0D63880EF045D6255F54A980899311
          Malicious:false
          Reputation:unknown
          Preview:<?xml..f...\8.0.@.b5.u.....Z....r.h..Z.7.@.k.v...m...L....."O..C.4.Y.y....K].........,.FO<s%`M.....%..X"v1f;...3.kFCY..9.O..I\ ...<....-..b.C).:P]F+.x9..|,{G....a..)>nt..*.;..y.;.k..$...|W.2...$i...;.....vQ...0V.m.U,S...Y..5...7`.8.l.h...l..0p;..d..0...f..eb...k.=.+zO.....S...>.."W.w.....d...M.,&.}.De.Ca.lMUC >g......@..$.Wd.&..T?.8.1...K.xB.G[3f..8~$0e......9.E.......3-.}.!,...U.J.^..c...En](.^...:.A.H>.K..9..YT.0..<5mz6...D..aM..i..Ao5.\..lo[..]>....a_M.X_......B...Q_N.....-).g0....N..-.....+...@...J'.5...R..^..h....z..............L*b4.S.%E.#.m...@<-.G... .?s^.,r.......8..2.L...*5....R..8.n....yy.CK.mU.#...?.F..s.w...cR......D...~...........T.....9*0.3<..e<.".....\.....ZW.4.X....K"N.....b.-.s...N.......-....#Z.=..d.t.T.~{.p1%aH.jUj....'.....x...Xl...=...G.>.......].f... ..l...N...{....=. 0....4.4...34..B..O.]J&./.:.q3..w...=x..).T4D......].~x)...'/...>K....{..U?.....S..S.k.P(.e..WG.O.w>*Y...@k...........ti)tca..`.....zs.4w7.wvWE....:....,i..C...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63066v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:085B90B38C8F3B8473069D2A0FAD064B
          SHA1:F2A14F61556018E74490CD83B49BAB094CFC56DA
          SHA-256:CB0B63B0192B3B6B7ED0BCC4EDF5FC166540F3DBDFB62E2311F8DF2175671497
          SHA-512:DC01CAE1895B41C86DDA5A24BC9C4C57FDA31607B946DC2398C06A0E3BC48C478BBCD6FCB00DDF1F2E405B503B50D230EA67F16413DDCAA31B186B54883F94BB
          Malicious:false
          Reputation:unknown
          Preview:<?xml.sRg.....,0...2.M..M.i......y.rUy.z.....XJ!q.............#..](.g.k......R.0...........Y..`..r.N.C.T.........Y....[...W.".I.f.....F......-=..~>...G....S..9.^Bs..Y..a...R.V.K........#.fG.........A.X..w.....].[...g~N.E5."rD...+.^..W..N*S..0...6...Q|....{.cJ.<i..:...!...m....F.'. U.&....p...K.&..uH.`T.0w.XL!........%<.U.CO@.....P&}A..@..mz+-~).....V)o......6.9j..h...].`.U......'..Z}......A.3....|k^...Y...b.j.5V.q....9..H`..JY..O.......R..G.......z9.:z.."...h.k9.....B..5..nd.Mg..2.C'...~..-2".k....?.y....`7....k.).$....Mn.lh..]$.../.V..D...........d.XJ...\....r.....~......... z..29y.X0\Z~...&(6h..#x./.kS......n...K$.{.<\.S9.....].irRo...~.3./..Bsi..\&...-9-.k..)q....p..k..."y.B.......>...}`C...N./Trl.hh.Y..a..X.Oz;...c.UW.&<.....k`.ZNf....$..H..0.0....C.,..O.m......hPT....C.^g..YZ7.<....'....dC....C.veD.......>JG...=.......6r.w....h......{.`...z.o..{...Ie..h..2)....K....=Mj.l.)..!,{.*.6).m%....&h....MpPS.GXU.'^T.......qH).\R..5&Q5PT

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63067v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:083339794697C84A50A36028CA31D9E7
          SHA1:AB8D9A370E2C22E83A02FDFB757146AE616E2E55
          SHA-256:F2C59CC4DA6338A9F1A50B0BB1896C43C3EF1FA637B0ADEA031025524AF06543
          SHA-512:F87A2D31E4E89F798475835512887C3132F65AD070F05B0B3A630A849019A79A9A0053E3299AB567AD092C0A16066714AD892E52567F51A41F3FA5EAE9B097BC
          Malicious:false
          Reputation:unknown
          Preview:<?xmlY...8onP...yo..b.:8w....y.e.|..U-..u..)t.$..s| k.~..[..8"..X...wtu..9.+).G...b:;...T..)..4I....;.,....MZ........uN...Z'../o?..#.n.0..............1w-......(G.....f.?..U.B'.eT.U.........Z...-..nS...6.e...F....Q..C-..Y.<}..v..cD......b~)..<..w.._zK*....U.K...M...OIrf0.$@s..Y..-v0.R.0C$..i..*.....q.&..`t....9.NU,...e....tS.&.H..y.d.K.-@......|......*...(.t.&.C*...~...(......_.B.#z...8^S.j...k..w...r.2....r.J..uk.I.#.g."ZrB.V..=..h^.*..v.....Mg*p.Z..6..R.k..... D.y..=K..U+... ..I....8....ac..s?......zJ........E...........XK......Bw..rr. =1>...S.w.c..E&...uh.{^......c/...!. .7..d&2.|.=.i.X.......3..F..(..&1&....f:.H'.6>...@.3.P..|LJ...U.3...O...<u..?.xpWo...r.Q.7.m....%&.V...3...(k@B..Z..)Rg..y^.. .8.#.....C..,<...".....F....W...7..F)..wF...ixT........H... ..Uo,].?2.-..!.Z...W.2.r.A*.t...4.l.../.r..+.c}?..+.........M.7.C.{..!..HR.....ge.....08...C./.?oDKq....R.^B.g..*.rW.......b.......g.}.....f-..).^.C.}.aK..k.d~E.I...D.Om.......

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63069v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7D1194EB5B8401D6E60B769D024CD314
          SHA1:9B5DF5C4BF25016234300C68D5BFC3C103ECB0C6
          SHA-256:B82CA921B088FFBD1A0CAD37D9387D37902BAABCDB8B943F6D8E036C99C28C82
          SHA-512:F3C09AA821B669E821A789D74DFDAE546793F8FA8486857DFF76A83A3E3CFD1424BD32046890B408028E0358ABD830DB229AF8D7B9BA72358087B977F6B7451F
          Malicious:false
          Reputation:unknown
          Preview:<?xmla.]t..f....y....Ldu...._..qK..F.T./.Hd.'./..+......ik.......B...D..ys..%^......... ..J..J.@x......6.Q...b?..z8i.Np~...[,G|..z.'...../_...I].r-e..d....'x.)..g.{].9....oWfk.. ..sE..?..K...XEMyX....y....,2:k'..^mh.-..Be......A].t.zL....5.V..g.c>0@..8...@.@_.....>lbI..s'.S.w.F.....H.....x........b...E..j..i...%7...|.....rz.jB..c..&.G,T.....9....4X.....D..........R?....).hYr...........f~......7..~.Zq.J?...S....C.]..*5....(.U.......|.HV...$5..N.c.J.w{2..BB.Er.I.<.V.kV...G{.`......F....<.....X.xr..u.....5..Y.i-..2V..=|.!Wge.-.9.M..?Q.B"[.s>@k..v`.|....{....ui.y....+.i....U...c.R..<...1.....(\2.#e.0..K...fp..<.5.)t.l.,...V....$./L.7|t...T..5.......2...g.*.Q?.Q...S...Ro......a..%.HV.:.?.4-.'...R..qv~.#.....I....."I...4...$N.?..'1...l.!.\....|M..^;....].....y.2..I.f.......K..>.9.<@c..I.8.M....G..J}..e....HkGK{+x....oA.%{6;\...u. ..oW..B....$*.Q".L../..N..+(V.cZ.Q.B..W6.....d...1..^...h....1...;.*..Q}....k.j..........Dc.m7(...rB.v

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63070v5.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:52E03FA9691B3F000202DF287CD1BF4E
          SHA1:2CF50A45B1D8F49D92B7B8FA3DC0CCC68BCFEB10
          SHA-256:0D14C44354BF3AFA9192AB17D5187FE850C9E49582CD2BDF16A7CFFFE946007D
          SHA-512:C2C21E0102C8DFBA5607EA81E2C83D8DFF425448F0AA18B530FBE98FFF18CB0D1B60BE4A81716E29391161796466D95FAC05E11499A16A40A30D29ACF1A9C1C8
          Malicious:false
          Reputation:unknown
          Preview:<?xmle.J....-0...;nM(u..M...E*.lJJ5.v.a........[....;x..UR~yTf.%.;+..'.=..}q4o....8s[Z5^5...q....E#..4....lO]....w..&b.W.(E.]$.!....l..xc.M9..Y..u.S..p...N..T9.i...V~..~..G5P..I~...#.sA.Sy.m.tOu.L.J....F....=.*^..ReP.a...>..M.|.XO.n..&.Y.!.8....h......b....B.d..%l.po....d*f.f..pE..'\...?.3]....Y,.%........i.I....U..N...._..8......H...l..r8..........f...y.{Ii_....E.Ow.o.......a.D+q...kd..LZ..G.......7j..........".n..=.5St..O..3...g......t..&._...#....`3..H..s............*...AK.....)i....D.....b...PA......8.h.....d.+6\.....T)UM&....ZT.\..3..b...l\.eX.....|.....c'|..|..c.....Pm.Z..c.:.a..}_\yz....o.F............0.....g...$0._...q.A..&7....87...=..D.E@V~..)...P]..._^.W"8..`....7..U.?..gI.:r....#.......@.(y.$.e9].Z.>RQ...^.....a...1...R..u\2."......e.(...........?.[.....l.k...P..3$...f..VR.n.}!N....{.>...5.....L..p_.=#....bVn.Tq.).S.{@A..KM1@.(..\..e.w..A..b`e../...%.....)..'P.y.I...aA3..06@.bP..$........v1z6*.v)oT.k!c...o...K.7.7.w@E...s..J>.-.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63071v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:063CF815404C4430BC10B80AD28E80D4
          SHA1:FC03499D1423D6DA495A5661C1E0DC038C7AFBD5
          SHA-256:26AF6BB0D7566A33478A3FA9758E1217BCAF10150A0D1F1C1BDBA5E2BB71B1DF
          SHA-512:DB4F364CCFC29231B8BC2C269E588236B9A8836B964AD39147D08C21A30F52FDE27B50B1D0C72B9145DA776ED7761EC5D20731FC9223510BE179A84AD9888F12
          Malicious:false
          Reputation:unknown
          Preview:<?xml.......s.iG.6I..t...po.,.....@.).j....?..K......F..+g.Wmu..............8....j...$."i....B.o...<.....b...R..HO..&_....F.....%k%Z.G.a..*...(.+...v{6A.C9....<J..,bW..#b..2}M....N....F.w..{..[.........{.3s.#.(.2.a..B..@n..Y..-a..z..I....U.-U:....F.T.../.R.{..W.....5.&..}'...O.2`.....%.r...l..q..`X...V..H...~....^,.}..OS..>..2...L5\.|..."B.75}.&...Q.......8&C.....;._..b.d..l...0...Vj+...o"......i-.#...F%.h.(.\=.........;.......@...C..!B...#h...1&'...<..;y..?.1G.Lu].S]........,......*'.Wrw...L."9.A.N..>.....D.+.....Z.M .<../........t0.~.Hgu#Q0....S...B.M...hhn...... ..Q.(.sKi._.Y.."...&...a......j.....d.m.t0..M...5.WQ?........ ..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63077v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:02AFB8FF13B7390E7266C4EA580928A6
          SHA1:9B9A75E3175AC1F9DDFBF61A8A816A45156BE8DC
          SHA-256:C1BDC79E2336E729B9B8E0B696C21C85F0E58505E9C5DF6A622B9CA5CA23BC77
          SHA-512:E09943A52F979BE4F4345F5B0CA89138DFFC212E152215CC7C5D0A49594487692A429EA4859D80491C762284CECF999784C2B8C194AF13427F908900B4B0CAB2
          Malicious:false
          Reputation:unknown
          Preview:<?xmlH.B@.&.3 .@.A=.'...ex..D8....k.N.:.......;N$@.1...E"`..g......z........P....u.1..YK0].n....,...1.....{.5.(..8.z..<<...7.:.d..t.ulLN..o.P.p........9..L...7rz...,..Q.G8}-.J.W"....c.k..:..>Mjm1=.g...z.y".g#s.k?.n.p......\...o^..I.%(#,....m5..5....n6./.+UC..%F.........rw.`~...$Q.B....?,.....I..R^..9.......f..u........s.1..I..G..O....[...&.`u6EJ...%...z....&{S.k.+R.cwvJ.|..a........&.BG.r..7.. .....fzj.^.x....r..s..W...F.D..P...B.?.c5.g.*...........I...o..".R....l..|...H;....=.@.ER..k....]..w.}....#(....p6.Sm.[....<.93..|e7.8....Y.....s.....+.f...Oq..x.c.....%.yp:2V1/>.......>..................w...b.....Io.F....1...BY..O*...^0.P....[Qw.{..3.r.:./.=..........e.....>==.uWE........U........e.q.X.hp.._.Zb.....i.aY....:*......^D.....{q.M3....".X....\J.......7..o..([&.``1.<....D22......4.u..K..W..v.....c.6.)..h...v..(.z.g....P...W/.I.....MR.E......*.......#A2.0...}.n|9A).....G|.....U.. 285.+.6..F.\aH.~.6..`..,`..0..Yjj..+..)..}3. k+..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule63078v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D93BBCAAC196C1CBAB5F5B751BFD28F7
          SHA1:D3347DDE5F21BDA55158EB6DF57ACE6CAFF11EF1
          SHA-256:826A2F10A744CDDAA1517B58232AC9A89E5C1A677139D27980C08BD933FDF230
          SHA-512:69EC022F9BCD5D62639ABAE9E7F07EFF3A93C57688B00B48254F54D6315318FE351B47C333E67538A4046F410B9A300189B31CF22CF3053211EBC65CEBD3884D
          Malicious:false
          Reputation:unknown
          Preview:<?xmlP_.X..5.H...E.>m....r......A.e.<..R..+./f.......8......Q....6...8j....9...7.4~.)-.a.|.`.%..o..RM5.!n........?.Fg..XXN.....cw.kxo`.#.Ap.b..VGF...S.....D.-YB...z.......a8...vl>y...bn.$..n3...-.....x.... `.>...a..y.N..?.$...... .2?./x..VS....f..>....).=.3.,8......T.T3.>M........>.n.....I..a]y...\......<8...#._.gTO..8.Z...vB...D....:.9e^.T.<...._....A......Q.Ab`;...T...E.2.B...ji .8.j.^...lK..O.X<x.....$.pF-W..8.G.4T,.J..u.s...O...}.......iB.4<...q..s0..]..4$M|.BTk......*.8........w....+*.uzy.n...~..I.x$ceu3B.)....=.W.X.2...W>.^..".&8....v..J.:..3..{.w.,J+.|."r....V...D/JUp.......9l...x.=.n...=49pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule65136v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C27BBD3C24BDB1EF548D949659954BD2
          SHA1:200C491CC36DCAA814E6FA43DE15DBA1291B8FD4
          SHA-256:904769C1CEBB32EAD4B537556DDF3FDE8F510042048DDA6894A87B461402A3FB
          SHA-512:0806CA6A6D59881BDE86ADEC52D167230A6A3D05F658BB9D2FF80A1D36EA782839F2C3CEC4E377AFB2B10D3EA764DD550BA79CB112377D1DA0CC2D72FF904C77
          Malicious:false
          Reputation:unknown
          Preview:<?xmleN..4+a..RJC..+>X0~...YN.....S.y.+......r..r.ax>..C.<.w.g[#.5.\...n...).Hb..../...|.c.$..3..o...L.......1...A.G;.........IH..M.d.>8fu....].]b..K..N.}......L;....91.........+....d&).O...._Q..7.0.].5.....:z...Z..R...W..(..... .k..2n......~76...|*....x>.S2x.J...N....j.]...D.#.N..c.v..`...J.n.;. .d.x.6.`..p.'r.0.h>d..D..~....@+e...N..p.O...A.J...`.K.m.saT...D$.<;.1R..T.\.3.M...c"kvT..`,.......r..y;42:;]gi...C..../.#3..A_s)p..."&..q...8D.3....m.l..zK.;.I......t.B...Fpn.0.$..K....2n....`.*f..]:.$..n^....-'.2.....@.(.f..M#..8.".[.....b,.>(..kM.#i|u7.......2g..}.E.....!.d...(_.......S.<.}...Y...T..3W..5..]..!G..3...Un~..Q].....P.#.SPt.....&..U..t.q.G..Y...EJ...>..p.X...V..{&?..@,fi....*...:..^+.g..O.w F../.#l.......CGt..p... ...|n.....>1Y#.,|..x.,......).;&....N..f.Y*..@y.!........:Q..eA..K7.|X.`..#..t]......q.0..c.wk.{..XFW).64..6......I.LB......^Q.....0.L......Q...+.[{."...g.(.x[..[..@].?..VnUQ~..O..=..,...Ap.5..\HB..^K....J.[..ESR.q..H9YHF

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule65137v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:143644E71593600EA3EF57DD66B1BA61
          SHA1:960FD870849F2DE71735C35533AFAA271D1A5A7B
          SHA-256:C2E866A2E7818899644503C1A7CB3B3CDF959534EA4F8F06144A5676ABD3E0CD
          SHA-512:CD9FF5F39F7C37A15DAD027A1DD35A80B048A2C4A79728A5CCCBB857AD3AD53E878065B37484186FF6D9F56AB30EB4FD05248C6F298780B5EE034FC834196E2A
          Malicious:false
          Reputation:unknown
          Preview:<?xml..Zk....kW..m.z...35.V......%g.}p..T.M4@....)..D).4:Y;|...=..85}.......2.....+zW..tW.c.aHv%>......)A.16.A.."_.%.!..._..{.]h.Y8.I..bv>...h..V.hN.V:...xX)......D=..8........w...vJ....VY......,.....94....-.7....m.."'w..*.>,....*K.<.Z)T..&s_.g..0~o..N.%2...............7.Ol..R........#..;|V......:.zX.CT......'.+.C..F.._...n.....N}.....,D......,.3N...e{.-.p......:..wc..g7..p.!bo.h.[...fE-...l..w.[(7....z..":&...z6...lb....K.....m,..v..i.w..LY.N.....!.!.K..$f.......}\.BC..w.z..m..}J..C.Q..`.~....O$OW2p..u...x......+.P..........n.V..?..8.i....u.gl/^....j..l_XB....R..*.l...Ou...Jevv...Q.li@ .QG).*_Z....0.1.Q.$|...c...g:X}.....A.../.~;9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule65138v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8DF1325EA82FFF829222F993DF4CCE5F
          SHA1:53609AE496094F7322579AC847EAE9BF7E031D7A
          SHA-256:1FB03E52835EEDB12DC22760BA83369C2A667B6C00204897DCF6769247BDCF9F
          SHA-512:BA30A7CBD6281B288C331E74254C64E5D73A8F7C399DD8A8B20AEFA9B3611187CC6A776E3AB8D88B9FEC989DE98C2D9B0F0C0855DF27DEF468C7719418BCD055
          Malicious:false
          Reputation:unknown
          Preview:<?xml.E...F.[.w..;....U*.nm9..(..-.(.z..g...lAww{...^..,.b..z+q.L..X..o.$..d...J-.o...7...h9.......N$t.^...kzm......)........@...^pB...e..fc.F.xu.a.z....\3.6:..L..by.Gl.9|.bW.........S.^...t..7W..xq...e..F`...o~%...i...y...nA*.......A..|......=4lq.........j........X*O..skx/u....Vi.W.....i..4...o\#......\...Y.A^w.(..af;$4.[]*.wVg%.2.9..._.G.yiJ.a.p.].$..n4.w*m..Asx..M........$.9.v...$O..{.%.....\.....T....L.....t.S.,.!...Ud...<.0..& 5{..sAp.H.e.b..W...n.'..5)....-Q.;..f....B.}H.............X9.b...A]z>.p..u.K.........L...wb...fw50.t.o.....E......@.. ...[t-.k..?.0+.&..X`.N.'...D...mn.....m.........5....m......&......Y....@..?........r.W...].-..}A..s..A......f......./.:}.y.....F..d.......#.J......e.....k..._..v...e.#/.4^...4,.]A.uk..~i..+/-.`.`N...B..!EO... ..........N.......*...f!.......3..?.Q.5'w.pZ$l.....<..RT.*...b....<.A1.y..a....(.....C...Y.Tw........D?.....i..E.m!.........8....B...7..[. J.|.D@..[I0.Uwh.N.BI.I. \(jWC.b.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule65139v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8F946BF931E83F6A3F467618FDE05863
          SHA1:B6D2BB1CB4378D9B668EBE0868E7C959CB697316
          SHA-256:D43E78725CB6C13734EC891F1547D94D1246982C4E38A12D61CBCDDBF14641E2
          SHA-512:A6F0B042CC9E23DBDF3F6A644A38DEA0C243C5A37BEE516031C84C1432BF614E531D084E25E13A32D14B503DFE687F46943CCBE76185E11EBFD35F04C1BAE454
          Malicious:false
          Reputation:unknown
          Preview:<?xml;.T.....&e>..*....ul.G...3..A.|NR..i.!.?n...C...v...nT..|"..h...E5T......Q!p.UZs.f....l..A|7......L...K;5Hc.KV>....(....wK.Tr.@y.v.pn....7%.....k....k..e.'a...1o..;...p. x..d7.5I...;A..c#C..>.6....u../..a...*>..P.....9....^v....&B78...+.....H.{G.*cA>..#U...0...%.....x....u..+..Z....P.$.P.F....../b..$.xmv.3h^.A...5...'...&xS....F.s..0.|..ma.t(R!.Ty...x..B>.zI.};b=..d1%...F8.....5...6..`f....L..[m.NS...W..4......H..E2l...|....G..{.JfGJ.-.#...A.vB.}8V.{......=.....W^.c8I..*......D.7..`..?.s...s.eop.{qTng........yTo..#o/..).e..C0..G.f.....J"..P...7Oo..;.=.....3.B...$.f.0.N......]..t|XN#...1X.G*1k.Q..1P..";....<D..jT.........~........we....|N.A...K..Vw..1.P......n._.....2eU..n..f....p.>.%dA...A.../.*...(....e.....N[./.[U.#9.:.@..N.g../5..P.i.....".J.F..r........E....cd..i.....A.m!.`.+P..B...K.MM.0L........$....z.....J..k...gF.U.BY.i..'.&....MS...t........2...4e..@P..N..b.(4...|i..5...0.)..l)...\....X.Z../...V.fDll<.jl..w...}...o....[..UD.q\h/f.D

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68000v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A8306B03D26B09D483083DE34679FC96
          SHA1:722E7E3B2CAA64A6867059BE91A2AEE97A5BD02B
          SHA-256:AB8F50D69E7254A99F969E4A29DDC16A8865C06A3BF171BACA30C0FCAC971F1D
          SHA-512:986B265C2B05A81C46D022A39D1C5719BD1FC064F82760E249EADA3046124E2ECC0D8310AD835324250734F24441E3410C00C73B0C19A19E7AE178231B3ED9A7
          Malicious:false
          Reputation:unknown
          Preview:<?xml....<\X.....E5..X..X.....m_D3.....E.]...Op..g....`...4.?^*.=7.....t.^DSE.k.s...2QwR...q...E)B/o.T..._g......x..1.....3?..V^...I....0*bI............. .cE..ATx.y......e.................g. <.. .......P....j.b..]..@M.2k.]......Do.>:".....I8.......d.>..v..KQ..R2...=m..,..c.u..!up=w.N.b.@g.o.R.D".<..v...q.(.c.w.s..J.=.'eJ....T.x.....$....0..L.p...8}.2?8.m`iNw...u...'.G.;......u..@......1...9.;...>G.s^..N..#[n....5.3.~.*._!L63.....;.1.p..9V..{~.......s.4o`...2..\....<.(.S..P....|J0.^q....V..g...........J.n.&...0...P.e.j.m.k!...!...........|.:S..a4.......X..0R..W.:..^.Q/.9....J"..........^........S..1]...-7H<\)XQ..W....j...J.X.[..;C........Oy....f.v..:......h..-*t{6......._t.)..TG.d`...;..#.K...[..0a.__gH..O.>. .Jn/..&gtIE.^..*....a!.O.R..v.....AG#t.[S.kj.Ul.m.:#@.1.=;y..5.s.....,.:2mX.E.P.41.p....t..u.K+6.L..Hx.E.'O.:.....7!...+......r.Z~..afOZ>.)..|..Zvmt.U.E.l.$....W3B....B.%.....l.....a .?..?A...}.L.....cz.9pbW1L8qQshua0c0KnGl87DEySlTicf

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68001v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3B3DFF9CC10915BF3D794B697B3E4931
          SHA1:EE263918F9CFA21CE0F55602764CE853DBEDE8A4
          SHA-256:3A0350AAC493AA281C3A4B2BE9F90272690557FCD8437244FCAB48100D3D67A3
          SHA-512:859B2509DEB13C919C4A29707F63C93C9B0DCFA737049BD06DA8903E0ACBAF95556D853A2D982DAE0650362BA06127F484F84248E8D886FA4BD480E40EDA78F7
          Malicious:false
          Reputation:unknown
          Preview:<?xml...z...x.`..[.9l[...B.G...A..|...W........;.J..L..0.B.Nd..?..%..X.8.,.6z.y_.R.N.z@.....R..W..,.].h.C../.A7|.5..~..N...U....f..2a.IK?h....J....O....`.TH. ..-.J...'.. ..ze..../TB@..._..W.eX..(..~...j.j.V......J..p...S.]J....NT...J....f]k...RX.K...'. ..l.i>*@.A..?......1..w.....O....l..QO@8B...(-....63...r..,K.S.$.Q!.....c..q...h......f.$..etu..,.M7.....<..8+d.f1P.yk..z..9.a.|.H..c.C........vh.$.d..W......t..xo.?b.K...b.wZ:kk....fz_.}.....h..".u..m7...n.v.H[..u.&O4..............>..j...>...TI.Y2Q..Wu.S......X..;...^....nJ..i.A..sI.PI......|.....u......i...e.sU....}.'{.U..W..4)....09..(.......y.C.5....f.b.8o65#s0.."....R,nf..Yx...!...^.....;N.$...#b!.......o3..[.....'f...U6...r3.r.a....G..CP.:...>e..F-....k,%.......:..|7.Z.35I$."...'h.6.._..h.S..+b.]5....:..,....*.oe...r..........$...:*....%.}....|..r..69rx....m..G.%<as.k....u........{9v.....+....0..$g{k.+..p...8.>.r.X......j4.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4D

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68002v11.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4B131DEBF52FC50E84884B8014C0C303
          SHA1:4A7916FBD80EA5FC2E1D4A1836E40EE87FAC46F6
          SHA-256:793CD35B3510DC9575CBB7D5B652C9EE0B17E985A0C2A3FE54F97AA9F0BB52A2
          SHA-512:028F490CF6E6EFF8DBDCA9174A17BCAC46D82D7D353DB962B8DC4E6EE24DBE6FF91B492A3B4DFDECC3F573D31BACE3C6172AE2A15B3AEA3F98A75FD6C2BAD802
          Malicious:false
          Reputation:unknown
          Preview:<?xml.LT.".zi.]v..!....../vV.D.A....I..!.........$....$.j...b...BI..R..<..)%.X|...=..[-.q..6G.*Z=.A\...h8.0-|T.8R.S.4..Quu.~..c..3..q..f.q:.K... .C..g...Z=...{..[.....<.ri...y..&...X.k.....3..b...3.......8Y......:z...=.^t..'P..5.4......]......g9.Mb4.[n..8<..u.&.!+.......B."...Z.W......4.n.@W.u}N2.l..f.W]....6.m..8...^.....V..n7.0.h.H.......>>3.....z."m..,..A....[..CQi%.3....L.{.9.G..J.G&kD.......jpx.'...i.wL..2`X.7...d.n}7.e..c.jy.^..{;.ct.k]Y.M.T..>X.....{.......3..T...%\..m.Z0kg....~..z.....G.}[?.\..9.0;;...iY.4...YD....3#S.T/....C(I....$...}fq.M....u....9.<.._.f..z.5.NV....#r.:y.:.E...c..C..S...#+..2Q.0....s.A7..%:..\D...k.... ....D...........k.s,.Q.o~.P.L...2..h52}K...h......OFHY?..b}.....+.t.....lbj....1y8...<.V....~}........})Z..-.@M.DDL..J.p.....E....7.........K....%.... ....&.Ca.U....u..O.0.{.c..lr/.Fm.0H..kS..s....!....:.Ep{._2.."..N,k.GS../.......r.|....].......b...0......WZ|.'...,..../.C....,..F~.|...9.*z...hX......

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68003v12.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2FABE1342B90E6F2A949508290F817AE
          SHA1:78D2CF81CF25D9D4651FD7D34BCD2BA5DEB952B6
          SHA-256:DF534D328DDC971EC99A79B4F2B858DB7AF52E6A48579D0E35F2D44DD27A55F4
          SHA-512:0E8B528336AB4A8310CD9A60C64A902D2ECF4D42CCFEFCD6731543A8A607C6E09E5F749B43FB30902BD9B568176077FFBAAB725099EBA41FFE7DC90B4047E3C3
          Malicious:false
          Reputation:unknown
          Preview:<?xml...h.......a....D...]S.\.tM.T..eX.m.....%.0.H..D...(j.`D.5.6PplBzZ9.....Ji.q .[...,..0...*.\....84`...........=.......|...j.i......w.....$E....H/...}.......Yi....REV\.1kc.*.K.%U..n...'.2.w...K.n...^....r..1:...B..3.E......q.+..c...M.]...S.o.V.c.d...6"...`^..SP.....`..W.....g..;8......H.......#..q.A.wX......7s..O...;|..i...i....^...wnI8..Og....e...?..e.b...^......t......TR..x.s..K6.k.a(....a..6l......F~d...3?..L....pe,...d4T..;..O...cQZ..|.u/b.AXr......3..R.U.g...y..4.3Y{..V..J...9........./.._..6+.w.C......y.....M.:.T.CF.[).V|3..f...97..>.B@.c.nD..\..}C..."..2..+....:...Y..R...|.G.....'<...c.Pe:4.-.p.a.....C.K.I.....SM.p.{P...y......j...P.Q.8.`R.nk..!dB0.......{.....|.b.b...L.k-.*R.1n...EF.{f..Ni/........D.AI>..)5...iR/..L!.....Oj...j.....5}.;........y K<......nB.y............."..9..8T.fLa....p%......^~..@.!)...4f..Ko$E..{.....$..9...\|.....B..,./W.....~.7.B..E!r.,V.:C.o..,>-.............I.8.(.FC_.....J......t.4(JmM..w..8...d

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68004v16.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FB9960B9B522B6218390D31F14F823E7
          SHA1:21F6051D5B3CED8310DB821F207989F10AEAE458
          SHA-256:774B83A73171A65269FD64195715C018EEC11C14D27D4AAD7F956448C0E3BBA5
          SHA-512:DEE10647F1A453A78822AD3F3C8EFF6192B0982240CF67E0F3FB2E229A7CEF4F268B1134D5ACB0D306E83DDA7CAC0A5816136E9AC2B36C6FA6E514F6B7798217
          Malicious:false
          Reputation:unknown
          Preview:<?xml.N1OoF.;/.....1:......m...[..27.../......r...<.'...X..m......Y@..x%...a..MWH.H.;d{|E..|.....K-.3*.1...^}.l.A.C.2..J..-yC..E\...n. v,.6A..........WDz...X.5b.>..aN&1.-n&..[],..)w.....Pa>|...pe.m..4.O.q..co/>..,.S......d7.(..1KSD......T...\c..sti...*.eS.t.....m.]1..j?.l..V...F..|(jg....'>.D.,./....s.......S.r.\.UN..?....uM..D.Ex...G.n...<.oGZ.7>."...........a.....A_....Y.........Y....oR....P!...P....>n.....<&T......D..p.h. ....!'..Y...I..m.V:.U...ZQ.....?..8.s.I...U........z.......U..:.BW.!.R".Qq...\.....+.. .x.i.0`........K.).3?..Y....t....{....2[.U.lA......d..k.j@.9.roQ.qw/T....x..b...J......{O^).b.y....:v..#.......... >.V.c....9A..."./E..K........q...;....Yz....ey....o.{>...1....(|.x.yFK.oGY....l..Ba../m..k2(5u^lw.9..&.Q..S...{}.lC..._.g.{u.N.....Bm..S*@...-....-...E.....~..&...C.;...K4N...."..R..D......./..x.....=.^.....h?.......c......XyC...t.0.j.I...06t.3.L.p~.|n.......I..@.&..p.....!.....{z.Y_.3....%o.r.T)K.'>.vE......2.Vtj._k.@.L

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68006v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1040EEF36996E4BD26A6CA7B47A95D39
          SHA1:49A5ABF0CD79C72F7054DDCA503F03B31670894D
          SHA-256:F99C92F3C6D71504898A8BA0E22766D0E89FA49C08B506DE881DCA5FEAE79705
          SHA-512:7016E6AB805FDDCCD78AC7328AEF6AF78030CC33A4C7BF6D960E5DDC08DDEF0188A840F1D1CBC84A9ED5FCC922B0D973966B14E876B95971C543F574D9708926
          Malicious:false
          Reputation:unknown
          Preview:<?xml.o8.`9..h.O..K...9.}_.....Brb..L/...j..)...y6F...`..._L.N..C.0...@..&.D.t..G|.-74...x.......yza.....I.3K......<.....8@....g"....]...!d...(.Lu.T,...xxU.^3.ri.6..8.f...!...`Y'....=l.....7....d..>x.............}M.62*:...Y..Nkg.X.....:r.<^.).hq0.........X%6.&.|..(C..!X.....j.D.....yH9...K..d..Z..-..sv...R.y...FSD.a.\....%....'...n2}....5...F..\!k....ok..M..Q&..1.i..}......mE%.G.g....-..^2.K.......#G....w.........~>O).....64j..n4 .G.Z..Mmd......=.'o0..<..}3...W...2.:.....i.:S..9...H.3..+RFy...Vx.....k.>.F..w...N.#.m.@z..$.F..&)K.dJ..F......m-.e.L...Z.oK~.^.C7.;..h'"..^^R.R.R.h.3<.~.!. }....V7....;0.?.,..s...:2..tv......x"........,N....b..0...6...P..L..2.....x..d./..Qb.l.+=.y..C.....:..$.F...3....M9..$......].FCjz...79pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68008v4.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C36BDBA48A5B95B068E03174D5F009AA
          SHA1:93D62E70A7E5D8488002222C435F5BD43F330748
          SHA-256:BB472418FFAB0B0A5CA7603FB1379947D4C2CA911ECC7712240477806E1B4B7E
          SHA-512:9DBA3D2F5D1F3F7B9126186AD97D5C0A880AD3C285EBE2E6CC72487254E04A8570933194393D407E12D98A623B22CD5C09C5D070587F6941981F4885FE6ECFE3
          Malicious:false
          Reputation:unknown
          Preview:<?xmlep..n.V.o.:R.......`p..dL.?".%.f$....R^...C!...mH..U.......o\....?.Cn.."...'.od...Ry_3.+1...zs.(...m.t@i.,.I..\hD...]..Dy..Q...U...T.q./.JW.....b.U.."..Yi.4.v$.>u..$.#...[.(}.l.0......t.#_.l.y....-..mS..{..rG.E..Q.f.18.....]/n.....=..ESv...S.y..r...A..*..........)^|n.R..:...9..A...P..j@.q..7.U=..Bc.y2+.z..h.m..W....?..k.j..%....0[=<..^..E.<L.d..?K`T......}..g......v+..J....a...?.R2@..pL.7..uM..t......wP...E.DM..k.p}i..H.L16q.bv...v......k......].#.....nE......C7.z.....R...........xPd.d.k.......*..B./.l?.c.2h.z.......@..&7..F....;~......^.z....-........NF..v...|f@F..&.+n.....S.Z...._ .[.]..<|U..-.^...)m.@"V.......s.x....Un>G...)..S. ...k.F......&..I..6.1.L\..O..Q.....=..@..SH.E...D.*..h..#...4.2..'+.^.W.......e.....h.Z.@..`.O....%-..E...}.21y...M.._....DG...}k.....o.;Dk.Gp.7....:.,.l..$O.(#..n[".w..w..9'.C.U.M(./.Y.....f..Oy...g..{.#awe4Z.-,(..a...D.3.;...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68009v0.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5F8AE82D483F9F38A57AEC3F0389AAEF
          SHA1:9EF51FE69F9A12B3FCC29224BAD8809FA3E55735
          SHA-256:6F2D7D54672E5A78E1371AA44A15892CFB137BFE36DDD464F10C11924B169EC7
          SHA-512:B2525D2B993D8504BD50BB4ECDF034BD2ACD86933F490817028B4A59F0E131145F2C95D81F2E4165A89ABC4123197260D47E590CBC103F0FCB61C875504AB9A8
          Malicious:false
          Reputation:unknown
          Preview:<?xml!.x.DS.w9.Kh'u,V.l.........G...)Y.....7......EM..~..Y.......l..8m..|..{5....N.S,....:..B...C...$.H..U...l.......EN...V...=......Q.V.q.L..-.&.U.CWD..."T8#s(.Q...Y4ke.G1..U.....&.......N.<...9....-.........!.1x..?5c.a.K..|Z.^~.o.......5[.2.{).....Tp.c..LfE.M.....?=...R.QD...8.8.Z...}.%..4%..[.......L..*/2..*..a.D...;Y.\.z.5.......eK-..4!{..P[...;Y..`y.....'..h..T.]..]...V....?.^.g..D..)R[P.`[F....W.Hl3.....k...3r=jxu...$".4.hC..<d.ZV..3."..G..x..<J.7......5........\.`J...y..E~.W.hV....5.q..F.| ...C......e...+..=...}..l:by0.Q.^.Z3..9..lf~.e...y...>1v.b.r..f.1~2.f>.<.3..c.A.`........*...%..)E...q}..I4..7.59.>}5.6B...7B......i.q..G..&L ...u....x$...J.....\N..Q....E....J......GN;......,~..4..+...N@....Kz...n.,.}t..|E...W?..b.99\...&..a.x&....l".!.Ye.IPl.;.....bfz.W.T....{.6..J....o..m..7...-g....4.7C..q>...aR...}h|xL.k...$t../.?...T_.JZd.. ......G.N.B.........[......u<..fWe.,..l..}.\/.3.....J.'..*..k/.~S..:?`..T\S.G........4. ....j....E...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68010v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F8AF15994B2345CB88950639440F6605
          SHA1:B65FA6E20A6CFE23B0EB46B729BFB7C34AFC1D6B
          SHA-256:F08DB479E465E45123F0F6ED139EC90DA355C064A47EC20CB2B0E75924DD369A
          SHA-512:8449BA2C749DE806CCDD6B87580618FCD71F2EEAD2217A8E7DD58D76519C43FDB0839A221CE798530E257727BAC704F21AD0D07301E14DDC499238FB3F3BC08F
          Malicious:false
          Reputation:unknown
          Preview:<?xml..@....|A...%..o6m:.8...5...........*...N8N^\.U..(.>..!.$..../.8"(....G.a..0...*..T.;.{.r.a.GTE..2...jH.. .8:7fL..+Iu.......OjO.*^.....Y......lb,....dK..>...>Me...#....7'..?.v...Z...........:.-;.d...7.&..s...R.}.....}9G...D.$..?..*O.J6Rs.....'...N..y.....Lb..m8..v.....TV..S....t.....k....y.p.~.F{.'...@m?....!...#I:.......9....6.fi+.3 x54.t...q. `..e(FY.".a%q#5...k_.6..g%;T...S....h.WZ/.b;...>.k......J..!...zz.S.....W.......C..U.3G...R...9...s...E..*..)-Y.(..jb8%.+?..F..h8.o.<V....A..m..TC..h ....)....!y...Voz.i..a....-..Vh....z0.)57#...m..4v.._x.....*.A.!.f....`..5.M.....y.._$.vrT.Pb/.. .....og..S.U..\.....$......M#.d9....D..n...M....^9!.ia9..o.....I........6...2..<.k....+4...a........_1.Q..@....?k1.x*.L.?.V..t...%.\....0.^A...c...h..X...^Z.fv.0`d.?'.gc..%..$.b".b.....(..S...../...U.d.S.P...]....+.d..@`...*l...y.;c.....:..A.G...0.....PX.e20..M...M-.T.......g.".vyJ.&.&.j.d.6-'@.f.,NtU.Nt!.2....i1......]....?%..qj..-....R`..OGb...m..Zg.R

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68011v4.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D4D9246678F2EFBAE55B1261A0A0FCCD
          SHA1:4288845AD62A71C6CE5FD6F406CD5D69B8EB8AF0
          SHA-256:1860401EDF87A9FB70DEFFCA762D671112FAA4C2AD021BB37A573B25EC1923CC
          SHA-512:6F2A5E309D7464ACC2D2C10857A38349A60C593466F567A5BE76562A8DDB7E685053F459F044186AF4473F42E95AC75A4F3BBCC004B837ED547B8BB68F6D6303
          Malicious:false
          Reputation:unknown
          Preview:<?xmlE.VL/..F........*..P..b.T....a...4/...l..\2.-.Q...e..~..:..q(#.*l..BAK.JtkH.0\5.A*v..t.-.n.......T.<N..-)d<}.(.....O.....S.#.8.*W.8.g.....9.M..`Xi...)......`...f....!.....|.=2.......Z.:....R..7.G(.L$p..V.....>~..../.0..1....M/$#..#..q..>.\.....mc..+.Jo.G....3.D.N.].6U...l...Y......l.oq.8.YD.P.[.x0.K...$35.'.....|.r-'.@...;..#..$.;.r..7..b.sXb..O..A...C.O;.E...<%..(k&)..U.W..|...........|,...;.a._..)......>...r..X{......O.'.q.e.....{.>i......-..8=N^..8~S.F.WrO..?4#".u".....8..{Z.&r..`.(....,.....,....h{...94.$..%.Z.3....;.-.i...@...d..bl..._].oBe....Z?. s.$..\.<.y.}....B."...|o..50.<....,.k.X.S..n.....j.....G.`_.....b.x.>6..>....2'.]......zs...o.......?1...d...L._y8l..Dd.D..t.0.l".N...C..h.$.G(.W...5c.....;`.p.a....R.....Z...#.......y.g.>.2.D..*...)..{...e.6.@.5.[.D..... .W./.f..J...........<.>....s.J.X]...w)6.....qY.1~...=..G..3.d^f..o5.<;...K.q.i.7$r..?.l......U..?.jH.z....Z.[....t./.T.2..{.....r9.BMNg.fk..%..4....X..&.. Q.n..k

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68012v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3AA66008B9EBF0EF62077CA2433FF5DC
          SHA1:DFB707A5EADF73ACEC35F0E215C92D904B038B8D
          SHA-256:EA4559FB1D3BA9DE1DEA035109B8AD2DE64CAB17402416C7AEF7CB6EF6C7B8F5
          SHA-512:83A63BFE1BD2F7306CF94AC289E7340711E769CEF6073499F04F76D74991CE9761B33C31F787AD8783E9F4F05CAE5B7FA5E02DBA907066754E710F2145123D61
          Malicious:false
          Reputation:unknown
          Preview:<?xml.LI.;g.v...h....Ts.....N...... .m..\.....%..^.....(.~.T.....64...1.X.%.NZ....()..o..xM2y.?Y.x`5-..8p1....(r....(.....K>....^..l.O.) .....F"..,;e.......[....j.'}.1A.8z..!Z5....ZT...5..?v.....p.....R...R.F.T...V.L..v.M2.J..."...4.........6.5...B...)...iu...&;.T....2T....V.6O.......o1...T....[~I..?.S.e.."7.}n ...]8...:q..8....I.f.`...8.1\.....vO{`)6...C.F.e]..3.M.B...xC...x.u.-.N...![.{..I5.%..f...q-...+\S.&bte!`..][n.H...-'..JhPD..)..PM.z...t(...."...k.Xnl.V.....-m;K9..E.$...c..{w.H..;..Xz.B..j..t......fo.QU.h%..$l0.4....z.t ......Yp\.Z......$.p..Oi..yd..N..q..2>....8*.'..\.X.Z......7Z......h.....D...A[&.G.4..pi.2#%6...k.2u.%C....A.O..+&.B...ie?..+9./..rwU.#....k&.-.E.U:O.7."...]......:`.A......z...Q....^...z....9~.....h.tY....v.N8..h.w7.a|.....W.v........mK'.....sO.6r.t<LH..Q]k....%.v..........^}......-.(......Y.#........yJb...!..^..>G..H..$...GV.....js.4.~D..^...J.G....N.......i.....km......-kB..?.......=.G8P..@.....;

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68013v9.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6DB083381ACA775CF46FC611E14E7F43
          SHA1:13432A97948643E6311B7A9C4FB732249E2C597F
          SHA-256:3855F5C4CDBD0CF01675F66F2D9F659EE9321C26E97D56E1C65A67190DDB9EC3
          SHA-512:791EEF162F4900226CC4834C0AB129A59D832DFE04E5DEB7940662A95ECC7DC220A0C9E9B63BEC7FC1563C1B6FB6A2157B37C9CAAF94541E82CFA5A33BC886BD
          Malicious:false
          Reputation:unknown
          Preview:<?xmlO..H...[...P.m.....f6..=-"W..h..@a.a...RV.qW.P.6'....J..{.g..E?...!Wa..9^].c...H............t..?..U....9INnZV.B..q....g.....h.9.DZmC...W{....R..4<...r.6[N0._.d..sL.sL...'.H.OK...ZK....%/.D..S74...9.ZJ......F.....dH%>. ..n...../Xw8Q>d..\W.T2.#.;...}..-..Z*..S.....$n.,20.`e.....R..(.8|......._...BE!....W.E.R.J..=@..........#N.y.|.f.:L^T...m..N[DI.6.W..c.||..L......z......3N%..Q.&V......\...e..l.3.n,!....uZ....,.6....V..R.$.7s........'....B...P.5.GA$3.....K..H..^..g..\.S;..VrJ......&.......Sj(q..S.\kJe....3}.D.....R<.0/M.U..GW0....b....V....gS%...G.q....h.....0S)....Y.C.#\:R..5z.7.']. /...E..c.^.^..U..69T.A..P}U.....b.)....3C. .7..N..[7....]......K...'.&f0.iLKn...E.7.F....'.=p...LI"..H..Wk.Wu...mb._.2...'$q.N..t.wo.R.V6;.....x-.#.?WA.1.....l<..Q..~...IX.4.zU..hC.o6..t..<s. kJ....6.G...R...e.;..Wt...k..I.Cf?\3..*.[e0..r....O.....>P..I;k........c..U.p.1Unh..Bb<........qDr..[.?[EoWMb~j/..1u./>....^......d...#.h..[.o. .C.B<...1=..6.Wh./..a.T

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68014v8.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0B6B907E909290BD54FCE0C2B25C917C
          SHA1:B8374BBF0428C728037E44F8F36BB525A20A5D14
          SHA-256:91CBE9AD4DAE5B94354E0BB296520EDD389365952764CC59EBD7A557CE8C91FB
          SHA-512:0346751C7943317253BC2E461FFBCA04707F8AAC27BFCF4CDC5826110ECC8F7BF99764362CF2A207E64075C57CA4BAACB2372C702E5AACFD44B830BDA6D42DE9
          Malicious:false
          Reputation:unknown
          Preview:<?xml..oF....0....@6..........Q.V.R.1P....:...5.....c.8s.KH...H....^.Lp.^.....2....=....P.74N.e?..fT~(...".fr..@........7...5.q.E..n<.g.9..(.&.M.4#...."Y.N<D .O.zL...Z.j..4....m..>x..V.A.aP.K.P..9...x.-j%....:....^....g...f%.(~.!.5,`..H[.....p].'-.c....]....^....W.........Z.b... .?.L.H.3.....,...O..0.Bo.g....1.d.#"/....S...!g..R..K.\.. .9....iM....~..X..Ty*....aQK..[...= zR...Y0.s.]F/.......`.~fA...bs.?..*Or)fv.......Y..xS!.<e......I.qh-k;..}....0c.T.....D.4.Z<..5GVW.a.*.l.h+.;c...lX...".nR.{.....]..{.C....y... KW...]...-t...l.................h..=.5...K.2.0.V...+...a%.&.r-........D.Z......}..D......s .&<[..,...^.Z.;4<l.vM2..{=.H..[........-...b.@F5~f..L.nU.WQ.H..}..R.w_......y...?.._..DS....-.C.....Z.^.=o.g.9..[.....|N...@....9#............ ..z...E.2?.Q..._9.V..............(.n..b..m..ek..$...u.u.<]l..h..... ....k.....H.T....|......b.. ........&.s..c...D.9;.G.D.,.J......<K8y.F.=.o.'.....l.f.G...y.7.G......2%./][..,<.m.i.lf.:!...4..........

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68015v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2C579515E734A4F797670312E0884085
          SHA1:62158217BB312C64D527A9CCECEBC68A5F4B4E0C
          SHA-256:D2462C38A5D31F9E02139798FDEA4268C275886C6EA997CABA03D0ED337B2707
          SHA-512:178EC4B89E813A254A0CB092443357AD69F44BFE84AE97179A5EC718AE6FFA2099A392E4FC81BA0B157456623100612960D9E045CF8B2B7F4B39DBC906A0A5C2
          Malicious:false
          Reputation:unknown
          Preview:<?xml.!._.......WB.M..R.!.%....ji...}...+.L..O...,z.Y.J....{.?....T.;I.ZW)2......nC....;c...R.is.......*.k$.;..!.$>...J.....s..A....r.4.q...gP.tD<._X2..p.V.N...".....&y....4.^\_3NR..B.p<+..y... w..W.$A.WI.p...Z..n...!.h....N.....S....($..;..x.r..!.qK.......2L...?..E.U.....{F9P..6Y...\3i.f.w}#iM.7...m...$..N.{.*...M......wP.A.(L*.....N.H...d/..\. .F;.................+?.obo...2;.qe......d...U!.R#....1....l.x.j_8abJ..%'...[7.K6..yt.......z.Tp0.4.9x....Cr.M+.?....H..9;..7R.:.......b.......1.....|?.t..[[..@....~......(.=...'......z........EPd4.7.$..vo....X*.7.&D,.r.(w..$.&C...,.d..K....n"..#..S.'........qf..}..m....X..".O.a..5I.E;..,x....y..8.......[!y..cz..9uW....f......h......E.G..p0..%..6.5..#.r..yf...p.?QVT)..?Do*cl.b.{..#.tKx.Z..>.N.a..l.K.h.`..[.G.I...a.U[...`_.....6......j...M..@..6>.2.9.1./.._6Waj..2.tW3..!@...l..X.>&Z.%97R.....Z...7HZMX.2.X'......8..T..........`...T....i..].....~..D~B]|.$b1.......+...4w._...bx\...........J..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68016v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:44C767BB69402A3C3DF5FAFBD5DAFB99
          SHA1:395B9FBB9E5D2FE7BDE4C5B444C5B3995B58177C
          SHA-256:D813E2C94C6304B3AEC9474238EADADBDE85F9FADF555AA83907A2799BC8AC42
          SHA-512:1B63124B796F3BC556A487AA7290AE877C0A23E73194F8F46B32CCD3479B65C24DE8E64804D82F2DF1C6CAD26262365E124D1341BA443A0442816F9614BFAFF6
          Malicious:false
          Reputation:unknown
          Preview:<?xmlM.*&..az.e...l../.c..{.<5..~1x....Vf.|)...}\E.:........._.S...>.2cRb...,e.+.o..x ...u...,...}.!...n......#.x.I...\.Y.v.@..q+;.u.@.?..u.......8v..N.3:..9.....2......I...p...!.\.......C..*.$ .S....b.OQ.-$..qid_.z..i...N=.......6.+......E.j.PiL.Y6...s......o.9..\..p~...pNH.w+h...U...;....;..dK.P...?....Kin..I...'p..T0.^...4.....{....<p&4:.........^....;.b.g.L.o_BRN?b.K.ci*..s6_3}Z..*..M<U]U.Xz-.QlB.B7..q..A.Z.......v..W.h.oP.l..k.1...K.;....t.z.....jO.....p..-.e...G..d.(.B...U.wknX.4...5..Li.y....../y.\MS.+x..F].........Z..a}.Z/XG\.6h...n@...q.g.q.........3..'..[..@.0G{........0.dm.N{....@..y.F..-..W...ESxEo.....N".....2N..6.%..Y.db.W...V.a<S..Y.7.oj_.:??P.M..5Yx...........U..+...H..J.CV..$..3i(..4 X....5.......k/.)..e......m`.e.u......p.*T..-dB...+......].n....(.0yd.+.h.iRr/...9.e-.J..z....v%.(.u..........Pha .J...UU....M.p....F.t.(...4......^.B.i`...1...Q...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68017v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B436E42F00A2DD2B70E044170AC94739
          SHA1:95465F46871514016980FB2AC4179CF0588732C2
          SHA-256:FF13709F213E3ACB16A0EDDDE68AEC0495B70035FBD8592D6FDD0B1ABBF4D46F
          SHA-512:20C9EBE1EE2BE33D72CC4A891A6C3EC0FC27F260AA77BDF6B9622AA79232E71799A7218388872EC877A4BDDC5EA9BBB4DE92C463679E86BE5F23A1BB47D62B67
          Malicious:false
          Reputation:unknown
          Preview:<?xmlN0.P....s..tTN.....X....4.u...M...L@....\...i\........q..:....vp....g.E... x.......@Q@...J....>*j.}.c..ZTj.........)a9.:.j.....T..M.....kP....f.R.V*.i.vX...`.M....B..F{vQ..#.>T=.a.T.3.Y:..YH...d....j.W.<&!.1{.N..........d.~...O+.....#,1G.N.@.z.......C^.D..6.V.D. .....[C.6e.t:..../..-W...F.......A.b..o.u..4../.@1v@.2.....<wIS..>..v?.U..Z.Y. RI. ....f.|.5............jt)..y.a..{V..LS.fQ.~$..9.<=..waP29k......II..i..{.{V.a"....8.y.AL.......Z..Y....v.).."..H....X....gF...~x..s%.W.m..`.^.......{.;q.kl...).x.:!C.m...5..JC.i.C...u..cd.......2Wd\...`7*..Z.w....aF..d[..{.;Z42...x-...2.........q0Y.:.U....k././..j..on..h..J....V.B.6.......w.i....~.....4pbj].ts$H...[f.#R.3.uJTZd3.........g.....{..{m&....^.......*~%...E.m(Q<.o(........c! ..Y....gM.u..F..HC*35.51\...}@3..........y...H4QY.#L...s.3.ZD`J=...EG\.^..I...8.uIoC]....<r....>...z..x.Y.06g..k.y1kh.r.{.......|j.]... ..W.=...Y.h.;.G..V.......w\......E....((>.H....4...e..E.X....n=.O..._.H.v...JX8@r72\.U....:%8d0....

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68018v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2419743ED0A7FBA276BCF13870DE66DC
          SHA1:BE925D8AA71F2778D299730096B801C8114C7407
          SHA-256:9112281C33EDFBEEDB741DC16D824F6A919BA31CE0CD2C83403483904B9687FC
          SHA-512:7FE302EA6D38FEEE7AFED63F16C3D35147A89BD4AAC84DEFAB1411086C5686E99EFDE52D39104011C916E0B2597EC57DFEF492F4524712EE3BAFBCC78C0F7D6E
          Malicious:false
          Reputation:unknown
          Preview:<?xml".?.G./...-v.C..W.M.t.Du...:.E*..x8R..P.6..r....\...d...{..\t...v.....[n.BH.,Z.c<.N.$..i..C..F...=ka.7.m/i..-....Y....:F...(.r....j...Z.%..X...o.......e#d....(..C.... $bbd...(..n.!l|...d..U.w.mLia...AN> .B..H:......e..AV...^F..#.k.y..H.....7e....8.n.b...TC.3...rh.O/..2;..3O..r..p.~..8z...........ge...M,g....... .a..?4|E...*Zv.z...3..P.M_.*.>..{...3.Q..p5."(uPbJ.5.R$.,#.;A..!.y.S.p..VTr5?.^n,..O.a....r/2N..<..W...bwp..\qZ....Q...s....|.].X.O9[j.w.`..............gP..u..7...s.i./!.;............:..:CVc.2vRu.=@;co..gH..........=.y.z...rG.#....'........*.yMF.........y.Q,0*."..p.i7.......+O./.2.~.....yl.VM.Y........K...m.Q/."...v.$0:.O".*.@S..%..lz...-s@./W..~.pX.4.0:H..`E...tt.~..w........._......F.j`.y...p<j1w.3.CE.J\{..S..j..>.9D..X/.{EP.....}.+!;..(,..emn..$J'xk.aB..|...........V...b.'.....1..>.......68.[..Q.....Th.lY.W..+.h...v. I.u'...?...z.....;.c....s..|b...u^?......$..."1{.;$.D...O..TV....T...L..1S.N#7..........5..jW^.p..e...q.A....r......+.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68019v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C92CEA5CED45F6B1273B340BE30A6B52
          SHA1:1CCCD7D0350A511691D52A936588ABFB3B1C88E0
          SHA-256:8AAEC4BCA73FBE7C510A34F23316A54344B5C6F18B4DDB24FEB1FAA6CA89DAFB
          SHA-512:840C588EDDF1723D5A18A653C2499ECB42B3E3167AA84FFA4519EF7B09F8B3542E2DC7078F3496325BBB1388A885DAE81C9D3FDDEA4CEDCD4AB97F1B86176DF4
          Malicious:false
          Reputation:unknown
          Preview:<?xml.a..$.^n....pHI.........P....zo.]..M.U.Z.Ln.BH..."..'...]....(..<t...g.{4.....z...o8....S.N.g?.....$2S..&.Q..w.a16....:..'.9.....nm3.;....15.t.z.=.Ik.[...7.7.M.......sB^.?8+]....E.;;.&.<...h.<.7..".p..m.x.u..Q...R.4..b..D.X.......x..gZ9..!.HWU..<3EC=k+'.N\..i......'.../.....'^........b..Z..f......wlpwP.>..`...7....d.e.IG*..w.P.r.b..~D.y'...rBRDWy.Q.'(d.92...0./r..w.~ Qa.0.V.&.s.v......K..E$KJ.}...J..cO..+...:.V.Quj.0.`.S.b.*..$...d.........ok.i.j.<KD?..q?..(.r.........J..:.9m.P.o.P..H^...?.......B...9].<...x.].4B.}|...I.AG..\...*..\.>q....Kh...p..4...p]...`....9.xF-.}..b.......S.........%a*....R9^M8...:..x...*sn6.h.?.8..I..m ..tf.....SFQ.Tz,8eY.Ev.7.......\...].Y-..zq..65..R9..c|.jk..q&s..$.dP..b.5..>......)...*S. >..G...:.f.B4..#...........U.oJ.)+E<.i....&....:.qC.....o.^..&>.i...Vu.].B..z....Z....|.n.+.my\q...R.a..E.m..+....C.m....!.S..l_C........~L..m@.{.6xou....7....W.r(.......A.]..%.....q..'..x.....*....Dr..N+r.>d.&@..u.3...%.....g'].p

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68020v3.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B8178EBA869665D377F4E9A1BEEBF578
          SHA1:E0CB24B26578CA935C6A0179E1822C1024FCBB41
          SHA-256:B3536F74F53A0419354798859D114F4096935A3C5B8BD0FCEFDE925788C56444
          SHA-512:A1E1EA88243DDD652EE7C9269D31559732B998C7A9AA54528A62C078698B93AA5D39E520F54433F5AB2F19319792D937EB5FDDB336E552101019A2032E87D12F
          Malicious:false
          Reputation:unknown
          Preview:<?xml...*.m...)zK\.........)...........i..9...1B\..Z...QI..+..aRH....<....Ll..I..U.$.sZ....(.)...5........... >..0..........(6 z.?.D.+T.#.>~..../.9..|..?7..7.=.C...3...........E...f.(n.4.`....0.G.<j.!SM..s.h..4..Ul..4..>@.....;f...{...0.....^<t*5.$......#.....v........&^...._.AJ..P.1...Lr..44h84.....\..z9L...".2M.v..Z.......Zd.e$.k...B.&.'.r..O.....3.UT.X../......!..&.E.E.[.........{..}p.#.F/..e..}....#.!..N.|...i?....$....F#.g.d%..wC..|I..L..............u....B.W....T..&d...\.b..o84C(*..l...4.t.p.....c.W.6.p..zw....1..L>..+.8......W0TNf..F(;.e.5^(........|G....x@l0...HL....2.8>..&..ga.......r.......g...[T..f@k....6..=..Sy.be...k.K..j..e(.x..w.'.qp..=..g..v.M....I4...n.!...oT..T...v.ZXO....67.^..B.././7.)|....S.(E..Vz.....l..9.<..sIy.u....nL.L!FqH.....Bw...8..Y..Z.....NQ...^I.....6.../..,4...Zi.x^...p.....NE+.......(.K.pmU...........*.....j.6x.Q..8.e\.,...AX.V0.=qD2L...OS..M.Y. |^..}.g...[;.....f..q...]..q[....O@..(RD.q1..HvA..KT..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68022v8.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:88A89A94604A29100FB7CB8969F28872
          SHA1:15C1B019205AFC3B618A3778BB7C5579E68D467F
          SHA-256:5B5B2031A243021BEB5E5F3EA87017F3C2E1CA23757A3FD0D64F8EF3B5F1EA01
          SHA-512:E227A7BC38883D0356182753F150C5ED9E18ABE1F3EB33CE793022563F4C24D93C7122F6B658E6064AC2E55605ACD1850CC2DA109208689A8F17BC4735610333
          Malicious:false
          Reputation:unknown
          Preview:<?xml.......sG.>.q.......4(j8q`L'AX.I...n.GGv..~H....eenq...S.b.5...m.4..j.F.[n8D...n.NS.(*..j..f.0/+.6.?.A8.....Q.3d..y......3uo;.D.....cH.f>D....@...\.mQ,Q.731g...G....R(@.KL[..z....2k..G2.....:.D{K..e......(.w..]79.~.@.4..2.......-.-..,..q.W..$....oG,g....Tz..d.....L..b...&.....g..]:.|..*.{..S4z.....y.-.u.4K.....V...L?.s..:...p6...Y.&.&..u./....*`.O...gZ.Xa\..(.R...]&...qj,...Cs..:..>xp1..2f.V}.6G:4..R)......J.......V.....\.J........1.".....e.Y&..c....4....Pl.G=.q;..^...A*..h.3.U..c-.}/..\.P......D~.....R..Z.G.I....3.f.>.Q.]./...........j.51..;.@..;.z...ai. .u....joF;9...,.##.F._.=...R.12.>&..sO..O .&S.4..*..K.....:.iO.LP.1.s.n##%P.{.[U..^..dAH..4..3.:GT.\8U_.6.r..9......S..z.).U!..E..U.I.....v.....t.....7].n.d;$......\5....iP...S......W7.............W?.j..s.l..c.....u.H7..[..x....b$...i...S...A.Y.4..O[.H...%+..o-..5.4)...bA...?.y+.....hT..Uv15..M.:...U{Av..{ #.....W..}...B..-s..).y...m.9y.*y..a..D............._g\..O..M.s....;..l[

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68023v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:44AA8A82C38F0CAD6E2E40C01A98C9DD
          SHA1:4477BCAFAA7535EB08E250E1CDD496717E4EC92E
          SHA-256:DBF4EB5402B272E87089F049016CEBA230A5EF5A215BEA2C9694B198108B3E74
          SHA-512:CDE4BC4FD8489E4421C9CD78F5CE3FFB6A7277FA3C33BD31CE13923AE0E70BEDB68EB87B7A0345334F4D7467FB5333C22AB57030B37C5458A8E44B42378A9785
          Malicious:false
          Reputation:unknown
          Preview:<?xml..^....Z.m..w........%J....=n.mn2...<.-...f.>.A...%...BS..a..P..dR......HS...z.)YZ..pL......-5..-Z.q.W.:".....E.....im..`kk..-....h.EC..@c0R..N....?\.F...Q...*....l3..............m..e...y.."Z...0.J......%.,....n5.6...J.z..FA..NO".......1...DLOC*..USS..J....P{...E....C.6C.......w.d.@...Z..a.W;.2.sU..]+...c.o..r$..'.:....L.t.....;:.........AG!.%....o...RZ=Kzw./.=..0....pL.`5.3.n.O.K..9..V...Q..#.'.:b.....r.m..OvN$...*R3.zV.H.%.:/..K.H...$.....k.&r....BpK+...`..x.[...2......&E.M..d.&y.B~pL,{.0...$r:uw5P.)...</..E.i.L.|...f*.3..I..f.@{.._.[../@u*:|.P\...oq....0.`..8.t.V.(O.e(}..J....N....[.6v...z..0....|.2.7...'......x.]!..}..3w...vI.)...x....<...l+..sO....K...I.S.K..`.v...n..4.....v.;$.5...C..j4...S.3...J...CbO'.Y~.,A7"]../sN&..t..W...;..p`l+.Q.....T....1.J..*._..8.v....)P...._...U.Y...........Yra+.z....E...........]..0..Bpi`...-Ctr.....*2.:<i..=...3G.....e.Q|....0p.S...........=..X.eQ.&.-......f....i.>.G.}?j.*.xmR.q..h~

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule68024v2.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1DFD270601E8D7380F5623E43EBA281C
          SHA1:FDB556B0BFD54BD151B5E542223FAEE2C2D0272F
          SHA-256:55559B5C4AB8DA235577D8FE27F6D825709AC0ACE713411DD849FF6725F20733
          SHA-512:85F76484317EC00A5C7717F8D2A20B01F283437800DC7A12840888EC2510EE8A140B529A1F0798E58353C68C3BDEF02D59D0336FC9D5908C7B7E3915DEA00AEC
          Malicious:false
          Reputation:unknown
          Preview:<?xml...l. \.;.i;.k..}..W-.|.K.............@.5..=.9x....Z.D.......).x...s..g......y.|O...]2F(.9.JT.9.~........s.*......0.../..z..5.....q.E.1@m..h...]f..3.I.[...~.s.z,p.....].r....=i....l..P6......7+-hJ..Th.|T..S-..~....n.....]w...Qt/.g..j^!.P..=...%...#]....3.....;2...XQ.......r.%.A..M.....$).{..z.....X.........c..D..b.3.".R.,.G..*..[..y..,...5..^.z.=^..(....i.MFF...jQ..1F%....G(T...[.5.{......%.l-.p.x.I..=8@..........U]]...R.(....i.u4.h.&...=.A*!..1.&.".{s..[..6a....S=......O........g.t.. #!..<...j..Y.EL..K...WM..#.\.:KX..:..;..;Ua.z.=...Cy.*N.w..2+.C...B.0{.c9..z.......]...u.n.&..t...0.t..k...</..vC....j"..Z.^.....G8..z..........U...]...`...] .8y.G..n...n....2....+..7Zl<."e<.D..g.....1..h6.h.I.2.."L..c...4....D.$l`.....H=.H4#.ysG.zL.i..ER9.\.j."n..U>nr..'..c.7J.....N...O.]..D.rM.).w*Z..8.\i.K....q.!Y..g.YDq...z.N....'.I.0[.....C.0.2..ND....._=.>%s1.2....#...!:.5.......j..G..7.......J...\O'..Y....c..O9...g......)o0.5M.....Y...t..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\excel.exe_Rules\rule69600v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:904F4F8BC85A83BEFECD3AA8BD7F232F
          SHA1:6217E5131E1EA4E12901A9AF49B3CC2C95D98F2C
          SHA-256:0601F7831E9EF83E744BA902A9817AC4DCD70B1D46E5195B30226A52AF675171
          SHA-512:CC05AF12CF00E46F10240167BEA8C97B355FEB4CA9686699B2F872BF2777E71F795D3632A9ABEDE261B4072F6378A3F5D2E5170AE1EEAF47B1D9D26BA35702D3
          Malicious:false
          Reputation:unknown
          Preview:<?xml8PP...|n.8.Q.;.W.H..5.....Y.dy..B@.6....=...Q....6...h G..4!3T......@. ..j..v.....k.....C.......V.....tC.>\.#.P ..>H.mA..-`}..g...T%....y..%`.=......@:...~.g.^.?.j..C..CR...za.......9...c0M.....~.9.......s...n+z....H..W.%.W>.8.jY.j\...b.oUJ..,...b.....m'K...L..Y...)C..Ij.Yu...;]..f9[....-&....."....M.QuO#n..(b.F.l....v....0-..EiR.f.......#p:.. ....Wm..zT....+.c!.2b.#.3x.....}...ET.....O..tsk..0IN...n..~...y..:.l...g6..._...../."..!....f].,.`..o..a..T..Yp....q.e..Nd.!U.a...X......]j[.M.j....t.(.......Q.4)..AV .XC[(..U.AFL..~...MPv...`.-......r....C.2...[J"s+..1.Zkk..u......N..il...*.L.[./.,....].*E..... ...W..!|.eQ.*9%k.%.^;*.4.Z.._......r.F.VqX...b......g.s7oB(.|...)j3....^[yP....vv..8<f.cu..n>...d...J.k..L.]2..P.[r..>Nhh......"..3...*...?~.5.u.p..U...]S.6.-...P'......$.R...!..W~{7.R.."/C..,.'+....)....Ll.F....t.......H..<].._>.l...J.Q.)6j.....Y(..R..i....r...8.*..zei=....^AN.E.'.....=Z.1.t....=.+&...,.$...9.~%......O..Nw..zo...;..m

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5C11E80EC8F979E00AD88BA9D8B44118
          SHA1:F2A5BFC672A620DA6E1A6F1987293A9F983BEA98
          SHA-256:3D938D0B43E18FDB789E73104E952889ABF47A9D1CB8357F246F0FFE4E77A1DA
          SHA-512:B527139C329EA70E2E36DA002432C0FC70695ABF8815074F3FF27B36B82C706A594ACAA3E93DD59EC267B529048713B5ED3EA0DFD093B0AAC13776170FD084F4
          Malicious:false
          Reputation:unknown
          Preview:<Rule..(.."G.Y..n....H..q.y1.a~PZ.+.A.}....EcbCKwl...l..wU.q...%j#..z..G.6"p...).?S./Z. Apa.`.f.).h....l.{..'v.Z....0...'......^......js\.(.kjx.....).h......!x......f..<.....Dq9{-..P.s.tc9.I..k...w9G.~..w...5....g../..R...i.b...7....s.-a...&\.9}0....oz..3....Hp`X{.....P`..*;uI.:{..[Z.;...-.O.\?...,7.$.zM~...lp.c{F../.q-..n.....nj.7W.|PB.l.O.X.s..)........>.v.b5...!.2...q.....S.u....{g<......k.wH......:+$._T.`!...A...8uX... ..zx..l.r...E..5\...dw...R..+{:.!..B.........c.L2.x..B....-.bp.f.5..,...(.[.#...#.9..B...^,a.n...$._.y..>6w[./;...N..]....fc..}..v...Ic?.k.%.."H}z.!z?.}..)..9.F).................Ipy...FY...':y....]h.S...V..:&N,......)...b.:(.V{'....W....d....tB]...i....^6&"z...T....~..Wv...r..=..xu.w,....7^..iz..FZ....G......L.9..f.e\.y*u.r.:...`..Y....i._..WD p.5m.p\.........3.G8.........l.+...bG......&V..f.RQ.i....`.5.$.5-..5...nQ....!..;lC.n.x6w.".....P8]"....[W)....R"...\e......9....dqrI.\[.b....E.=..t....Hl....J..I..H.b....+.......j...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700750v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CEA8B16E5DD270F2C1CEFF5466130A38
          SHA1:8344F6E8BF9E37CE5AC8305B8B45189AFB5797F3
          SHA-256:89533C317365BFD0A09DACB720500DE05AD0A006C3053631167DF16BB7C133D0
          SHA-512:E168175A9FE89D4099311774A73BD9E02E6C6E91F7852511128AD143FAF4495B3D6ED08AA1FB42520F42726079C7AB1E1100AAAC6D40985816C29FEE5B1AE1BA
          Malicious:false
          Reputation:unknown
          Preview:<?xml...]K....W&x.'..C....Y.4Zf.*J.....4.....f.h..P.0&..,|....U...j..*.1C_..4.`sGq..y;)b....D-O......uf..7.*.*z...{..,...L..'1._..4...D<w.S.+..f.lNqM.|D.T~..^a.L<M.....7.KO...ivQ....ggW.u..Mr..L..t..].*....*........sD...&.[...OB.hxC..X!..J.7...l%v.......,5....".n6.s$b....*"..VY:Z..$;.......D ...hA..Y.../.....Mt....{C...A..)]........[....Z.H.....K".wU........`r.U..O...........6:..^...0....\...H>..5.%.yX...i4.......(V.C.a,d..&t...O.k..:.T'w..E5=.....V.To.a\.L.:jl...3X-..S.X.4q.!.d..}g.M.p...\....O....i.6...#.n7..dz."j.jW..&.E....h.`.i}............-<y..V.ME}!....Z.DF..s.hK......$....[w..p^.O...^.Ve...-.M[W.S2.F8d...J'....@......c;...h.Q.Dl.Cl ...-j.].U(g9{..k.K.+..?.b.sv *........Z...8x..S..:.....;..M..^."...%/.....XT.'.n{....r...(..LL3.n......Ag.U.~=6D....&HfC...)|W..m'S.3.....U.|Z.1...R..|...gH`%B......K...G).d!@....m%...Q.P...W>......0LP.b....Nj..br..(..8.!...H~..C.G....+.).@....44.C..K.W.X+%..m.A.n.>.8..&...s .<...[92.,Z....1\........V....k..D.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700751v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:37781B50D387B53231CAA15A502C6CEF
          SHA1:C0F8567DFC8A2F9F53F09297B6AC739D40EAB2FA
          SHA-256:10F525D4526322DD0A4CD708CABB04086CC716D462D130359F086C18D651EC4C
          SHA-512:BC1518B9ED8E3152DEB567C2FFBAB2535736CE7194D5909C425CB5596508B4CD8DA607D67A6878E6C5F556824CEDA9545C9031A8C2F7C0025BB0532EFAB5D628
          Malicious:false
          Reputation:unknown
          Preview:<?xml[...g/&'{R... |LET.r2...g.'....jV..S.w......./B....H..r....e...v...{...!.~&._t.....w.^@.B..i...yVj.&t..C.\XmN;..@...kJ...b..;..!.Z...jr5......G.2=....L`F......FJ-.3.+L]D.W...~.W..\.>p....K..d....L...Q..S]!{.{1;.....yg..i_.U...e..+.S.K.F....!.l..OA...[Z.s.#...Pu.8K....{.......50......s...f..~v....ohf.2..V^D=......5.C...sC...n"E.).s.uG.QW......p....N..V..]Y...#\....M.o.....!..G..5f`....~i....`.. L.[.S...1-|S......r...Y......S..V.L=`......../....B.b.~."<.9g|..i4=}....P.sS..:....Y`...:.D.%R..;..L......AG..R>.&p.....g..~...O....@hVPkV...CE...3h..........'8....X..[s.......v.|...<%.M|.a.........!.i...=.Z9.F.G.....Nd.e=.....#c}(.[C.....\..?...B.....5J@HC.:*;m...n>..../W....6.N.Y.Y]....9.i......'...LZ.h.%.}...u.6...0...>*!x.(y)W.y..C..[..pSA.8>u8.c...........X..v...q....!KLG.u..I.ob.dl.V.u`.......r..A.....n.;...dh.?gK..........TlYW..y..0.L^........).......c........VD<.....cO....G...B<.'n..Tu..yf.Z....Q...J%u#..(Te...F#d.$.:tvse.GE...EW..&[.....i.L..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700850v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:06307562EA9E553A2895A15363114698
          SHA1:6668484AD4C36A7023585AFC7CDD8C82EEE8E851
          SHA-256:0FEBC961D37A4938EEED9FD34D310768FF39EBA14735955D4741AC0A2A40B9FC
          SHA-512:C29163C5998264BB301557A4383AC8C0EC9A72B0AB7035FD0A78F11F81F87B9AD699C7ADFECD49190590808781FFEABAFE6F7C56C9E818D4002EA9D98A7CAC78
          Malicious:false
          Reputation:unknown
          Preview:<?xml.B0./.l....?& ...C.....2.a.n..:qk.g..\.!....f.|..&`.?;....,.aw..54...a..`q..~.^...C..o..+......~X5..G..kD.Q..c%?Y......f\.....m..zh..r.l.`.4........M.&.<.j0?....k.. .,x...S.... ..p.HV.(...N-TA.....$....t...(7...D......U.Bv...)..)h..F.#..Q=.........j#...C....<8.J.3y...2.v._...yLK.....A..Y.8]....x...~}..#"G..... ."7>..8r......Y......U...."..`-....71(.k...i.Q..|.g.h*...@.Y.(iM>..W.f$....NI.5jr....R.A...S~'m<J).v...U........I..ap.B.r.E/....w.....'._=...jd'F.......f........D.....SIh3.E.}.f.\..``.D%.#0.'A..U.J$..?q.0......&.....U.....EP.!. ./.{W.o.. | ..>.....@.......Nd..$.9^M... ....U......1. .yIou.....*.............z.5<BKm/.m.F......B.e.N.c.D...\...~3CX).Z...p..=.X~..Y..X.dt..3.v.9d...=...U-1.....-2v.S.)..q3..;M^....0~u..e.......k....?4Vr....`..W......F.r.....D....B=.KA..#?.r..s.S.V*.H3..../..IF..#....U..2m.D..k4Bg..T.!aC....!.te.?x.....$.[Wu......U,..q.{. .zF.<.H..E..w..N..i!.!..5.FDS@.J..QS.Z.@.5...p.S.,.q..Q..5..a.=...#`.390...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700851v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:498065BA673F9EFC4206F65EC2A1691C
          SHA1:FE51DD512BBA199296CE0BB5656A0CA33236554D
          SHA-256:CE2257E58B95B8B08C0146FC03136D621D000772B4A5A949217FF6DC97F67DA3
          SHA-512:6C18484C58190BA0B6449903C212FC1CDF18BE8493EACC5C3FF373AE5B2EC6EC307124DA5F5E0CEF42CEA355CBEBDF3C3E64EA12A00A371901B3966964F37A04
          Malicious:false
          Reputation:unknown
          Preview:<?xml....!=.+....9.....t!FG..|k.>@.}c.d...UV>.7...o..Pv..@..Q.......P..%..5.........~...D6.....Y} ...rMum.s.D:....`......n\...^#.>I.....P...m.:>\.@...Y..1!...Ex.K:KEWC.#`|..(?.a.&:..V.L.._..Xg...k.Y...C...4....X.al...-.n.........eG.q..mI..V..Zi......:Bk0...It,w._~....6zz....Iuje..R.(K`Q...f#..FT".......Ly..[..=.m].>q..ZX..Zcy.g1v....[...`.......a...>(.._Y......1......`j._..s:..+.r..&.Q..&3Wm.....)27s.N<..e_....@!Qn....W.'...^S.a..'W?.../..udHp.....?....3..h..^.(...v....%h{H ...G..jR.n...u.UI..Bd.CEa=e.c.Z8.7.....x....>..8.`}.^.A.0/m.J.~.c..j.A.~.~l..L..@hY.......?...%]..Vl..^.6*....p....Z.;..O...+l..8...c.w.L.Q......Im~.A........"......gC..AWL...jR...Qe.].X.D.U*......Z.........F.....o.{.$..}..U.t.I...v...0..3.4..9.u...p..;)h...".!.&u&..).N..D.|.?.P.Z^..l.h.....@.c0.m0_J.c.doF...V.9..t..V. P;.b4I_@..}.m...x..r.M.c}..)...F.C..#.'.5l....0.S.<....L.,Z....!k....Tz}:....8._.|.Vy^6. .(....W..L_4.|M....t0..Z...Q8.q....*w.V.........q...#W..>...U..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700900v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E4019E7E524B46CC9282F86A6D6DFE60
          SHA1:85082233088AF847BACE18E9A027EEDBC2783EF9
          SHA-256:BF7BF110D3C4D587F7C602D00382A0D8A189DDA4888D5BEE8A760A91951992BD
          SHA-512:990762A04E3484E9C6932022D7F9273EF95DCD6FED4B46A35091BA65329DEB7D21188344F2A516EBF7AEABAA22B0276F7A349AED91DDE5B8AC1AF268FE78933B
          Malicious:false
          Reputation:unknown
          Preview:<?xmln..1..i...0..\..}..o.......3.Z..z.N<.5.....X..vG...a,...3.`&.....V. .q..u..v..E ...I...S.......I.fQ../.../&90}4.5.....%l ..*...(..#...y....%Z..;.!...2F..7.o...ew..@...[.......i.|.1?.....a%Pp...3..O..t....*.s:.6..^..&...|.. {.v...7..i...Z....f.@....7. .e..\.4..P..4w....T..TA..=.,F..o._..0..f(.jL.k.]W..f.R...u..e.....n..'.t.Hy9..=.R.... ...|uf.n..[.ZG.j4.l...~.#,R.nI.z"....D.'P[B..s`...o...).1..!..K..{..T.......Y...F4n..,.j.0..".....%../..NV.+K[i.j<p..@`..5.[........]E.s%O"t,P...Y.<...~.63u....&..n..d..m.....20..OB..$f.....-....c..Nw....U..m..s.l.+o2..[.K).r....#.@I..b..J`...x..k>.=..t..b.....>..1=.Bx.N.vDm..Q.-..1.W...o..ADi5..Cz.3x..]..iK.^-;.".As.....M....W..\......>.....dv..>.&?..xa...r5BJ.. 5Y:p..l|E[bb....+...~....,.+....%.x.....%Kca.<.MGh\[......YN^J.-l..(l..._9Y.G....3.......}b9I.G*..-.D....k.hbk..s[.A.o.^.v...-.S...:.m..2.I.d...e.W.....T...rp:ZV....z.V.d-g..{.].j..bl.1xg\'u...m.._{.g1{.>G`...i.....L.......Z.....j8

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700901v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6B7D514B5B63D63E151E3D9304B73BB9
          SHA1:8296142B80236E5309989966C33F0FDD7F9AF857
          SHA-256:D01D562A4872C97D9EF03980844348ECD84326085686F3761F2C7A96A0F134B7
          SHA-512:DE3F854B2DA86E6A424D82A822945C25648DAC21995CB1614C40E09989CEC13B19BA3825815F7CA6B813C349AD32B52FC7F45040D692DBFC9A707AE9BE53694B
          Malicious:false
          Reputation:unknown
          Preview:<?xml.;.+..R..x.=.}a....N.$.-.E...........8.....0.z0y.....W ......:.t`jk..g........%.;F:D..I..;X..y...$m.c..W.......c@....|...4|W.+.=...8`L.Y...%.{....Xc....n.<u.F.D..'.J...0.1`V?.O..:..N. `X..[...h{..:.BP-g.\.j_.m..8.I..N.5..'....6....WO....?.d..-6D...CO...Y1.....be...hPe.].q.....D..%.I#......!.N.........R.M.|.x.j\.X..=.._1D...x.'...~.T..0.x4..1..Xd.3eI....%Y.#7...X....Wqk.*.....z..Y=1}(.".....M..@O....}../n9.....,..c.....\.Q`9.........4 ...'1.K)...$>....$.5.~.....w...PU.Y..@..P.3...$..a1...'.D.>.eX.._./......k(.......s..E5$".....+...$.....-s.U.._..y).Qn..<..`..4...W...1I1I....{S%.g...#....Vh..7..O.H...?yW........-cE:..../.+.1I_...7.-'......O...a...%.....U[..*.X.$.-.....q.-.]...B..?H.M>L.]..Y......i...H..T._....e/.@..j.lq.....a.,....E~..q..........JX.g.^=U..?.;aQ+#.pZ.......:UW!_.!.Uw.V....Y,..Y.^.tx.....+...o.Y*.....~...../DJ.....0$..V.+..f9...9.......e.).. 8{.......G...........O.....&E.I....{.[.5.[...E..,..s....Z.<..........+.5T:

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700950v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4F3B9ADA20F70F6789653A559F0680BC
          SHA1:490FB78669F262F8EC19877B6F52C96C19FD434A
          SHA-256:5C99C70E2A21447537261D194127E47642C36C11F95CD75B3A0F0634A0799E29
          SHA-512:0C117E65F1418879667D27544B78716CF4D09B6FED639E73D68C35E896A6D6DE5BB4B0667F651A7D260B56D60D8718067207EFE3E183DBD254B2D77AED468ED7
          Malicious:false
          Reputation:unknown
          Preview:<?xml....;"... .s.Wp.3n...5Fg.L..:;-..........)....X....m.O`.......rj\....&...|...|..RL../.U.B..dT.... .UH......bQ|..J....sD .H.3:...y`_......A...`G....@.. *rA.#......&.?...M....|oFRZ.g.G+..1/..V...../....<.TcE[K2w..gT....._..&oD...b..so..;9..J...W*.0..../&^r..7M.........To.c.>~1.......:...........K(H..6C...H...<......U@...i.....7Q<..6...S[...c.I....'y.......^86tJn.#,..#7A....3..n..u.g.5@..om..%6........O5..f<k.>.'.$"3...@cL...O..'...K..;..G.)Eu..$.kh...t],.O..)....).Q..l...+..".E.d....D..+..b/.`..d.^Ej."....5D....K..].".2....%.8\.~..-..%w%.s7._8.%.E..w.w....p..x^.....tc..p...`.wgs'.......c...cGP.6....F^..:..e.....5.......>;C.]...P.|R .g......'.......F...1`..6.c...Uq|P.......=...m....n....N.......Mhr....6.r..c.. ..(.....].i>Y.^.}.j_.H_.K.....1g....F...5..OZN.v........aM?..S- .....cD.V..MU.>.....B.!Q..m..f.5.G 3?......?.Vk_....Hl6.!.....+....U.].#..Y;Qw\...K8....f......J....hA...!n...t;..U..;bw...3.IF...&p..j..=.^.....MM@.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule700951v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:93A232E50F99039AC2F4164EAC374473
          SHA1:65827DCACF9BD5106AC3D8FCD34AD92599432A2E
          SHA-256:37E1CEA9C9ADB80DCACF1524C6E3A25D758992A83810234AEC87EDAABC271DE9
          SHA-512:CE774FCB97D57D05A7463CA3EBEEFD2BE3342021585453D5789656C564B76A038734235C3BE74CD5EBED54B2CD099577BE7741E6C14D5BBC69ADF22FCBC8E39F
          Malicious:false
          Reputation:unknown
          Preview:<?xml.+.g"....r:W....`r.q8.k8..!.Z.0:z..u....g.J.M.m.=`.x....ub.....y.Mz....].(>.....p.!-4i..9B.Z'.....u..t.9.8J.Qw.j...c............^?.4k.h..fLO...re......X!>!..(!.$/7.'.\.CM..<..Q......7..t.Q=.1....SL..~l...M>b...'.OKd.w..!...+../.....g...Z.ZDD,O.i.K...4;.....=.A.'C#...$.........}U.. ..PF.\<..5.r...?3=..D7j...H..T..KG=........o.!M..F...6..../@..:]..r.E..X,5......^.J.~Q.b.D`.....d......%...d....6..W}[.4.k.e... ~..9~<CP.f.o.....w...'..=S....D]h......@..[.h.j..pi.F..`S .....7.3t>.G^..4^....:..@..=/t.i..A....OE3....l(!..:...].....XE.!....k.[..#G.|...:.]...........',.q.u.x.r&H.v......3.3h.H.gj..81..0......R.u.a..vP.}.U.`.....Oh...a.....h...?@.E.,(.p.|.0.9....-..Y..Z$C...e..~a.o.0hb.r$...L.^.EV..W..YB...rL...............*q....[].-.u9.W.N.T...OS+Z.?.L....7....$+.^1EX&....].@f_.a.3.......B.<...MPS.x.H....`..1eC.G..y..{.{Z.w.5....6.YD.^.ikp...JI..Q....U.9e........7k}6.j[..B%. y....[#...03...=.............|..X.(._.?U9...6...]r.CN.G....HS...0..=B..T...s..

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701050v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:ED31CBFFF0DCB5C6E8BD4791CF0D904A
          SHA1:DC8E08F9ED6F09AFDED46CB4A0B797410A80A609
          SHA-256:92BA061CAD7E73A0E2FA2B38420308A11600C49BC15528EAD71D03D5A93343AA
          SHA-512:A7F6B64954B4956E6CFE30DC81649549B3CCA5DE90EEC5C33C705F6671D2F344F74D651C06CEED577987C96DCB86E6700E7165C3D7F0C2C9B625CEF17B02F674
          Malicious:false
          Reputation:unknown
          Preview:<?xml..~n.8.w4.\.....Vh.}..;P.._)G..A....T...5.....(.............ZkZw2...n..k|.y.u.v..p.j........5......p..Gt.z.=~..#.RIS=...7.O.@9..(J...l.Q.5).^b.s..t..\..}Y*`.......c.p. ..s.......C.4.-U...Ku}........C1Cm.dY...[...R.}..VMO...\C.l(.odG...!..n.....I...s"c..K.Wn.u.....3.......s.z:....6..D.pf..Ci.h.0...$^Q......;....+G...b.E....&l.3x9......)j..(....G.'..4..-.NW........X.u.#)..9..iyz.8>\A...R.'...hw]|.gN..L..G.)s.>...F...W....T..r.....?..?...}.[.}....ehB..f.l....,.G...p.>..|...{+h;.L%9.{.y..7..IX~f..`...V.u...Y@..)e.G.w.......].E.q#MV...Q.1....X|. ...T.J......A.....=.Wi@...MJ.9.-.+...;..q.._h.]..+@&J.%.n..5..cL..d........m..W)..CA5N........L..&..E.C.."-......9..i.z.|=..5.....:..[...zX.Z!..`...H............GG.......J...#1..fc..?.h.E..(.r~................*.....m..?m.....3d.j!.............i....+.b.....)as.i_4....;...... ......!...=@Ej..L.z.O.R.bf......w|....*..i.0.X..6C....a....x.h..H0.....W$w.p..N..R...t.)..e*Y.].u.+......&.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701051v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A3D5BF2B577D8EAB9FDB2E43CF6541D4
          SHA1:9311E34E82CD60ED6CB61719F4662F28B7DF3A5D
          SHA-256:769B32984F0F02B7E0467AC13CD9E3BD8924B1AFB3A5B83C536A99154BA91686
          SHA-512:D6EBD496491474D4406D2E255D2F38C9C3DF04D86F1FB1E837887AA0D631DE7EB573BB0FD281198F78B3759E78FADE888DF763B0DB65173C63F8F831BBCB2990
          Malicious:false
          Reputation:unknown
          Preview:<?xml.6....1...5......{..{.$lG.,b.#D...7..._h.b....PR....p....4.4.....D..CN#&...CT..Jv...;+..7*..WG[.;.o...c.B...8....3..4^..Z..:.oa..L..}..Ly...d...*...D...]....^.Pn..S.Rpg..K..5...[..d....1r.p....'r*...Q.#.ZV..P....._..."?#..g..M.V.A.....B.H.R0p......x....E...7....9d._......I7..Z.q..@..+g&...U....,.H.<3.....%.U.L..)/..)c|g.n..g\'e]A.;0....|..,;M..C..U......L.yl.p.....'r.j..........9.K:....;...NH...%*....v..X..m.2g......>`{..j.ep.^....t...<0.'.P.....,.%..}9......I..?e..CP>.424$j{........g..z.G)....4..6<H>5....'....7.<0*%..,!.A.....B...\=.QS=GT..m6.A.h..."e..dC2.%F..:..l.@..8&O..d.......;..J....l1..<2@}..{....3Q..~8.Nw...,...<.J.I..a..Y[P.K..e#.13&..7..9....S....Hfuc.a.iQc2&.A.z..9Y.F...Xl...=...J..3g#}.`.gD.......n.Ld.`...W#.3...|4..NP..Pm.........>.4X....f...{Wq.....F.G......X.V:.31]...a...y.n..%pd ..H..m.ml.-...G3wZuZ.m/.q.f.pY{<....~q.B...F...<...m.I{.B.Rf.3.;,.....V.......%R.1....".`=..&.t.....;C&w....]..6&q...Qq*.....tc../

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701100v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F0EF764E972FE25F1E0237975D9430C3
          SHA1:CC5EA5430A5B477A5D8AFE2700AC6238B0A81EE1
          SHA-256:EEE101FCD85A5D3C7491597B1FB5A463723397FE06413669767186A314ED3F0D
          SHA-512:F10516A22C6216526DAA01A50865805A7E74FBE6BC5933CF586060D32695BA017A7E6853F927465D1E330D5FAC97CEAA702EEACBCA25C3E00F693CA836985B09
          Malicious:false
          Reputation:unknown
          Preview:<?xml_J...@4+....t.>xVT..#...G)..9..@...ya..q..B[9..^sU.......i.%..t.Z.$M{.7.1.R<M.F...5Jm<..... .L.W\/.v....z...bC.E..K.11.w.X.D.x"yf.....N..)..U8j..dHG.....{![.i.s/.@!.eG.@...).0.....AT..:.hi...`..UL.....[..-./.._w1..LU.l..7....y..HU.Z..zRg9...'...'...[H8.:l........v..&=.m ...#o..u.0....M..z.....t.N_=..)....0?L....5.....r..9l.}.....5.l.45..4.J.U0...lM......]_$..{.....E...QQ..i.<.L*.G.!......Qi'.....o..IU{.4B.ts.b...e..[B.t8Z...}.F..7q9....^.c.b.pd..U...%....K9...Yn..G.;.....*.6......<...=.%g.o..1...Hr...z..j...:..v.^.03.l.z.{..1-.+..4'|:{.....y..u...BN...`.....PX9.....j........L...`.OESlz..x...Xy......>I`.I?p.K...1..>.JC....?.....k./.3<..t...A.J.Lr.....%g..}.U.].U..2..U..:..D......<.....p..m.g.*~.~....%z5]...+.A.Ow!...B_....pk(@.J.Q[..H{...?..}&........Hu...2~..e.w....H.......Q.:...w...D.&.....<...B..N.@.1...wE......3...U<.....3.lEvv@.$j...Z;"k..f.Yj-...J-.hI..#.2...h"bQ.e.......#.].!=-....:-KD...cr{.....).....B...heZ6nKx.t.}usI

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701101v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7A75D7E55BBBF9DB03E4E8CED23372FE
          SHA1:098FD4F7553434E0F797161FA13295023CD21C08
          SHA-256:69567CB3678337587FD10E4275D78E54D9648B972A1DDD450881E6ABC2501ED7
          SHA-512:D14B666FAC34B6CDE9F626C8C2F644D383A2DD83DD0E7B804281EF7A9BF5E71531130079803DED8D7690B5D2E2EA77551DA6E9B2F51DD49688FB23E49A10DD9F
          Malicious:false
          Reputation:unknown
          Preview:<?xmlv..k...]!.o.y~..cGm...v.#dn6>.>..Y._AM...u=.{..N~U.....L_.\A'.A..l5..;.N..7,.X.a........W....o..o.PJ..k.q.k-...pH=..O...5.UCl....*P...C.J8..1...R........o...!..s.....`.*.W...fi....a....7..#..K-2..=.J....{8b.h.h_y..m/9..I.6p@...8.?@...(....bR........+Ce".OI.x.......4k..7<.j.ugs..a...~KC!..".E/B'.|}r.!.......Z.i...(...R.........=.........`y.m...e........]*5.e.+.%L..1...}....}.`..cs....b.....6~0t.y9..m?Y.*IeJ..]j..?9J{..Uy...n.^.....<.r.....J...5..@.r...0n.B..;....*!....3<.....i..o.......k:.R.,.u.......=..,~Q./Te...0r...Rx...<.V......r..j..|.Y.~.;'...L]......*&......kb"..KGS..,.D[.(..g......(#^ .W:=..!.S+aA;..L].Lm..{....L..OR6....;.....1K..`g..kI.4!z.xnUT.D..hGb!...6..3.$..=.U[F...^....RM.......XY2_1.!...J..}x)....g..s..{..?.G..1.o..J.a.....t%h....4Z.........`c.....X..=..lW..|F.$.B.}.._s..*.%..?A*..v.....o.y..$.c_o..@..=..xC......t..J>.ty...v.SB...6)R.........u.dw...<C..r.|..-..,W7.....@...s......".x..A..]TG..>.4.5Z......<i...J......s.

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701150v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:69C9BC80BAB4F5A371C3E2AE1FE92516
          SHA1:36836EF61AABDD67F7EB9FD22FF2689D9188BE71
          SHA-256:5275D009A5F9A794241AE4559666C661A2663F2FD68DD1AD8AA58C453BD8E24A
          SHA-512:A93C64202309E0A77E777B50BAA160ECF261D24B45B10508525C72C0DC73A0BF6842288FB124D1C81581B4E2D8BF1F8A833738BFE3A0B228545A1C23F58E5184
          Malicious:false
          Reputation:unknown
          Preview:<?xml^.7Qv....Ej.....e&:..d'?...I..0.|v...t..L.d.....W.Zs..!..W.0;.1f+^I!...m.k.).8!):BZNCO...-.....B..~.B..|..#.#....g..f...."=..@....u..?*.....el.x..W..._2w.L..A...R...B.?&.....r.Y6...,...p4.U<.>>.8......^..M%...c..qS.z.&0.....}B.N....N...CT..?...4Jk.V.\G....E.]T.T...1.xc.f.\..<....f|..u..k.M".h]J_.a.d.|,..H..e.a.....R..k\7..J...a.i...U......?.%.!M.>.(......2i[..r..u^b..C=...$..0....Mr...n.V...,5._.<..>/c|......)Z.UX{g........J.r.n....i..*..G..@a.....F...T..e@.t....y(.y.......7.;.....`...YJ.&.P8|.@4..*...UJ.e..........l..........9.D`...F.0^.........j]. 7.........N.....^}i.Je..n.".....i.C.M.Hl.........n.@q...Q..Ga...&..-...lM?...e.+..`}.x....n.V.A)-.k&.B0.P.\.........x...F.+...V......y.....2Pm...l..V...Bh.......k..L....5...._.@.....).Bi.P......G..g.....!..s..v.....HaI.eT..7..Z`A..l.1o.r.]...W+.m..*.=Fg..{.3....ZL...W1......j9.w...e....=[..*}\2k".....f:.0.8A.._%.%1.Gtk-...Wxdx..n.lB...n7k..Z*$..J.&o..{_H.!....q{0....x..\y.=.[...

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701151v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6715E7FE8C000B99C09B17C080A4F6AC
          SHA1:8D87CA9EA2605AA6C3BF11A4DDBD7F41EE0814DB
          SHA-256:94043B236434F3C6CCBB38C94537941272ACEA9D598984999BCC8CC5CFA72CFD
          SHA-512:5CCCD18B4CD5B8F31FE8F2D599964D5940ECC8C578DEF41CD543A9EE4951EF45ADFD4532EC9E68BB6C6D1D7C495B76E3BDB2587CA66682E4D54C77C56C55EBF0
          Malicious:false
          Reputation:unknown
          Preview:<?xmlr..6zE..EUe..4..g..F...k.'..P.'...P..W....`4..:.vK.\.%}.E......;X.@.....-...o.L`....q..u.F.m.l.0.u...y.<.....SF.aV&.I.....`..O.p....W.8W.<....NK.C.T..xx.(,v.!%&$T....L.z...@$.......#...eC...@~..K\..............#F9.......+.#.1/..!......Q...........x.L.F.G...+,.+s.........%...0.s.Y................93.s.>..;(>...#.6....L..9..p..D....~A..[..p.s...Mzr..V.a.. ...i.>.i....Y0...RNC4o.../.l..t1...).5.......l...I.8..r.....t......F;&$.r.z..VY.,.P...8x..u."W..D.|..F.n7W...<vBM....C}.....+.k.....^.vN.Js...6...nw...#...b....8.p..a.......<......B=..F.Y....H;..Y.....x..wS.`....W..w.....|p..6EM.=....t....>..Ahe.."7W.dR,}..2..%].....=...(..J...~9C.7...k.Vov.`C.~..[.<.V..|..P.)"....tV....O.6.S......H...K..S.E..}/.o9".JV...?.../N.........[.W.`R.......v.N%....-.t.bP.Ih8'..F3..j{G.q~,<b.....J7.....mQ.|.c+..Hz.Y.'h.v.G.T....X......&.T......_.n.".?..2....g.....r..,.c....3.9.......~.......X.&..U.....P....X...X.4..O7..n.9;.d.....+..-.....k.../.{...?{....'o.^

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule701200v1.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E93984716EAA196E0BA4266273C21364
          SHA1:201F176F204BF2A5AD9A8E9903A02BBFC716F51B
          SHA-256:B866D4E84CCA0E339D495EE88CFE1EE0681627EEA7B36A144FAE88B2E7861200
          SHA-512:2CB9119D8C33FC6FA779D5BDA997219F78CD5F6E0C1F3A1CCF94B4C423FBF0C282437DA0F305E1AD7182BCCABBB1A3F0DAB5C010206EBDB942170457DB9932F0
          Malicious:false
          Reputation:unknown
          Preview:<?xml......z..).P.....|\AP..../.\..i...5 cx$f?..].k.w....$.h.5..p.i....../.Osw....7N?y..........y..%E..G|.......U...eO.o#.....$.$..B2...gp......n..s?8t*..dhcL....]..B.......W...*...?.>$.Ak....._S..n............G...M,8.V..c.eA#.......3d.EK.<.....e...q-....k......A...B.....c....R....uu...X.....v>.....b..$...?...%.........1.5..F.A.........!~/8...Zx.C.<../..~..X...t.3...5.d...uxJ.3..c.Yq...S.z..%...0.3.!H.(N..m.0.D...........&...7..&.@@..@...A..=...}O.....".._......"{.Q(O.%.....6...l4z.d@g.<..;I.1..?.i..Tik....\.?...0.....N.]..x31..Fs....._.>mPn./....f.s.<.6_r..d..R;.....0.....Bz...,9[.w......u..j:8..:x...'...@o.e...........[...o2........W..J.B...2.u..[3....moE.:n[G.j... ..aI..K..~......3B..8..am.wz.#..v.8.ph.40.Q..T.......$V.7._".h........J.-....x..1.&e..6...3....8.8]..b.77.........&Q..|-.3Be.Z.........}....1.S>Mt...tU....[.vb...k.g......:.Y.....x..[...pK....sfQ..$..q8(.N...5Z|..s7.w...j=6.|.2:/ A.B..b.......d...p.d.!.4et-.-0.B.]....;O/

          C:\Users\user\Local Settings\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3998849CE61540BA262CA9B720DDB6A8
          SHA1:E1F16ADB346A5DAFB6AD45E07EF8B9E32547EB53
          SHA-256:190285AFB5EF2BEC4783D577773E41B3F69CF4FB14F39BB818EDA42333857E60
          SHA-512:DD15DE2C4A2EB5134C25E6BEC4A34B8A70FD738ADCFA758B1C08FA4FA3AD1B3131158C2D86D372D71E38CEF8494944640D5CEF4EEB340E860B55143EBDE7F778
          Malicious:false
          Reputation:unknown
          Preview:<Rule...d.*....[.`..E....g....v.#....O..%%...S...38.d3i.J.z.&...m05.?#1.Y....oO..Q1..`(.#.....~O#6)...V....i9[...z.iSO._..@$.YT..uh].,@...L..wh^x..q..`......).7v...z............C.r.Qu..9.5ik+....23!/....z.4.....W.....3%.Bb..X.K..>M`B.^.%.....'...So*,o#ZW..{Yg...q.u..)...<"H..m...a..........^l?.e..,V)?>'.A.i5.s.7..w.#.l...Ni...<..X..R]7..w........`..-..W.0....N^WG.G...K%#quw..0....X2<@...g......b...%..E.z.....gZ...DAM..{....u.....l.....0.K.*..}.<J.X.B.C.Y5'.....c.. d. .+!..;..T.0...XX1.H...{|.1.0.H....-X.6..;.G...0@..r....b.y......H#.AK.i2...........a.y...\s....(...G_.w.y...l...}!l1\. ..;4....OlyB._51..~4E..ij..%...r......d.n.{kw"..i...D+.:g..hP...J;_.}.Ux]TnQ..6A]m............M..EHs......a.P.....3...Gj..........k.sJ.`..Zd.zLa..B.Ml&.R...*1YF'..X.7._B.L.......O@k..f.....76$1#..>$B42...`}..q[?.xn|G.....S....V1..O.{..a9.....?.:F......S1.Ql/yb.t.....A...f...ks....`.Q..$...]=..>...=....c.!.u7{...#.....P$O~!Up...L.6...7.....q.5.)......

          C:\Users\user\Local Settings\Microsoft\Office\Features\1-7FeatureCache.txt.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:894D80888E8C2EEEDF1E589D7689F6D0
          SHA1:D40E17544576FDF812C79AEA9D7093F8E13A2408
          SHA-256:B3933F789F63D90FD63B9C0898A5D30335D1720AF64B77C77C1D8EB149DEB0D7
          SHA-512:53D3067FC3AC3F6B06F0A64CEEA7B88AC9963327D42A7AF4B1C7BE441F183CFCD06EB96FC0C67D8796DADC5AE953F5FCB3A1192D7B6E8AE0522527C058C30468
          Malicious:false
          Reputation:unknown
          Preview:3.7.4.aG........C.6.3G...s.........@.F..5....1,..\.w..K.D~.u.rP.&D.o1...c.......&.jM0....d.r..^..N..o...]..o....J.B.._..*.A....GL.U.L.}&s..>..P+v..&....'.5.i....K.D.D...........Py.......q.4...=/q`....t..w...%V.OT..}.D.VS.[...f*.)l]...1.....Bb.>{:.......__...o......>@.*..D5.?..>..R.v.n...6...}H.R...7...d.6.....F....LF.1.`).z.........._..AT.`...B:....C...y.[.V...\[..*.t2.5.D...<mv...< {#..$4%.U2)...$Y.....k..SH..*,L%x..._..E.c....aW.....S..Iy>.Q.v.Vc..).(0..Y.S.#{2..W..J...4!..?~I..Z.S........#.l@}.[..3.fA..u.?.~c..g.............z]..>...g.S.u.Z...!..i\.Z.@.^.P.8.#Tc..J.@.z..=3......v.......>..X.....T..Ec.V ....zt...+a.yJ..b>\......c...g..A.....Wq.....y0..aM.%..t..u...[....g.>l..l.\.5Ij...%....o...4J...b5.@K.c..@.q ...4..........U...|.|..a..y\.V.[N.58.g6..A..>.....I4...P."<.U.......W...M.O...=].W..^A...../`..T...4....E+..\....Wn.{cn.[..E.^r._Wc......Q.Ff.i:....e..E.h..Q\. ....[. J\...,6....FO..0B..S.?...h..~..q..._.....D-!z\..u^x.%RE\.*^

          C:\Users\user\Local Settings\Microsoft\Office\OTele\excel.exe.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:21578B794CCDA68AADF652555180184A
          SHA1:551B4A871FF19DF17FFEC4F2B3F6217B04A5CD5B
          SHA-256:F0577C95A2EAD2BA1D8E2AC1C231B10B0EDAD636B26850D60FAF7E9E84D411A5
          SHA-512:5253E25BB18FAADD1D7C73842A319F5EEBB63FCC197FF7B6E00A04454ACDD8CDA3532D1F63A9FF4A08B5C562C280B9F56CD4DCA62A7E8EE06209BECBA1381D64
          Malicious:false
          Reputation:unknown
          Preview:SQLit.%...$...rT.1...N%.'QZ..4./.T..)........@LW.x.C.<..;..?(....++..d'Co.L.I......i_.g-(.)..?.*.=....d...0..^..&...\.#2..S.S.|^.....e.Y-..sT.(...U.<......_.l6.....x..M .[...af9OE.....Q3...........F.Y.|...n.........4..%.ck..z. ICr..............Cz......b>d.I/..w...&d@@....9..0.Q..8.....k.ag..,...|.../.v.S....q.2.s.......__[{.....><.s.......>T....J...`..MZ>S....4.G.<.5..V.CZ.DE......."ji..uA...?e.u/.f..p..D.o.R....d...>.I....x..[....e_...J.k...Q....3}A....2..8.........;..,..wl.3+..z....@Kd...g.7*.1...F{..a....A=2a.(..%HN.^.,%?.x....X;..qk....p..0..Hi....3..I..RB.......@^...G....0.{......Vh..EY:..#.....`...#..V.y.a......$.7.w.j.>m..+...........x T....=}..a...}fx~.Z.A.0...q.C..+.&...S..6k@X..f.*..1..........~.O..............b...V.jh..`." ./...!/Q%RK.G.T......j..?...k..d..7...../.HgJ...G.y..~....C.....YG.i.{<..h6..+*zk.=..8.{$D^vJP&...?.f.....f.......Cf.xB.+.....?...X.b@l..`...kj.../..J.A.!.R.....w.ND....j.vW.6.........p.<.b....R..A.-

          C:\Users\user\Local Settings\Microsoft\Office\OTele\officec2rclient.exe.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0E383BA898A5FDEF379384C241787832
          SHA1:D6728EB0511E96843FAB1B956959A852239AFC79
          SHA-256:8211960FF82FD8BF4D956114FA3082EC5658AB0315EC0B758E847BD0219E0E88
          SHA-512:9C1B31C05119A3624A6023D7408C0514E0D48CE79BFC322B3E028E6DCA4A756F25B48F282889333D755351A9ACFF41AFB91A6432D3169E1E9CFF803A68EE6EE2
          Malicious:false
          Reputation:unknown
          Preview:SQLit.'n....,_t........X%@..hh..T..}.%........h.........$q..1..iS3S.9x..#]".8...i.....6...S....l..s+<{....6.+'I9f.LK|....D.C.=7:.......A..p.h....t...}eW.-1djb)&.j8tk.]..,R6...N...X......X..KY.....h.=u.....G....8U$.M.......tHZ...}.P..Y.../.p;1,.W~.."B.X4........E;.&..D..44..(..]6.a..#....<b.(..XcmE.*w..-.....a|.c..s.&...m.{.d.@....L.5.a*...&.vJ.L.7m.. .c.....Z.^u.DJ`.&z....]NB..(.u..).A...2.*,...s.?.C..C6*..%...7y..Pe..Ap...W............B...jr.....#.....).x.'...O...OW!.s.<.......RDi..,K..|$.Qi..O.r..$..L.t27..P>4..zxa...S..C.R(..{.....)M....m..])..cB<....Hb.=...D.....z..\.h.HA-.......~r....#..$.....{.^&a.k...W....d....W..4....J4T..#AS.."O.7..O...y.C.P.T....8.y.........@R.=...Vj....X'.MM........4.c*.n.1..8.Q.....4...yU....)4@.B......x...m...;.}..r>.79..B.....Mx.8V{.ZP.d.7...P..T.Q....C?..@.N.|......kw.......*9........I..s|..a3r.}!.....l.....(...q~.I....Q41\.R.g..E;|.......V[.;..s.E..x..*t.......).....k;.....nzF.....9.G.1;......R@..g

          C:\Users\user\Local Settings\Microsoft\Office\OTele\officeclicktorun.exe.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E518F8CCAFC147A3D9F2D6FA119F36FE
          SHA1:19865E92E98D2678D418D5397BDB87885F179123
          SHA-256:4B82A30DC4EBFF3F45AC11A1B4682BA76E51E27042B24D3CC1160D4641CA07BA
          SHA-512:057B7D2024CD8F5AC5AE73D93AA738814A7F0783DAFF4E6158BA4ABDB050945D10E85662F6530A096EEC69F96C917E40DE835111975B801DB49BE96E91BAB735
          Malicious:false
          Reputation:unknown
          Preview:SQLit;...%......W.wmN=..+.'J..g.n....4.f....y.u.......&m-...f~,..c..k*.`.FGp..\...ey......,..MF..o....U|.....]v..`V.Ob.~.Q..R.Fm..v.V.in?..Ma]....R....7/)...=...,......LW......V.R..t....P.,.;.S...2._q......gKW@:<..8.X9n.E...L.}.8.?....p...............v.._.?1.p......W..`...Avf.R.....`8'F.J.H.)..T.4[....$..S.v.U.....'..+J...6}.8j.pE]{.98......&3V..*K.}..CG...lo=..._...v.*.<VN...`.............hx..G....B.y.-....n\..P.......N];e.5ab;.%...{d.v..y...tg..1c/.Gs..&T.{&."..Pj8...E..|(...m|..........xq$.@....zuC.$...J.b...D.m.L../..%....g).......rJ..d.1.idB.B.t..Z.y........}....$...{.W.2..#L.6U..@vR.q.,..C.s...&i..>.T....>...2..!....sh.V!m@.?..77..T...x...S...Ju:6..-..D.KR8.%....`..$.#F...J...k2..de........3P..U..IG..5..$.vK..w....#...lZ,.w.q.E..)yt.....x.1.A.'*.L.y.E[...%.5_.dm...1.")......\nS..K(O?~r.<."...d_Kr..ns....g.*....8.f...+...K.p.M...Cl...+mub...W../c.M.Eu@..)!W.5.wv..Ik.B......T1..'I.......F.(..-..3:$1........*...L!.y......vu.

          C:\Users\user\Local Settings\Microsoft\Office\OTele\officesetup.exe.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3324C807F60E815CF7687ED3016F5835
          SHA1:089B9D6587F3C6F2358590DE67FBF5890BE8F943
          SHA-256:A2653A46A658AB79D5F8A712587B877375A151B60CE1BD0AF35BF84EAF831DCF
          SHA-512:DA09B79E8715AA80C75B389A49C178B464BADF0A0EA201B0B36BF529B320898BB9831EC72D9D9A6FB4F8BADEE92004A0CC727B1917F0A9C087C0080361CF11E1
          Malicious:false
          Reputation:unknown
          Preview:SQLit2...2(.]M...a]v.Q...I...aD... A....WY......Ha.|.|.l..9.{...c>MY.'.3..;oRf.U~...x.d.Z.....(.9...b....M=.".t..|?...Gk..d.D.b...'<.4.6.)j{..M3l......f.A.....B..}..>u...=.#.u........q..*.l94S>.\..g.}P..\.-J...U.2..p..M.9.~...+.kPf....M.^f..l.8.O...x~"beD...m....F....E.B.@QU..b'....c....&..W.....K......$T=F......EY.x....7.0..P(.4~..Htk....O..d.Wp.m?AZ..Y.......o.....(.O.k.A...R....3a..K.t.$.Sz3lGU...f..+_..{^0.x..9..q....P...t..r.)....26....l.n..\.Q_.@....#;BOT.+`\.Y.ivv.15...V..V...k.y.T*.:...K,....8~....b6...Xc.....M.rn........r..K6..O.......y6l%...e...h.~...6..qB...i.>.k.w..2.i..]-...Y...I6.....u..#8.x*.OH...V.r.6..1.&o{..n.3n.....+..../.'..p~Ec...fG..Y.3...=..+_...W.S.......6T.L@A..\............(.t.Ox.&.l....4.oq.G.:...MX,...McjB#....].l{...l.-lW.YJ}l.. 6*P.l....4.....<F3..t..M.1|6..gg.....Z.2....=...4..."...k...l.6.w.F.a....z..5d..Rw.....O..y..EJ#.O.k3dQ.m.J..f..P~.......S.X..7;..v..Q.?.\...8.H.j.E.S...............a.H..".

          C:\Users\user\Local Settings\Microsoft\PenWorkspace\DiscoverCacheData.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:BCAB451D737F0DFB3B050DF5DD9B17E7
          SHA1:1EAEE03721A130EC6DB5FDE3DE350F3880DDA99B
          SHA-256:72BD3CDA7E680837C8BC2D06E03FC2CAD16E6D8A611AE29A8FA8DA3A1707A24A
          SHA-512:511590362AF101C8FA81705EA1E4B989D2F20B6D0A62D3B6634B0A2A992D43506C179DEBC9B2CD8EA0F5F4ADC5C698C88307EE1B6895C22996E83837903ED513
          Malicious:false
          Reputation:unknown
          Preview:{"ReciJ..=J...pnCs..J.[.>.\.O.a.X.M....U...I..#..S^.y.)~.m$......:.m.~Wna..*rG`....<..L.pB...g.!X$..7B..%....h..sj.../.U8.%3W,.6...}S..3........k....@.hvU0.#.U..Ufn._..GF.f.......|.`Jx...Z.......0.#F7..,..^..p.;&M..W...bAV......R.VR...... f..x....!4...i.7.j...X.../j....].e....Z0..AY(..........|8p...8...5.A....x].....F..|.;........m.-<.,...9*m.`";.vt.. .w.....IXB..9..7........p..<.ZJ.|..0..)lMC..........r..Y.`.6......dOWh ....u..]...H8....b...-@.t....Ot..^.....CGG..K.Z.K.....f.2(U.......6.=v...bsw.0.'..f_.Lj...n#..(....L...{.V.ke...'.hn.X...7.,&u.2..9*.G.=...o.ls..b..X.a$...:.).......@.~_o.2.W[..../.:..*.S+.|p.S.....8 .U.....$...m.U..M[..$.y..%h.,.x.=P.9...~x,....B..T...C.BdQm.....m.}....3.z.ZX.<EQ.~ .p...J^\g.J...:kzA..l..]Fi.lG.zz...wyX|.a.fF.SZ.C.u..q....gp...=Z.q.^...v...}b0? C...0.......#.7........T..1.U.T...w...#...l<..W..5.5.@.<...jgN....*....C.0..b".......Qr.pN9.....p.Q..Y..f.D.?e6...7...%0.m>'..a..wt...4...(..]...7G......7.{...

          C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C33A7E89671AC5B880AE34696661234C
          SHA1:0E2281322ED99F1DD85515251DBB04019DF69877
          SHA-256:47AB1F0E65809C2955961F14B3DB5A5B1350C735D2C93E09F4F9C0C587FC1D7F
          SHA-512:BAB8E74B651A0DF6A1CA14B43B5EB86560EBEAB493EC706B322284042F4B7AC75F5609372EF4DBB5B0D2F6D7EBD7B9983BA6774EFEACEFFDF01F6C8A7A86F91F
          Malicious:false
          Reputation:unknown
          Preview:{.".T%...k......wQ'.pA..#..a...V...G..1.G.q.%HK....m..'H.d.je.h(...e.....z..s..T~..p.g..N.R~.EZ.......d.0r...Ab..h....y.......*.....)x..............v..X.y.-.I'.X.E.?....AO../^...A..X+v.X.E.5..X.v....iA.+. .B.e\9.p<Oe2.L.........(...6.......*.[.ez.';.D.%s.7E...y...+.uk.{....J6s.....s./..!.&vD...!.v.r.=..M2y:..x.i.d....+$.o.w.3m...S.u.e..|$l..e...|.}..*.....`.FAG....I..9Qq...N..x....8....}.h..]Z.C..p.............z...[j!T._........]M...H[.....J..d~J.w...F;.B...|..%>...j.h...L.z.~....b..w.nK..J.{.N...|d...bC.p...-...$...-....O...[...=..b]......T.......B..i.....W...q.V..4......*.t.@.C....6......<...yT....F..t.....#Wz.....2......l]2...Z....Ix.....;%`K}QX...1.5.Y.b..eg.=...*4z^.5....9.<.:.YD..J{.g..+......T.C.*kt-..=J..........x.....X.H...>..3.......z.n.....^U.{.....II..4...(..*.l..o.........B.X.A...5...*..D.k{.N.t.1T....F....W.l.0..^3...p.k.Z#..~...........?.]]...s...........S,.t..'A.A.....vk$@.NH.0..c...j.G..:j@.vx.<.

          C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:96D34C58FA355D66B3664B5E1216F323
          SHA1:6E255BF74ED455C21E777933461EFC45878A100E
          SHA-256:7F5C87EE32D5EAA973E94BBCA899D8F1DAC3B80FFE1749F8D1E0C45B49CE12EC
          SHA-512:8D6E27A912D2A3AA3625D0845914C701D8141AC6E1A264A8900FB230D3257CFA886C5D4ED6772693AEE94767517F7B3EFDCACDAA743223989BFFCA8BA239A18A
          Malicious:false
          Reputation:unknown
          Preview:{.".T..E.5Bv!F.,r......{..w..4..c.......H....BhNH.......V..F......$.u.%v.Ob.....QG....b...>".qT.....B...X.Vo.M.`.i.EH..90..d.?cc...h.8..].KR,.".J...4..Z[.AQ.*....Lq.S..<.......2z.3!..>...z...m..i..|.=.*.^...........J.U.9B..}..u.....E....0/.cXoM&c...=.n...<.n.R..OdV.f.M1.yt.dl.....d.x$.>.p..@...RP.(...e.......0....k,t..]......`.{..5.&(.7.p.. ..tnl...5...XzU.O.G..G../r.u.F.^Z..)...e...W"...Cy|.....,.h....|if...$#..Kt....>Hn.SCUM..V s...GMuS...it.....@..8PS.U....kP.N.F..N..v.}..\Z..Z......].Ak./xM....X.K...G..NA...V\.....].....t.....7........a..B.`t.I.H...N...c.)...n..A........C.:[.v$....}.B....3..>U....q.{..w.ry...zW.....y...*Z..u.%.%.C.d';H.Y.3[.g..=.r..V..'I...L...BF.....w.c.gI.ea...s.M.........C....a..3...u ..u....X...VV1......i<..*.....m....t..F..........._.a8.r*...s..IE..U......<.K..Z..i.W..d.g..id'......Lx.A..G<.,...n....]x._.g&.$..)C..4.v.6....?...@.Q..?&.u.8.J.$9...I....qiX.(.&.Oh.D(......K....#..DPt....,Og[{....[Z.n.,s....g7....).e..7

          C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:BED713D73C067E012C94DDEDB7A7B6C8
          SHA1:91659EEEB36495E7153D0B90663C44CB56DA54DC
          SHA-256:93442A3AE58B5D3E7C1138B3059017D5B46C55F3CC77D0FA907DBD602202F418
          SHA-512:9D3F5B4393DED15F67AEB4BA0345FCC78066C6FF7AEEC588420452E4B8374495FC936B6FB8FD636F59334D6962619D0BA4110438822C5D8830F3F73FA8ACA2A4
          Malicious:false
          Reputation:unknown
          Preview:{.".T.T.........a.Z.bp..b.H...=TGdetf.Gh...-....x>...u........;..q}U....z..3...Nc......G....f.^ ....#*i...S..[A.....4.xr...........b'.E...U...H...yS...j.$.[!(.Ge..0.."MF_.._......."...w.......1...|...#..a.6.*. .md.k."..m;k.R..UF.g.9}.!.....q..q...u....X..xQV..$..M...%...].1.;..O...;..L 3...s.))e.....79.bS.qd.....Tc..;.!V..3.i..4..$.0/.(.|C.&!.. b.._.......3l.z(H.P.....!.8..Q....\D.@^6.....Z....a..=.>.kk.R.|/TkwU.....}.c%.l.I.....u..U..u.JE.5...%p..+FB..a...-42.O.%.....Y!..M;..3.7.+..v...z..f-....Jt+..7...p...q..I.W.I. ..<T....dg....|.i.c..S.8J...}..5.v.C.z.T..c5.y....=#...Z..y.I.").....e.vu....;.....p_...RS.,Y...a......4...k2Ew./.)d..........6..l..].J7.7HG,g.;...hA.*.R}.../..0.U..^L. tP}.N..Q..vr..O...&...n?.q.J.X...X.........l3..8.. .E.l.Wb ...G"J..T.....b....7....H|...f.4C$..{.....%T...^..M....[.hv. 9..SY....i....=&.3...B`0.......yp........o..x.Kc....3.SX'../-s.m.E.o....;.>............F.`.e1.[..5.1..%2.]............k.\8....I..%G..x.`..

          C:\Users\user\Local Settings\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:16FA80D36E38308D2B59C182C5EDA31B
          SHA1:117D91797FB6E92918FD3C29B17BFF11C2799FDA
          SHA-256:BEC95C61038012D9D6A80486FF23C979AB17823D48CD691CB449F29C398319CF
          SHA-512:D7993A46A15E8B80207B24C02A9D7BF3D143951995CAED0C94ABF229A03B7B1C232DD39F6B0E8C98345887A5B5CE65A55CE61E0065297B4E3ACD1D6A1905FA62
          Malicious:false
          Reputation:unknown
          Preview:{.".Ts`.LO......nD..:.....Q=.o....@..H........R.vF?.[..;HH+.e.S.*...Bh.r..jO.C...*W..9..WU..n,....."...Pn......2U.*d._..:..e<I.i.}....l...y.\\.s6.al..(.^.Pb...I.P...........n..O...s.U..ww.7b.ER@j...v....wq...........OXRhy2..m.w..|c.F.......)i\.ll.......!.^...-..*..h.p.hI..8V:.}..J.....%I....r..0....T....M...).A.B..,gX..Wf...A....D)..6..`....f.6.S8..............}VG-e..J.;.......~.~d(.....q.65..c-.Ce.?....t...n..!...O.D...Q5.t.h>y.............Y.&..B.%..X..+?K....V...//../7D..{V.t..V.jdE.....u.N.W...1Dx. v.C..{4.n:...?..+d..T. .|.b.....P.6...f......{.H.0.vA.....hJn..cy..@:.V./.KeP.*.w.....]..5.5q&.!b....(]..z..M..p.....PI.......x....&g.....%]{.....E...-.jI..w.)-~...{..L..3...3A.F......+b..$J.W.J'h.......v....(9U......z..j.=m.*.EOa.I.......(........~..3..P$L..lf\...f.D*..-.l.1$c.u..d...n..x*..$F|u..L..?......M..G@...~....@O.... .x1.>..",...:.6.?......".........1..*.[.A2......U....L.......t'.f....i.e.6.}B.. ....K.....)@,..^Px..y.5.i?........

          C:\Users\user\Local Settings\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\Policy.vpol.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A8E2BE28EB8C40D73BD6D947D1A5AA54
          SHA1:C359FA65A0FA3A384C678EC3517AD030955D4319
          SHA-256:62B0CC8821C83D84FD771365EB531CD022B70F69EC68CD44043BF72D14B3F5DF
          SHA-512:D143DA19A146A3EBE0DA3E7EF083207FBA3EAA45942670FD7E04091969DFAAA9FBA92247AE9A6BB84180A851EA5CB4E6F022FEB5D83DC14A91873D435FDE36E7
          Malicious:false
          Reputation:unknown
          Preview:....B............t.. .......W:d....a...Tg.G.0.-Gk........]..?Fv..w..O...la..Q.."...l...H.mW6}...|..jL.....t..9.%....~<O.c..^l?..8...\..+..C../&....7&-...O.yC+..ZE...K.e.w....>?.".....tu.qS"..x..2...%x..G...U...........T.b<%].~b.+."2..Tl....5....8.._~..|=|wy.."..n..\.8<u].....b..hl.1.x.pe.F '.E...Q.<4C=.+,....U#\.p.].k.P..R...........%r.-nR...S.Uo1..._&C..X...d...L.....@.M..Hz.I..a..!.....c;...6<.av?.r..U...=...+..Z..M.xPh.&...;.x.C"}z.`..]......5.:......"h.-....n.&....;yz.q.i..BC.O\.....%>..T..........]g.i7.......?t.!*.A7.8.H....m...Wa..IpI....g.'..B?j=.@...e8 `.~?.*.....I._.F6kHl.."u..%'.y.k[*.]..9....Hj.l..-+..S.."F.(..].....6..VMC..V..q.H..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\2057\StructuredQuerySchema.bin.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:558418236A708EB21C80C4F97D2E57CB
          SHA1:6EC4FBEF207E3085453FA5ADF7C16FC66C7B1974
          SHA-256:F174F440F1E8FF08D36F927242574890329A398D09FD91C218EB0EDAC4773A36
          SHA-512:EC512AEB06AF13F442384CB4035D33A701D260A0600A605FB9E7DF6A8064B93D1E8772E77F188C05910C325405E4B813047200E0879F04840E34EBF4DCD52983
          Malicious:false
          Reputation:unknown
          Preview:...P..'P.@...m...JbK..2.(..^.\...C.y...7.}......a.M........Z1J.P.._d...`...b......(..9.z...8)/....R..tv.R...t.L.).\..Yc.gV#F........,.$.5Q.R6#...<?..]%..Q.xQ.._...5....._.ki.qs...I..V.M..X5.G8....w...w?.L...K?....no1......_.._..|..~-?4d..k==..u ..L.,.Tk..jQ .e....JpT.........P.]..i....8Q......9g...@yu.......z.X.6...l?|L{..Y..$$,.k.&m.4f.u.^r(..C.jI..]....>.d...p.H.Y.!. .i2S.."g.=........2H.!.E"/<.............|f....q......R.O..7.N.../sd.w.|......x(q.r_....k........t.e..o......PV.W}]........".:.... .~.0nU.fz..E.....KR..H..>EBH..i.Q.2..^c7.....5.XD...a.R.......).Zv$i.;4.u..&.C..$..H....n.d.y%.........p....S^.Aw..C.1.<a&2...z"QVy#Z......sRb..p.......^.}.X.....f....c..d.a.e.y.M\...JnwL.7.~.a{#,a.~.R:.6.Eu..19(1m.L..f...N].....d....W.e=..o...}.....W...~8..Z.8..x...#..W.ip.}.s.| )..."T.0|6G....<...........G.ge_.SSto.O.K.ux...}9.o!.l.'T.#5..?.......(........f......pL._.<J^...+h........Z.....}.W..s.....!,*...a...($JM.+m..>...9..m.=..'.4g.0..k....t.

          C:\Users\user\Local Settings\Microsoft\Windows\Caches\cversions.1.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C3C22BFA461F78E9A2D22E1B4A9DD2BB
          SHA1:6EDF9145898E594071622C5540DEFFCB3B4B2DE7
          SHA-256:A1973BF02ADCCE3DAB5FCD0F32E4BF2BF13B7F4D419A8BCDF5A1A637D3D80903
          SHA-512:C468EF0170AA8FA6F50901437E388D57F44BBD19E3B5E484758B17196CAC8CE370AFE9B0311D717A852573872EEBCF87B882AC1AA47A4365AA56788CDD2EF7B0
          Malicious:false
          Reputation:unknown
          Preview:.... ..>.s....."..`....`...4...kbI."...9........]^~.C..p..4..6.......V.X.81...8.. ..o..,.%...r.fC.[1.... .......]W..<..g.c.]..W.....v..P."Z.:fp...(_.!....\...;k...fcXb.]......:G.l..8.<...+.C.d./...................;..U..*b$..}...*/..kKSmU..q......z...A?...H.:>.En;~6....J..5..2A..gf..z......r..N...Tq...8.....d...-.kf..i#p5l75N...u.3......P..,..N.. .\.......c~.......D.T...0...z.^..xd..K..+.........6..........%6..c.........o_*....Y....Pd.M..n@.....q..t.t<.=...K.".t.,....n.......\z........$3....l.'.s.......f......&....d0...!.......r1N.b.C.9s...Yz1..Z.!..1...*....7....T..........$.1...q0*.s..0^.....)..U....v.*#1.h[...q).:.jx.;,...j.3.@-y......%.#.f...&..n.}mL....k>Q.=.Z~}..~.....0...M."...1l.Qm.:.*/|"P....Z!.... .l.*.N..HGY.k.D.,5^h.}d"v&..c........d..9..GL....D.....}........V.v.%UP..i*..r..+55.5....g.<.p^:....x@l........N..&...\.I......y.fL.`.F.Z..W..=....`.0t..g..[%w.k.........m7....n_......)....?A...PS...G<.....0k.LwH...,.....+..)..

          C:\Users\user\Local Settings\Microsoft\Windows\Caches\cversions.3.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B80A6378473E919467226C88F7015188
          SHA1:7C3476516EE09E4B35D5B4FFC273118E904C17C0
          SHA-256:3047C95E4A9E12D5254EC102C128C405AB0162243A6A8539C744A3CAD53C63EF
          SHA-512:575DCEE801D7807D3FDEE9BE29E9CB979421AF76D3CCF1D21084EE6B2F820192E1346302EA5C3B2CD808200C2A1588ACD47BD6CFF577E0000E015C6D8E3E86B0
          Malicious:false
          Reputation:unknown
          Preview:....`\u."u R.0..V.u9e*:.H.R..;*....g..u.@U.@...... 7F..9..z8L..V.;[.wPI.S3{.p8S........D.....v.:..... S.jKy....hx..2.:..g.si_...vP...Z+......I3....v_..z...1j...\.C."........fx.<....V.S...~..9<.bg<U%.....vb>yi.I.......2x...-......j.Z.c9.k#..{{....e..I|...?,.*.{.L\~.&{.f.....W..>.9..d..9..#........?..K)1_C......4..>d........#@....1>.$hM.....ch....QH.q(O...^*ImsMh06Ja7<...v...x.@..7.Sj.2.&'v..D4zV+......W.9vq.[....0.@..T..:..X7s.`....l..m.>...|M....Z....T.x.....x....7(..d...m..m...(hP..H?...p....%.II)J...d....&v.....`.j@.r..tt.l..A..o,..M.wE......*1-...KWs..T..A..j......L..s...s...W..K...D........e{@$.Nq^....Z.oL.z..xV.u........"..E>..V.n..s..4\.t.E?....p..r..lo+.a..HH...s..#.jq....M......~.D.j=..Wg.....H6..WrQ.H....,C..E.=..M..j...V..}.o.:+...E.>u.XC.3.4{|.u..-....E.)#..("7.......xZ.-..bM./...3a.@....o..4..uB..R'...2lM]]....jB.7............{...:......+.S}.|....r..A\.T a.B../M... .<:..r.|...9a.>y+...OP.~r.v=.=....o.P4.g.m.:...".#'.c{..G

          C:\Users\user\Local Settings\Microsoft\Windows\Caches\{0F504D63-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DE1DB4F0AE5F08EDCA549E231DA3A07A
          SHA1:DE8BC684238DBED9AF1207586F6D795E1932D474
          SHA-256:971D4CAD2490ADCE72F186B405EF4BB1527E0C58273C42EC80D7A4C89D709E6A
          SHA-512:4715588F2243CF630AC9037C2F1A70341065FE1014118D8363F36099735A0E3CCB5FFFB85FC772FA93EF90DAB42B6229C19E138BF0383019FE8653D77C41FF35
          Malicious:false
          Reputation:unknown
          Preview:.w.. ........id^.!......#..U......6....q.,.,..!.k.S..n...'/....Z.Q._......%...:.?u......@U....B.oO.cO,...|.u3.m.DY.R.1s.4xpy.............~.....cX..t.k........9Q.....*....s..v...h~!.,C.....8.~)....F*IAD...Y?V.....y.K...!.."........'.3...!.........Y.%[......{.......qk.^..@QD../..X.(.]P.M,..cp`E.....b...,.Q..2dZ.l8.3....8..##.H.._........ 9.vfr)^..L.....=..O.X..Sm.....{.dMb.k.n.q|.i3G.3.~...,.;..@.$.O....$2oJZ..OY.T..$......~$......6DSm3.x..O....s.........?......I.?.......Y#.......g...4.E.U2..K.....1.....\"be....D)(*.f\.....-.Egc.,...f.xl.......u..[.*.,@..4'...v/..w...W5...W....&.....Z.r..=.......Q@.-,.....#:4i.)HA.5f..W...8.1`r`.....E..Ws.........3.f|.H...G 6x<_=.V.i._...X.n3...#n.!.4..=.........n...>.._l.........j1d...R..Q.y*......L9.{..HY.W..IA...{5Aj.B....5..[....LW.+...A.E....<..%.+.O.I..C<.U;7....i.M...B.r..H$.F..Z7a...45s..v..u..-.S..T.......+.E.j.1K.?.....&BW.v..#.3k..<....H..d.].g.wp>f=".WK.Y..S..X`.....[...k..4~...@?s.....4V.Y

          C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000014.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9E49F78344DDB439E432936C0DC138FA
          SHA1:D06D9D4CF31BACBD1798B816DD81553A9A0CC9A4
          SHA-256:C4D527205631DEC950E6F8529368334F2A6D91E353B616952BB065300D661667
          SHA-512:F927612D2E1C052496B022FE5DA474294A40AAD4672E7D2965501BE8F0190FBB77C744AF204E28D2F81616C3922CBDA13F4DC679325399C445C23EA894086911
          Malicious:false
          Reputation:unknown
          Preview:....h!P.q..&.D.......F...:\.h....#...E.^..a.........L...K<.nY2!...(....&...:%|.......eAz..#.F..o.(.k...5.>1no.]S..|.. ?.......0.f(.g..I...N....e..`..3..DI....."..k.......I.....,_).. .&JX.F..{...C..:......Ws..../...Z..T%..Y....v...Cs.W~.vo.....J..w6.X.'..|a`491.z.W.HL.2._.w...6$......}y?OO51D.......\~?..PB.....S'.B.Ubxw*.*)i.HJ....@. iZM/I.4h...v.L"....bY>.i6..{..j.G.d...#F.`.......i.4.]l..9.w.O...t).@.#...../t.')-."....A_l)....ew......V....j.{....Q...k*.%L.u4.q..a./..s.Q...J.&....A<=.q..H...%`!b..E.(9...'o?e..e..S~,...@..,.k..a..k.7* _..&"..._../?(.-.&;V.'...c.....2q.._.t..L.udcl...cQ.C...%......^....GIgn.U<.....R_..=Cg...\6=.r)...6(y..&8.r....i.F.._......z~"..<m......f.=G.sRw.'.M.?5....e_........A.;]m%.e....r<0mD......#.x..$.D6.m..!W$j...Q>.@..j..v?.'..6.#.9..}.. .3....."....o.n.Ju..v.~..._..Ao'#......e.0..n.b:._a..=E.....8.q..<d1.s5\x.Xo.o......aBh.;.(..o..6;.T..'.Z..Ss.dJ...9h.-.9.<h>...%.5.p&.o...M.Q._6..4..7.....)c..W....Z.5RP....g.^...

          C:\Users\user\Local Settings\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:56EF280298BCA6932CD2869DE3788199
          SHA1:31A63185AF12F69996890B1AF46E5E61EF755C16
          SHA-256:1C4C0C80345CE295B32189CF31C4A28E9F6E62BD9CCD4070AABDC0B06B67DF47
          SHA-512:464AD7A6DB6FB23A96B467C67C8B67E30422603E85C0365331F3CF1B89AA33410243CD45661DA77AB7200BDE17C244BCFC5D5FB61315A5A357D3559C761C88B1
          Malicious:false
          Reputation:unknown
          Preview:....h.........M....Q....4.E./..&2{z.z.<.R4|LxD`%Z#..Q.j.P..G4;......3J_.2Z..)...?o........:Ru....x9Q.m*]....)..r{vk....&..k:+F..._D5.0"....?.r...8.?..@]{e.".lSu..p.+..........g....#.....3....tx).'O..".......i...O....X3}....s.Yd.h.. .38[....#..~..D:........S..Yy.5...RZ).a.L.^S9.U...F..-R..p......+..k.._9:..N..fd........$.4..C...+7...L..Y.-..@.v._.h...`..r....\..$....c.:..k./.*h.7W.e...).....B..L.....@.......X..=ry.r../......,,../n..\.M..P..E+g.QdhrTv8.xWE{P......o....n.ad..2.(...k...U_...r....z#,...D..2.5H...Y..o.ec...[3l..p.S..~w......Z3-.......*p.WPy.Uao.gr...s..y.....z...^..@`.3...8!DwP.`.b^.....im....xiDP......U..k.".-.E.".....J....G>=Z_..>.e..z.g.<.\..C.N..T,...}.{^w..J=<..U..K.....@..|-..6...@?7Bl...U.4..q{......m.fJ...E5a..X.pp.B..O..\.....<B3.w.6E.mw}x.U.y..U...n..&@.z.P|<]<!$/..=...FY>V............7...I.F...c....o.{f....G..P..(n.E..uI-I..qfc<..q.WP...8........!....l.t.T.+.z>..|Z......eI.BBM.i..EO..5)c..+........7..B..-?.N..4W..z..

          C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:EF2291D4184DAA800F3B6BED463FFE82
          SHA1:30BD70CFB99375AB347B738DAE8D96C204F3102E
          SHA-256:D7DCE68D4139E79D594907F1A031B1EF2762180239186E277355E1B7D8061E4F
          SHA-512:2B8FB9B7C943AE8718D22DD6E438DDCE2CCA47FCD767EFF912C0363C6A3A59D4DADFD02354BBF082F8A49669059F48DC669E7F413C780C76FADDC0D47005801B
          Malicious:false
          Reputation:unknown
          Preview:.........gi.?.Gaec3....c~aG1a41..n./a./.TD..UB.Q..G.s..r.s."ec.....*.b.Q4R.H.Ct.=..R.B):.L.....L.."..fU.X9........x..<.:....E$..e'0..P....."....s)...mE.3d..Sd.c........w...s...("...9g...Fw..D...s..R...l..w...-...k.>..._H..'....>E.)J..yn.p..E.d..!.B3{h..Z.*...,.B..-..f..S..2..O%..10.]...(Vf....P.=....p.x.%.?..[.s..:z...U.g.......-zn.....J_..W.....LD.0...].F...{..kLA...Fz..8.Fq!...I(.....3...6......U.a-Q.....i5'.....i..+N..n...5....F..]..+R.=...^...............Jf..@.E.V..5..@.Y..6..V]..'I../..}.n....e.v1n..<..t. .e..2.X...r.o....)j..Q2......o..m..ze.......wg..yDnh:Pv|.........>N...X.o.5...w...{....V..f..&.2I...X.oF...G%.9.U...xL%...O....h...p...|..Y.....Y...rj.|b.].<....':.^.l...6..}T9......<..|.I.g.o..A...N56..i2V..Q....a._.....Ma..O.W.W....M.5........4..BY...t.:~...h..z.U}1(..UB..q.Y...(..me.-k/......I....N...R.......2.O.r......n.W.z....s.......9b.TM;r.#....C....<.ea.t...hbT)Q.8..o....a<]..`U.S.ef..zs..u..$.3...O'..c....:oX

          C:\Users\user\Local Settings\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000005.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:09431520AA48DB1CCF6B8EAEA37C6816
          SHA1:FFEAC66DEB8EF889BA4995899BCB09A36D72A786
          SHA-256:09CE6F6A230D9CA4358B33DC61298383F0F18D112B2B9CE39B24235758DB83F5
          SHA-512:CB165D5D89D0838EC8060A5B56806C77E195C27C513932DEE9EF5556BB1EA6BD1292A38137307CF4FF6342321E609BD6763BD7A62A8E1EFAEA945570B41BF160
          Malicious:false
          Reputation:unknown
          Preview:.....u5.[.{.Z..G...}6....h....>55..h.(..(...\HH...\..$.@.q...&.r...g.8....Qj.G^.hP.K...Mu7K..g....MM.H..#$l.)mf....Z...@.j..c+..PX.;...3......e.7.'.n{.X.s.;pJ...E....)Mz...8....of.D..F....m.h...|V.....E%....|1\DJ...B....z(.4Q....M-..1[BJ+.......C[[...VOC..].?.^.....,n.)..GV.O._..pr..x'.q...F.8...../H7X\.]".ZZ..s.E.>.c..v.;^.a*.xE....(....?.....c..%.H.....VX...$......D.....X@......a3.q.....gO..T..m..N....2g....b<..=.........FE.S.]L".1...v....'......V.......~W.!.sF.0..`J..6X.cK.......4.......^8.21].a{NgK....e%.33QG..75d.x.......h.'0U.F...(..H...|.n.0..vht..2....@`.......S%..e......K.6.F{....xy...f..r9T...V6..Q7.>^....m.O.(O.T.;).NK4...Z-+?U.&0...L..cq^.gV.T....g.%sW....8...K.~....E.N.\......Z.....lQ9..F....{$^......@...766.a-%aP..0..E..D. .hv...\?HL...{TR..Z.3%*I.._..=.@a.......I......hi...J....+j....x...I3..+...WY.#.....{G'..$.=7p....oqU..{...Q.Oc....(.".?i.30J8h....O.X.y.vJ.n.m.i..^.n.IG.**.j'z.;......Wnj(k...?..ZRhD)r.....7b.._;Y<sH../;.Q.

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog.etl.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F8D40CFCCAA87B86A3F4AC38C982FB88
          SHA1:06F3D458F994B767B3102F1F87A8E4712F11C693
          SHA-256:B7E26E0F2C0EB4D1DE40CE2086CC620860DC3E1AE5BD09569472969F4B96C193
          SHA-512:D814CEF30D4E879D5FBDE99D89D716434F09B46660F6BD9E1F616AD3B74F67F8B907CBE04A00B19E14B4B149B69D417C6A116D161DA4055A9272910CB165F520
          Malicious:false
          Reputation:unknown
          Preview:. .....7...8......zj...T]..ds.d...'.K.....H.7........I.}......%j6.....1}........B.}.8..Q..W..8.bX.W.d.2..-...;7..y+.....#.d.!.V....|XIBe.:.......1cA.....au.-....d.q..be.e...u...."..n..d...z ..R.*.....n..L.m..~.....x4.+ ..b....S...2......E{p8.h.....j..$..D4VPg.5Lm-........b."..y..+,...........a......C{\....V:l..gp._...Z..b+_..1..|....,.y3>H..o1y._y'q......J.@...W../....L....f.......Y.....2m./B..5,0g@#.`oiHa.0.r.@......|...Z...e..R..D.u.].V......X5B.!..r..h...6;..z.+6....p[........Dw.d.;..7..Xn."...5-Y',.I..h..G..=*.....z....1.)X>.@.v.............b..YZ...."P.5..7...N..y7.7.]I..;.!.....F...e0<.|..}.........0..d!w...G..D"..:...3.E.'.J.D..c.3y.R-.B.2.j....>..+....;<...8.C.. Q...r..s.T..!..T..<...#..#.E`.n.K|..id.........G..,...x.%nD..x.'A...j../.......M.Q../..[..@.A-:.9....%..c..a.6......B....eL..L.....ZX.....LaD-.E6Ni~..........z[nT....x.w....".w.I..c"8.o..7...!.0...R.C....>7^}9.U.3..6Nu..y:..<9.\.i%....T.......r.B;.%...O.!...._....!!'..../%.Y.C

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0C9D87CA9D655AD20EA436C6556D2148
          SHA1:6785747CDBF13615F754838DB110B8C51C3ACFEF
          SHA-256:6B18598C594ED9DAC44A19F445826FA9B8BEA3D86E8F15C1AD3BB1E969FC65EC
          SHA-512:D6E867D347D7970A6E0676A6417C3AADBF74F2A7A0AC293B4ADD2D5E955802F09FEAEC6FFCC4C9134674E750B80EFE649B11CC6E614983B0C7DFA149113F5F7A
          Malicious:false
          Reputation:unknown
          Preview:. ..............KN(.a..>.....v.Z9....<...%k..A?.n.c[..&.H.......k.C\>fdVv.^.\.$....a..O.-jhXS.W...B.i........5....$2y.u.0.k<...=$.U..q.(.1.w! ..M.nu...[...Wl....{....4.2.#=.\Z.[.....5......O....R...[.E...iy.PT...).@.OF....].U.#....o...q.$.@..U.....^Y...%....^.{........a......9K..cl.5..e..!.u....06.0.).2./....w..u.8...g-...@...k}..\....vcd.$......A. ...V;..2..Y.(._!...xu~p..4.X....S9,....k..rwD..2.....3.v..e]fq.....s_...at..x4&....d.e./O^!Rr.fM.........x#LK..-......<..T.'..hnR.y&......g./v88.I.V8..R%.........Xr.g.<yL!....f..E...Q.......cO..%..]c.........~..&s."..s..f...v"......$ .........6...e.kWAt(.....m..,rM. .U..z..h."..x.h.NF...b}u>.h........$.h.hXf.$.p*...mh..J.$D.....G......{.$.=........@]..4..I.f.C....v"..t.(...l.!..K....(...........#.?...{.".(9~(...]........!...f....Z.......+.I&....a5i+R+2.t..]?_........>&b..<H...3O.....M..u..(........}.".....n...........4.......J....`qy.Zk.D..UR.>5E!.I....q.|.*ZQ.(........R........g...:.

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_1280.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:75730E20928044217E79C3D9D02C8AD2
          SHA1:097639F0249C6B668BAC35104FDEBEA86C8D7ECF
          SHA-256:CBA8A238335C35C83D138C451AB20A2E73A99A25DFB2815B1DFCC52477BF62A5
          SHA-512:7EF39AF7B403D754ADB29FDD5F6AD1718AB9C0C849B00D6B172E121EB3D932569A1EB7BEC66D199E7D3F9117347BDBB909D94EAFDA4E237C0B9A9E3AAAB73784
          Malicious:false
          Reputation:unknown
          Preview:CMMM S.9Sk.$.9.....:.........I.-&.k8.[.a.X.6.!.......Kt..i.T.....'h..E...............l.B.b..n.k!.0\.y...<2./..!\..6k.di.Q..3p./n^s..............~S.U..2=.<...l9#m....T........eY..<..*Xf..f.h..c.{Z.3Nr..D..4.84..;y......(F.w]t.OmA8 .>.U.J>vEH+...EU.s...D.n}`.....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_1920.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E7D5406F1C9F5B8BB41375F697A0E69D
          SHA1:D8DFD523901AAFF43CE649AF4F39D696C639704C
          SHA-256:27FA65DA4D342BE1EAC42D789530C6B4B07A88842E847C1225BE99A48201D095
          SHA-512:554757B878E350FB9B9DE7ACD81DD6559772BFFF31E15D4C018663E16A989BB473F952240AB44F9B3EED756EEE6807111B5212E7B56F6EE097F396541460F1C6
          Malicious:false
          Reputation:unknown
          Preview:CMMM .B.Q&.i..x...J.>7..R..g]q8.......F>~.[O.#.~..w...w...J...Lw.... ...F.I..]?....1.....!...M?j|.o.t.<......3.%.e..Z]{.j.F.<.xu....SCcN.f.;P..R(g.13YOIT.....k...bf.90..J..quO. ..zKe...{..~A{..%......p..J........R.hsUs.J......@&.3......<J,_.....F.T.R ..T.j..!Q.X].G..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_2560.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:93E2B16EBEB1C2845BE5A79E569510C3
          SHA1:4AA3ED7CA4D4F7DB3E2E6AA738605B7AE15CD5C4
          SHA-256:EE2D6616B7EF393E044594E90761278C41CA338136ED3450D929A76AC22BE441
          SHA-512:2BCC417929559AD704060060C29C9617D63EA11A9C086B6F3832C3E3E5D6DF3F6B8A18D62CADC9F969E6F838B43CD4EE79464F7FC684E439027C5A5221480234
          Malicious:false
          Reputation:unknown
          Preview:CMMM 6@.....Y..2H,.f..c.Nwa.W.E<.B...B....~UNU\=...)W........-..s.[ .Gb98~....ZaV..$T.Z..1...c.G|..a.~,..M!...J.<.g.]/.Rg..q.5..;.......*..!...C....;,...>R[..}u@|?.z.F.9.f.....G..>...=Q&.i....c....`..#3/....tv.<....p.......4.v6VB.....r#v.....[!..'....;.{.......d.V.!./.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_768.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A5A77145F98B4CB9E220F6F5218DFA21
          SHA1:4E77686039AD2BCDE17D30A7DA932B9F1AFBFB32
          SHA-256:4C46E0A3B5D8C5D2ED4CD4ACD76A49E7B9B8D357F826FA94DAF46769359CAFE0
          SHA-512:87A70B85FC52E42D5B860E38BF9F534B0E9C3E51B7CFAD1EAA7D7B7B7A96EEFD75B3A617B9F3898D4B6013AA6AC6EFD1661BAA19BE09B341D3249C8A62532288
          Malicious:false
          Reputation:unknown
          Preview:CMMM DPt7.]}:Q...94..5..SW...-......\;......`tnUvs~...$...3..<:.`...DQ..c;_....l....E\..}.t..\......o......'....M.G...m...<..y.d.......M..g....#X..{hv......7.mo.rjE...e..M...>X$......Q.;..U.R.@.R..6T......s.n..,.C..W.3o.}.....:a]..*......<..A..N.?..Q....Cs..].8.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_96.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:47E8C8471CE659701F3E4D486EBCDBFA
          SHA1:08911A325BFCF45DE8F3D2A4DACC0CF7165FDC43
          SHA-256:AD16139C0BB536ED1AB246699D4DFD8B8F492F16D4DF51DD2DCEAC3AE569B552
          SHA-512:C6B09B3AF133753BEB64EFEF0983FCE53013B73B762DA8BB60145D5416ABF4F1143DA53742E84640D19F1E795C335729F5EA72C3E4E9536A5F9D33C62799D97B
          Malicious:false
          Reputation:unknown
          Preview:CMMM ..>:.{h+.9zO..u.i.........\r*..:.*..D..p...v.s..|..)&..p.!c4X;./...$.s..V..K...Y\..c.'&.;......."{r.Y...!K)....{..}m_ N... .......c...W.+.6..d.M%.u...P....`...,..F.^&*.]....}..e..M....b...J..sJ.C.!7."/F...~Ed._...]..Q..SbhB..U.*le....f 9|K...l.G.^..Q.BK..6..vc..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_custom_stream.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:00FA4769CCFE4B1109FFC34D0F8C7382
          SHA1:84433EAFC32E6167501327C8B977F17A0035132D
          SHA-256:79199A947A5667EB35A3E63680C3DB2CB723591BF3C18675274AE0CE95C80621
          SHA-512:60B7A2365189BCBAB598AAFEDD164E1E32ACA974ED4C563AF57465AD635C0C81DF9FD8FA9B27542EB1D86AF41C14BC6387CBA4A4AD2A4F02E9978F851F59BD9A
          Malicious:false
          Reputation:unknown
          Preview:CMMM ~..."._\...Ru.I....^.w.A..&.2......|M..D.t.R.,...m...G....O.c.......&|.>f .w...L....&.~.5...d.{N ..,_.l7A...H[#...U....J...b.jS..(.~.....\oA...5... -L.x.R..\.-....7...P..P:J.?....H!..V.s-..d...x....$....q....k...K..p..".C......cr_..C..zs...1\hQ...\..F....$.6"[9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_exif.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A2CC7A1943EF6FFCC1FB0D4A27600DC2
          SHA1:F9700DF7A63B89CCE6A5938FD60A1A3A25DE989F
          SHA-256:730A9F7FCBAED3C6DD3489C735AEC9936CE64D8DB8B346B3C4F700DFEE412617
          SHA-512:A368D6ED7743B058D9890772316E4C8CD6D41C6123EF2D54F2D383558F0CE40805380B0EC20BE8CB8862E8218340B7CBE34D13DFA2BF590F8152763C7AEAA2CA
          Malicious:false
          Reputation:unknown
          Preview:CMMM ......;..(H...'.....n.K#.V....d.....lh(.l....V.9......+....I...(..4*..z.2..D..{WO.2......5..(..W.h.......2..}I.....,.#/Mt...6.z.L..h..{.j........KL..?.l..#..&D....w..o...m ..e..%p.F..?l"....,...Zx..}.Y..%.....+C...\`.F.5:.#.#t.@.O..*t.v~=.@9=....R3.?7+v .ff..4.c9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_sr.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7F20BC1BA41ED3FAA6BC5E131D60B790
          SHA1:FACA1494CBF0AA6F54D7905C6D462CBDCD160D64
          SHA-256:816507342AFCC1A60FAB40B93B33CB29D23624C7F4246B585F6472E7519AD741
          SHA-512:6CE902F6C9B237A4441639E658449F72EF94E1AF106A95CFC3E3BA3FE58A87C210AE8CDD45EE861DA6888E359696BAD38C28AE7243FC17EFA4E120A4EBE0F031
          Malicious:false
          Reputation:unknown
          Preview:CMMM ....Oj.T......$.7P/N......^.....+`b.l.| ...h..I6.!W.....-.....z%...;....|...@..`E....VJb-..Jo......Z.M...6.S...Uc.<.^.w.l..?..3/H..)G.t..{.....d.....a.57&.|..1..dF.}G....=....2..^...;c.....r...8.....g...@n.y,...r...W...+dWj..7.......4......\9-..wqA...N..W6.r..H.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_wide.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6D05624C13B0EFE1D4936BDC7F6598F4
          SHA1:C40D5522B4FB4231A51D097BCBD45BF6BB4A7E5D
          SHA-256:3777398FF70CFC650F37DAE84DDC6B204FA1DDED6960610C06D4E897476CA1AD
          SHA-512:C65A3413A598134E2348E28956FF8A1E291258AB3F62D4E333DB5F4FBD9463A7D961846032DD249AD5A1FD9DAADEB10F391C3685C64280289A56B49731153B17
          Malicious:false
          Reputation:unknown
          Preview:CMMM ....Y....u....T./S.?......4@.w..d.R...Qs.CC.p..:.P.TC]%.i..?...GB...6..3...9.a.h.......Q.U....w...|...r.*q.....09..Kfl......{.....l.>U..0VwBo...P;...U:...t.....NA......}&....*......&._s.......JX..._)..x.`...gH......W......q..A.5.......{6..6..,.!.....-....9...B.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\iconcache_wide_alternate.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E11BBD8FE85886489A86DCEA2371071E
          SHA1:5A460EF3F7A12CD0826378141FC0369997644010
          SHA-256:1F31FDD8CE944ED5961E4D4B25E24A44E719080DC57985DFF306EA4FA6ACE1A9
          SHA-512:1345BC44824F0781F4F9337209C4AE9B5C9DC8D5B800E8012278F0E665E1019A09BA17804534BADEB9F71FB61C060B1F67E3842D5C7FC3C8F555091234463D59
          Malicious:false
          Reputation:unknown
          Preview:CMMM .,..~....*3.O.1..wJ...(..y..8is.A..||..O.eQF..n..e'.t'..c6...P.f...+..B....].k.........\..S.\...<|O.e8-...g...,P=...,_u.1s..L.w..z.MrqY..a..b.%~...$7......F.p.jZ.Q..9.x......;4U.).'.!V.1.I.if..2*....j*..,..*...3l.../....2.Se..s...3.B...~~.p..C&._W_..+.Y.......L9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_1280.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0C2823AD54E924FD9DF1A3DA5D6C17B0
          SHA1:031196D3BA5AD0904DC76D9234B87DC4803254E3
          SHA-256:20BDBA189A710BBCE0D37DE03F2B4A8EB622C6C233D6CF58A3669C4E96F29FFE
          SHA-512:D546B07FFAAE4D5FFEC5E117421815FF8D354EEBEA2461EEA6A9E1C4B362325CC4FD9861C46BDDE82F24B6D98D03DF7C1862AE9CA375F6BFEC5630C9498A0F9F
          Malicious:false
          Reputation:unknown
          Preview:CMMM ..voM....Ft8./Z...j.....lY..R..,.X.b.%.N_.C_t...R.;.&.....A...d_1.\.~9*Pi.g...1._~%.h.57..........^.D).Q.`..".P....N.k.B.y..:.;....'hrn....5.....3!.-............m....O.<....~.H-.J....T.E.=..s.....$.Qo...^...)..JK./.._TVhO..i..f...s.(...A.t....\.L.......Z(..7..V.j9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_1920.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:AE8310E3E790525C7D5D38345F29C696
          SHA1:D23D6BA2DE1BEDA03F81D71BEDFCC45DBDD84BFA
          SHA-256:475B441BF1599B62C823B0123E955CE5CCB0476F24500414F0BF154E9D40ABE2
          SHA-512:93D5C34390AD78CF376085F535EE36802CE4DF55C170E33C357B9266A3C9672D2D21BAFC11E2770387F4D33F9142F12B5FE91F626FF7A0C8221BF20B66C26A7B
          Malicious:false
          Reputation:unknown
          Preview:CMMM DEo..........;..3G..t..V`5......3....s.o>\.9.I}..~...t..=.]....X./i.N?...'tc..N.......$..st.....zn...._F....O9.w$..9..3?>.?... ..m... ....u..<#.E..e...|..t...qX..&.G.<....P...|...p..oE&.j.|+\.3.m..E`..C.d..D..\..^.6b....st..3gd....w....Y.r?&..]./....y...[....2.\9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_2560.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9E186D39602020D09C09BCE4021ABE69
          SHA1:826B64810EC8AEA8B9DB563CCFA5982B10C8CE88
          SHA-256:F7F525876F17EE12D3A46F296D6CC2614B425641FCE2C9D1C61D73932364DF84
          SHA-512:FA8BAC0A7F4DD41C8D115F3D05A0E11F457A0236D39B5BD7CDBFCF51967EFC133743ECBF98877381D2034F45CEF4325218B2403A82037633E35E80591AC25844
          Malicious:false
          Reputation:unknown
          Preview:CMMM i%^f...eG...6..B.s.LAGD.c...c.&.R......S........&.;.e.qc.. ...JcC.-...i.2.f.#:Ga..0..C!...O.....0.A;d35....h`M..Z.........b:... .r."&.Q..z..4...........GX........P...w..r..87....]6.F.J.;]..g...f`..-L.U.......M:..5.x;.u..Y-.h.h..5....B.3.L.g....R.x..o@)Mv.49}..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_32.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4B51902A8079E4594987E0D8FBC36704
          SHA1:6B91D9D19393D2AFF7DE46CFC66F1052740FA4D4
          SHA-256:F369F5BBB593401EC0AD9F7FBA094FF227AEEEA63D06F9F7B4AEAC7B17F84AE2
          SHA-512:4E98A56144BF9CEC1B9E478EEBA0C92B65F2DABF76524F154189C0E92B048787A56601C5EE68C2AF5813F301B2E01E3088536969403FCF38B07BFA324721306E
          Malicious:false
          Reputation:unknown
          Preview:CMMM ..G...mm.QE.Op..~.A..n....o>.J../.T..1.^PuR..H..m=..f..@..@.#.......".X....z.m..F..... /.C..L.....%......a....=..jo...M......._...aJ. ..6.v.K..Tc.Z.2.....}...!...}E.f..a..y.%...L<....X..i....4|..@..C..Bl,..$.f....k..=.... ..a.T.*6.9n.>=.G=B4....&p...\jL+W..y!#.x.Z...l.a;.H...n.2BP..Ph....|.f.... i...u...}ks...(...L,&F..0...p.......mX.O.....?..A.c3.Q.Y..v.F(....f.y.Si.K..S]X.,..1.E.X.T7.-I.y..;.pk..5(Z.!.:`.....g..>$...>9....L..?....P....x.l..-*...(.f.....b.....qp.h....z.......Q..y..o.b....&.Ur..#.........w..R6.R......'6x.M..v<.6#..h..w...F.L^.PP..r.8./..o...-J"*.....!.9..^N.?x.m..B[6.......+p.SK=o..tfF....g.as..*y{b...&.C.!.ba..N....~D ;R.)...-J...;......x.....8:m.]#..M.-...\s....?.....&>A..d*.nU.r.S..?.b...[:.u...n..0P.W.....[...K .q.._.#u.er..b...W.h.s.gx..x]..4.ADo...36.|.......^|...e....n..'.b...........U#J.E..p&..)o<.l0U.........CcY.........-X3....~....d..h...t......OC......P.).....18......y.....s7"?$...C.....c[.ZJ...-}Y.._.....y..E

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_768.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3F7C2650C69F5CBA33D09EEF79998494
          SHA1:4466A0DF06A87B9A911B9E776437D6B33BAF61AD
          SHA-256:4864ADF42CDA3E9B28CB0CFC40E891D09EAC82B903E75B51A7DB3BD09706F38E
          SHA-512:96254CBE065A9EDA611CBB82C0E9A8AFB90213E9765F29D4998595AD0C8A0685F41EE4FBE2D32E1059B0863316B858BD87DE1488147FE71ADF0A77B4E86CE250
          Malicious:false
          Reputation:unknown
          Preview:CMMM >Y...v.o.|.mvGjX...Q(.'....v...f..3d....h..j'..CA..T...T..Ea......l..=.l....e21.....~{....B.?.t..K...$../.GMQ.ti...=........V.._o.J.D..G.$,.!...."...6.\e..k.......]...R...1p........-./....^.<1.#..A.!.>.2(..'.*.n.3..8..Pp.T"....D2.o..;.4..P x.p..yx...K.G.N..W.??...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_96.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4454A8B084BDA0B10E920BEF3CE3A216
          SHA1:DD204F04EDE9C4D32330DF6AC01D2591051D2E0C
          SHA-256:C6CF4B8608158011AECE4B10A8B0E8CE988B558E3B7D5A4D0CDA35E91EA0CB40
          SHA-512:936FD13ED0D2A972A594FBB56274F2C86B8A7958C537EA1977B019331F7B1F88F3D09C6FC55F325BDCA2335B3DBC8F839960DC956B987EC65A534BE217BAC04F
          Malicious:false
          Reputation:unknown
          Preview:CMMM .dq..#.C.../.;..`..,V.9>.......U.H.......f....."...3..W..eu..5..%.au.<.......>}...5Z..Zj.jq...w..%.lk.M <..l0.#T.h.)....]i.....T.C6aF...!X..5Vll....b..Q...^| .9..\.<....P..JF.z....[c0...t%..-...*.:d06.H,.6..L+.l.....q.bQ.9._~Q_E.Fe...Y.&..L.FO...^......f~.T..c.j#..DKyX..V.1.y.s...q...1S.....#]<O=V..]...Tlg........:..2.~..g.@...]%.4...o..{."3...x.!.b.....&......A......T.#@...;.8....C..-/....~.....j...gf:.1..&...S...r..T9..N....=.R......J+w.#$.N"..@.T.A..#f...}...I'I....i..o.|.&.#77....i.].N..@.4...:@..6:yNer^K[..^.....L...Z..0..*...3[-^u.......E.c..<.....<.~b...5.u}F.....w../].n.4..#...CD5..9Ik'......J.ibl....X..7KI......)&6..O.8./.d.P.C.r.j....WO....P.....2[,...U1.....~6...|.q.a..>..ws.9IZ.`%.4.C.....h+.A..1.mT..ocw3./c.C..F..5.bOF.(...S.......$.^s..|.]....x..<Z.A.&X.*k./...vg.....B.D..T.. ......@\...}..5..e.....ZY...Yh .2>......7k....N_WGU.......+w.........&B.N...A.f2S.o........_.1..x.dq.'n..t...i".=k..+r.t.)O..)..u.>M.

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_custom_stream.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B3E4C4F7469B779DC56337BAF818D13A
          SHA1:78BD7F6A01232F8C2473365EE891ABC05E51F874
          SHA-256:BE5C5DCBEE9C219C1B27F46697401B879A9027A1E8A6539C59CDDEEA190F3036
          SHA-512:85998AA1D8FDE192722F3002E9CCFA75F46FFCAE7E9116C8A0DF06F0E0D3589F62C6F16C10F22F73380695826441FC0300BBDD5B9717E66AE14CF5415507997E
          Malicious:false
          Reputation:unknown
          Preview:CMMM ....\.R..Q.n;.T$".R~..).0.3..d..C[.O.......E.8....<...o.]E..[.{..;r..>?.aZ.w/N..^....p3....}=S...@...I..NPQ....&V...c1~"..w....n..8..I...'.....+>.q.....q.L-.........>..e..,.J..E./wy.O.g.....4.`....Z.V;..i.@.J..SL.;...|k./.a6.a.@....Q........CnI.8.r......B..4*.^@.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_exif.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:EB4AADE71B1EB7CC38ACFBB700E8FDD7
          SHA1:F24C43693F91EAD6F9887E1BFAE2C619B8B3574B
          SHA-256:05AEFDCE18905D66ED7E4AE7CE668B47737888F7689B82B4FB9FE0620CC6C04D
          SHA-512:D6C3675D69D288B32F1534D910FC5D7E8C77E69546BD54D9D8CFBF474ED9E79FD161288F637D7492A6C15FB95295C909F29426EFC0EAE761BCE1D04B605991A6
          Malicious:false
          Reputation:unknown
          Preview:CMMM ..I.E[..P.f.H3..YP.6).R....4.8Ab.Kx.q..[B.....l.U......R..l....y.q..-.%._..]...UOD..o@0.....x)....y..~.E..j..7...:F.zg.R....l..im.I...1./.u...;.r.z...?.....IQV..B{.,;DL[..R.M....%s.>P.~w...z{.WY..t.Z......7f..7...d2G%.....S<.V.Uz../z.bA.%._M<)s.PT1.bf9Ij,u..Lk.*.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_sr.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:301973B8B0F830EBBF8526F89C0C5611
          SHA1:1562963B85FA9E40BFC292253DD44B5F09FCFD4F
          SHA-256:CDBEB1F2B12E0C425D03EE5B82B8301D5C5291EDB4137B41729D4BCDBD6476B5
          SHA-512:253E4657A9A307AE30DB1CA4E8BE3BBEC9B9F33CC7201C0F24EAFA8665733DAFB06206CBC3F7243FEE10643BED3CD6CDEEBA02ED43E115553691B11B7AD700E5
          Malicious:false
          Reputation:unknown
          Preview:CMMM Y.)...S.}..lV......#...B@....`......7.T.(}..G.D..VY.....e...Y...B.InR....;{.+av..(.....A..3.LW8g......."......W.e7.^.4.d..U-b.il7j.'#X....c.p.......3...s...3.0.@.sJ=.3...)..Q.+.#=..<..{6....1r....w-...c.)<he`...=....7..C..2.3..jM.qL.(.....f...fG...J`...f...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_wide.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:AC6C708D89D969C34D57CF69EBC23869
          SHA1:2FCBEEBE5F435222BD17A93B6F53A1480EA5B70E
          SHA-256:E4769D9FFFA6E53A0FDD242C36B52A1F6567618124977F130A0C1A638611A226
          SHA-512:173E89DD882E64120429D009F7437C5F374B8C784EA773A3E6586A5652D7E94F5562F35A09E719FF38969BEFE70E5ED0C9B49EABBF7F965E428AC72A2B8496BA
          Malicious:false
          Reputation:unknown
          Preview:CMMM 3k.ulI....m..@..7..(........].V.>.9......6?_....Y(..^,...8...1.......\.U..Q.i.~.....j4@....^.xr.h.V...S."KlQ...>..:.^x;.5.?...N}....._u`...y."J..meZnR.........w\.k9.......|@...n..S......o<#.HE...o.;. W.L.hI#~x.c,}..h]..a.=N{....Q......V.W.9qE.....~..8CB."..$..7....k....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CAF616D86CE417AC1D7FC7F8142F6CEF
          SHA1:D5AB9BEC4EFF1E3C6AFEF9C3A03AE7D70A74CB81
          SHA-256:759A0AB77AE477388E8BE2D4BD8F8FA1BDBAE32D336715F47CF684A4765D8C33
          SHA-512:54DCC3008857A80734B197D998853E2831660EAB854FF5266200F51D744CB9DB2CADB20D3F6F69FEBA29A641D0AD11622F40F2A1A1DA0CECD787FC24CBCF48CA
          Malicious:false
          Reputation:unknown
          Preview:CMMM .o8..+|....,/{..`aLb.d..../|L...@..oh3.-/.{.......s..wS3...)N....M.Z..+..D...9r.x.Z.......#...Yt. ...>>|Q.e.M-JJ......1mV6...uu.A..h.....4k.. l.(..../..T.pA....^.P.%...b...Tb..7...`q.D.C..,.a....|........@J...^.\.v.*..`$zaK....A.+....N0..hc.A.o.G.......@..%}.E...9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Microsoft\Windows\Shell\DefaultLayouts.xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:10FAAAA0FB6D10BA37224306D24C53ED
          SHA1:69239A2DBE85D3BE76BF3206DB1541D60276440F
          SHA-256:581517441D2E43DFD1DA16735BA657EE68E7BEA9E890EC737A64CFA47023FD1B
          SHA-512:2E9621695C91C0FC050D2FD5472311588DBA0ED97640CC78A181779BACC3656F98413F0731D6B7D9C80EC3FED0120BC9B756207C5E0BA84309280B7950E969D6
          Malicious:false
          Reputation:unknown
          Preview:<?xml.'..4..E...+Xf.,_$N.n.K...+...W...f.."i....H..2.j..4.*_.&.....;...x.wehb.......Rr.....^.gNJ3B+..L.#.(.H..\h..^@....8Y...5I..Y...{.D..S._.,+"^..sT....y.l1n....M.Dz...j..xj.f...X.Wr......!.]....B4...7{....g..h>.....7.Z....h..-.B..io.w..Q%.....4%f........!...ce|<?..d..x.O"....T.9...E...B.C..-...(....Y.....!p.'..}.PR>;.....g.o..Z......M/.........-.......F.&....E..l.k.z....c!.ZYl..t.F..(.....(w..u1.OX.x3..Q...3. v...r.4...a.5.Q........:Z~!v.W..v....*....pW...TR.e".z.S..kj.Tm.^H..=.V.....t)..e)..X;uB..6...%.0.x....{...R..1%..D(..o..5.#..[+..Mx.2.k.&c.@..L.*. .M5....`.....f....c0.J.=......R..........F..-..A.d.5....i...!........C....&.2...\.$...#ae..=.J.$..).....ZR `Z.#.G.o.c...].u|..=....IJz.........tlHR.et...}...tYb.h...(}.v7.....?.%^.g*.y.... .r.&;....,%.t.e" .e...?...l..0a8W.Y..r.....c.S./......S..o....2.^.U..........Y.O5...L.2.....IS.m\-.P.9..W.}.*.>...A.5.........F..@..`cZ...Mn...z+..M0F............0c...N..w.y.CnH'.KD.O]Bu.HT.#..[N..R3

          C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01.chk.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4F3D4E13C146EC593035960B70159473
          SHA1:BDA90C2E5E0218629F96E2C49D4EC67783456691
          SHA-256:73DF709148098B4747893D227F15ABBD5F9C1F5C60F869EA755309B7604C2A1F
          SHA-512:D53DB76E53573A5B4671BEA04DB326390516E79D6A355D7AD8C34E70FD3CCD1A57149C19A74818BD0AEE978D9DFC437DE3E69B120900FFC4239D7FD9AF2386F3
          Malicious:false
          Reputation:unknown
          Preview:........A.:...6.UQ?.rGf.....e... .y._.E]..l\......q.v...m...D. ...@`c..)......d.Z..y....s.z5.......nR%.XM.0..@..5).a.R........N.iQ/KJ:Z....Q.......c.>.vr.Q?.5.....Yp...!.p'.t.W..0...!..g).c.F:.....N..W...."....z...6..g..U....].^!................?J......^.4/Z..0t.F...,.^..+!+..elN..o}.2.u.....2.....W..]....."....A1..?....:...e...Pd.m...d..<...o.e...7V..T. Y.....)..'%..ITo.4T.....ITE.}..Ln%......s.m1:..Y.3?-[}.]Ec~*.y9."..E.Kau0JS.......>.."....t...[q\.c...j|O.|...\...b.S1...D8.HP....|.........Aa."L".........i....0.....4@../._.r..pQ..k....}^..W..u...3...r.....W:.}$..0.R2.q.%..^...=..'...Q.......D...U~.y.>9&rt.......o.uX.....R.G..&P..P0T.A...v.T%....m............7....w.<,.ox...xk.ge...i.*....F./.....o.&h(..!..O..u..-$.....h.4......2...+......\.p.)E.....P.Zj..d.W.h.v.p-.I'<....M...`;...=>....A.....w..Q6....\F,<.%.....$.>K..K.C...`../.Y.h. q5m'g.3.k...}...#B'L.a....Ej.ir.lm.8.V....N4.g"....s..D.v.......... .Kl..i....{...Ib..R.~:.. .?.

          C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V0100006.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D2D222BC29D4EDE005046484D3352BFC
          SHA1:40FE400F5BAE96C0B534692F3D2742167934A1E3
          SHA-256:43683CAE8BE9A46393B8919879544CD17FB7F127BD3D8A7611F3289AFEA6754E
          SHA-512:BB4D7C56FE321DC8F7D2D40FBCA21A77CC2C4ADA3FA3F5A40DE68BAA6AE9D9438D0803071037DA217083FF5E4A46AC1DC72A3EA9E02E6F8207A8C0A1927FFB28
          Malicious:false
          Reputation:unknown
          Preview:.|MH....C.....E::..6.8v.%9..K.}..bQ%.ZY.9]..)...e.g,@...N.m..,..Y[.%.%......X...z.....*..-....!\....4.d...-.j.....ym@;?.cl5m;/~.}.(...,X..;X.{.O|..K........|..........y.s.H@.A.. ...Lj...Ys.....b.........@..r.Y..)c....`....Wl.L............w..3M.....)....9@ .m.[;..x.>40.....=n.....;/..V.H.qJ...*.._*..dk.v^.}A...[2...(N.WZ.....-....I..5.......+8.T.n.a..r....v..HD.)...tk.p..9......U...P..k....\..u]8...I....}...hs.R.gr..+...@*$0.a...h.~..X.u1H...W...Qg....pC...M{.6s.vk.."..`.k...m.:.r....z....nW..U3BU..gy.qVde.l.....H......:..=ayM..x.f.... .r q....^kW......f..u..|.....9...Hg......d2$8O)....g.}\..V`..`...kh.QS.O...mRUL..4....c...Z.}...?.*.^j..".>x..&.np9..B#..+w..3..{./&.6...X....Q.=p....Z...*...N.UR.........xmE.o.{\.......\9.?...tU......?S..``........LF.R?.e.Hp...5.C...be.Gza..?.T#.R;...4Us.u.GQA...k.H.W=.....yT......r?{.EJ.L.}.|.(.d;.V..|.....-?~ X8...a......9..@....3.G.....i...e..'..N....Y<..ey..KP.W]o.....iXC....C...:g..Q6X0FK.G...?PH;8....

          C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V0100007.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:OpenPGP Public Key
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2ECA039C6AFC82ACABD86F18DBEBF7B4
          SHA1:6215FB21A662DC3A22662001CC791E3E3D0D0599
          SHA-256:4ADC7354F7123CBDA1BCC58EF6C0302313C7C4C134DAED5064DDBD2F830E6306
          SHA-512:E896BCABFA1692AD7A08CD842E934560AC4EB5C19846A3FBD108B25380FE4F0FC47F05988E1CB10A218D514839A97687C47F8C48D459535F11DAA43276D3BB5F
          Malicious:false
          Reputation:unknown
          Preview:...?..n.p....=)..1j..H8.2.(K}.<.lg..~n..2F..x...n...&.K..........~.hYha'.e..J.O...j.Ay....H.w.....w......|.......$K..1(..[...np...U):}p.&......0..D...+,.r......}s.....%..k|.!.p#{..f#u.R-..|.c..?Yk.)..p.A....9`.g..V2..n..V.c.>.b<.}W...X......)...OP.P..Q..er.[......s.A...e@~f]?...H....p....v..h.HL5.L'..0..........@Y4. '7vb.bw\.%...$R_...........Ax.A..y.....`K..c...K..Ht. .N...R0QW....$...!.......G.m...rn...x.9.L..f.UN+c..)h....`z...6.)Zku>E....'.....&U...(...Gp:..!...........F..R.Wb.A.......MH.)...`.$...3...'u.Q...v........L...8.+.0..x........?..p...8k..3+..D2z....^R.:...U.'iWl.F..S..C......O....I....$....5!..8..iEc]\.>o.......^Jo...yd..Y..!L.F]=.t..T.; .....g4....h.....9..P.@.l.m..=..qeTR...L.3......1..>.Y..FO3..d1E..2....s...o....v..HU.D.A..D......{R.5O.t.b.K....p.>!..d..@..../.z..=;..S..,y.(......ls..G+.%.!.06+.......++`D.K.q...T2...U........ud....G.<.........3..F.h..B.t.+....s......i...$a.3.Xh.,...9....{+..l.{Q.9.h9..F..

          C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01res00001.jrs.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DCD2AAE5CB6E003B465D569DEE2764C9
          SHA1:D7F608C2854EAEFC1CB372542474FCF67BD42A30
          SHA-256:FDB1A1FD58599C42919CE152EFF3409704E4B23853DA12DD439CEA3F302748EE
          SHA-512:C6FA8D580199B48B350BC11197C8F2EA9AC853D2BC8991F707C8071E095FCAD674B69FB502157036A0B67CDBA5EDB773CDF2B597510570A55966E4D1FB9F9C95
          Malicious:false
          Reputation:unknown
          Preview:.....Q2......Q..W.....eHm0H..:f.u.....p.Qc,7....k..t...d...1r>q.~9...$.:G!k^?....H8g-.N...X .~..,m|..sgY../T.cc..;.:vg.Z..Bf.\...w.Eby.`.&d$.O.9r.D6.W...AD...-.zj..u.,..>.P....g..rG..C..^%.`.0..?.Hn.......O..o..1_.w.....a.e..`....`k...c4.yz....L'..K...........n...G.....o....'`....q..!....G.)..y....W....uD.%:#.........um..)g....:........U...o...!.x...{..!...P....P,~.t@r.H..V(...'...y.I2R...v26.._......^.b..v..Gp....T.N.$..?.M.....g.}.}bL)MP..TYV./...iP...o...l.,..d..u.Dr).h.a~.....(G..[...'..`X...A.Fz.r6 ...#./l..(Q'.h<..$.4.....UI..&.?..fgT;.....^../.s.l..U@.....Z.&'...".2...S..[Q..Q...R...3iD...s..1.*....."K.........J.H".Q...8_0......X..u....E...Ej..dmh.........nR.Mf..P4....9...<.gi..j.8..#C..m:..........S..R2...<...r.....&.VS&].o.....XL..y.1..._....c...n/:.:..E..u..4...Ee.Hs+.F....._g..zL.....]JP..^_..+......../.?..E).....y.~C.6.\..6........c.FX.#.g0...J...&a..h:......\w. <.. .,.....*.;.4:.N....s.Tfc.'3.d.=.DX..K,..p.=.!..z..py.......\..

          C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01res00002.jrs.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0BE94B679DEB23D3BB8906EDCBDF8138
          SHA1:584C84318A3446412E75EFBC27975A945768422B
          SHA-256:175F4F221D783E98FBAFBA1EC01CE987AE9F0D81E371BDCB53B04BDC7189A3B7
          SHA-512:05FAC72A95031DAD04F6C5874C1F81D2EF0CBA5B92801F543B3AA72C36DB6E49CE2EF85DE7BD112CA80E47DB91EA8D42369F44EC6A86DC6593A78E5B4297867A
          Malicious:false
          Reputation:unknown
          Preview:........\%..G..[/.Q0.~.Q..W+.....d...).3u...Z.....I.....:.Ic.M........!.p..%.m.mgL......S.q.:.....Lw...........fn@...A......mT..'=5.%0...p.3\b........v..l-....O..mu.v.du.....y#.......<!@G.n..0...9."..)wNp...T...#n.......".....@....d.BL..AK.wu.{..$..R....De5.;9+..{Gj......O$..Fm....B...,..P.{...3..d.._+k}.....$hdQI1.e..w..r.|..Ec.\n\..|..E..M..{..ri....iEOP.........p'.8...w]D...p.CO...g.7.Hq..s....+T......fK.".....u./....?L..a.z.\C...&....f.VD....&F...D.X)..i.....7..F...W.....G..P..y.2O...A)..]u.<%.....W .#...~ZY.R.m..}.[-%....b.T.S..-..CUD...w.ia.....!g^.f.!!f........_P9x...?......Y.r>.............RO..I.s...`xPp.8M..b..."|..g.s.}.4......y`.-........#.<..3h...Y.w...O.t..WW;.......[.*...(6....@Q.;"l<.P~q.,.K/...j....R....%..g..d5.R.w...i.Y.....|...........We.._c{.c..3....s...y]&ie8.w....[<.}...#.\)f...#..x.7...S...e..h....~X$E....\..@...:[C7.....v..k...4..P}.ihz.a..{......U..z?RQ..^..$"..4...">$".b..5..;....I.|.....?.=i...4.4..3..&\.|E..)..80.~

          C:\Users\user\Local Settings\Microsoft\Windows\WebCache\V01tmp.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F20A58EBB808A24E0972B08CA51D383C
          SHA1:F5EBC1FC43AB0C32434F2B7B5306E15C596C265F
          SHA-256:C3D154FC9358FB8B6B72DA3864D860FFEB20060B4130A1423081D83B138868AE
          SHA-512:FD3FB0D142C6D2AFB1C30C100DC68DF49B51E8C3307D8A13B20BFC1C88388302C9BCC151F97BB7022684AC402833C0B532BA9A2FA7417113A650924481764C76
          Malicious:false
          Reputation:unknown
          Preview:_..j... .w..C.=.:.3}s...e[M.W.?......p..+...1&.(T.M.D..J..fk....>._...;.*.|..gT~...u..g...G.>...04.....Gf...|{d.i(/lq......$.m........`.....sU...g..J.;.3.......d.Vy~ed)Ne..n...a..~;.".a&*..]j..4.(....@......N\..j..G.dKk...{.H..3I.....q.#33h.7.E....'}(.....,.1m..t.t.U..P(W.6RU..F..e.dg.E.?.....(eO..&.hl.v..:.V$.8.$4.B.;...._..T.....c..y.a..n;X...|q.....-..LR.@=.8.izU...x..u.h.7...f..-......3&..D.^...).EAW..Z..fO.a...F..a.......D.J.......=O...~......r...j._..gVI..W.....r.X=...(..........-....t"]._h...S\.../l.{.h.}....!`...1......~.....rF..`..Z.X.B.....Q...C.......N..1.7...[$Y..c....:...~/.>...fF24..+.P...,.J...#.^...f..B_.k./.!...U..n-.....gN....?.;...!.....].X...V.N.Z...y.C.F...KcC.Y.y.9...I+.U.;..}..9..jF6......[..m.Y...{.k..u ./...v....Wbb............."Y...?..^C..<=.tO..D/..6..k;.'n....z.+h....F...P..._.......s..9.."Gy....{.V.....S.H..8.^j.@.nn...."d.... 5....E.Mp..lC.....wK.n[#.o.G..;..l..$u.6.....C.)...V.Dk..f.I......>.pT...V1O..f3....S...9

          C:\Users\user\Local Settings\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:90C3C6024D374C4A5DB67E2CE3E5D497
          SHA1:73DB37A2E6FFDCFEAFB024469EDCED4CA60ADDAC
          SHA-256:5896DB5432AF292B42B2F808037B92FE2C0A2384083F248E38F52D0365B98C18
          SHA-512:D0D507AA43130F1808A45F49115FD6DA0571FF68C0457ABC1554FA6CD0148555FBDBC640C81890AD9F36BE39393E8FACD3090D9961A665315343039A37055435
          Malicious:false
          Reputation:unknown
          Preview:regf......~._.J_.{....q....Y.U2yp.m.P...2<.2.0...GA6.]...2.j..#....M..~..u....M6..........m..F...!...9>n,4E ....t(.!..".....Y7^....S..L.j.....Z...Zo3.}.k....-..y...L.1.n............%..3.#..-..|`.E..Pt.e....."}..B.........y.yz<E=&T.-..%gQ..%....m2{5....e.!..3;...z......c..JN....._)......v{Q^.H.G...JR.;.9..2...xd..K....l_M.a`.D.H..F(....6..M..z..o......}.`|...\GG..t.(.7.<m?...ey...I...J.......M.o........=.w('.`$...2".{'...r...]..*...&b1&......3.7?b...(.o.(v?......JV#.v.H.B..;x.$.X.N.p....y7... ...@j.lF...K.*..D..m.u]....|.."W.a*............t.......T..q.!.a.7t1.2...O.~.....m~..~...z.. ..M..I-..}3.T..;...PE/.x....Y.M.T..L........S.....6......2.....o....:&3!...n.....).....b......{`U2F...9:.)=h.....+e.RTI..9..(l5...w0U...vx..KF...[..']~..c.Y.<S..,.`...y...4...h....\^|.....-U.H.G..9%...i5...3..d.u..g..=XQ.o]....)...3........g.0dt..q.#ZW.m..j....9...l4..o~'..H.;.w#...A,..F..w.Qn.\H..Y....o%/.....'.l..0Tqw.eq...S7...`4..?y)\....D.t...`./

          C:\Users\user\Local Settings\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:70197F2C34E25DC5BB8CEE502F0D46A1
          SHA1:6298A652208F68CEBBDDE6B3677D7F2E91210A4D
          SHA-256:C814BF54ED143C07CF6E2894A5A11EAAD3487E49BCE6BA4DD67AC1C2A4DDC3A6
          SHA-512:46C7C0BC8A164C44E01619799DF4DF5D0D86D5D06E578AE52CBA72BC5397FEFBDCDBA1AD4EE4E30848000B4C0D0086A5F7F94F4CE16E395E92E0E0822E6E3094
          Malicious:false
          Reputation:unknown
          Preview:regf....Z+S..v.......)...Zuy..%.]j...q.uy..a.88.....0....!..,.'..._.#f...).......[..<.....9.:.gjJ....9......pp....Q..G.v!.W2w1<.G..(|.......M....Z..y0u....J.4.......C......;]h.E.*.#.R!a..B;..%......>W.c......p..=...>*.b...qa......;N.....U.....-p.=.W..~..|.W...W.....<.!5`....4........w...h.....E....8..bev..B. ..........]...5..x.%H..CV...6.a.\p.?...Z.'c.n....?.....J!}P.Pk[.&.....(q.bN........EW 2........=.%^-...CT....c.Z....s.8...8[."..>9Ga..\.H..l=O.}.....8.g..B...0...f*Q..l.B....A..O..Z....9..yTa....?#..'].fy...U....iv.;zr.....q.q<.e..*...r..is..gHv..U........QE..9uc.ys.......48.a.#4-Q}......@..~.`.l...BP\....V.^.a....>d".>..9.......2.i..LL.).9.Q....\..O...@q8..8..C.>g..+N^..6..+....@......A..ih0..!.i..R.X...1/%.3Z...%.=I.{../.X.....[..Rp...W....u.....]....q..I.8....%t../.U.vL6........`.~.h....l.......)&9.=P....r.nf.../et...R5.c.....u.\.$..SF....;.\.......Y..1.YW.....A..V...M)I.n/.....N..6p'\.o.5.@...fl...X..|...C.J.Jf.J.B....$.N.a....

          C:\Users\user\Local Settings\Packages\F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B761D955EA1B1CF0D5C4EA70DC29A840
          SHA1:A1588CDA6D51C94C5505AD63B8E71EF035E29F8C
          SHA-256:08E81EC449619247FE4BCBBB168A62BA861DB453BF38301A7EB5200DCF7C2ED4
          SHA-512:337AA6565CDB4A60F29B847C0D8F536AAC2589FA4AB5504F8132744A7DE8B3D3719303E8305183ED08DC8430CD1A79F3BAD70C4AAD78A9AB8022E75CCD3F96CE
          Malicious:false
          Reputation:unknown
          Preview:regf..PW....-......S..N8D...PB..$v.@g`d..1.gf....z...b.-LP.....&...Cu.a._y;....I@S.k.0AZ.....O..$.iz.&P4.)?.j0F#....)..Y....X.]3.SiK....F'w.3e..'.{...ai..G....n..>w<./.k ....r.g.&....~..<.g+LH...o.}%>.........\.b. +......o.0..8.7`.s.t........Z...TR...+..*.<....J....4.....*.wd...<...:.......2....z..J.Y._[.r...Ecd.z..sH.*(.L.L...y.......u.,..}...#..<n*....g....C.:^.7...3@...?P'...'...5%.X1T..;W.A.;Sh.........Y6d......R. ...S...7..}.....r.....].......B.b6...c....\.I;b.1..@.(.Z..!lP...J$.%1C.8.....Y..W.y...8m...*.E...(..!..fb...;.c)|)..t4.......P..?.>. _.....Zt..x]B.99Z.....4....B.J7....EQ.?....Q....Z.l.J..@]...q.nN...5.Eq.....U...G9.XV.$4..E)g=.X.>.k2....(Z..S.Y?=...B..QS..D..y.^M-.Sg..0...J....A<....5...$A......U.Ut..|q.*+.M...4..."..(.L...-.H....N.T..co....H.-...q`....B;.$mad.....;.N.^_s...Z.q...Y..........*..!]...X.]?.rCN5..u...^.0..,U3k...qOak-U8.=..=x1 ..I.u[...H.....c$..=.l\..^N...WFu.%*.l....I.O'f..I`...<g.+!.!.."......2.+n:...IJ..yz<J

          C:\Users\user\Local Settings\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9AAD0B23CEF12608A213C58BD2DB1CB8
          SHA1:1E57977ABFD201B1C6FE9022938F559846170187
          SHA-256:233778CDF123A021A5BB8B658E8B832D3B8D8EE83A5F3A687A3A7C34579F82BB
          SHA-512:59DCE20CFFA1E2A067D3A436BEAFD5557E26399CAE10A85603B4221679E0F3606909C8C0BD9EAA3168B992896225C662BEC953502AB4D25FD51BE42BEE0F5206
          Malicious:false
          Reputation:unknown
          Preview:regf.L..h......M.B@>..k.6(....TK^...'.f.4A.]W{..j1..))f.....%S...O..LS|Z.......5~\\...A.\d.63D.....RcmOK.G.|....@b.....N..e.6/v............_.K..B.KaZl...'.(g..yjy.vJo..q.....0....Hs....hJ.<N9...H.o.@..#(.).+17.....r...>.. .n.......].r.R..N(..5...$~<..L.a.ay.....5Uf,..\o.`.W....K.-..*.xA1b...T`.*..f...(...!.....].S...y............v..Z.../.U....Z.aif.t....."..g..x1..h.).n....2H...Y.....=......m<..............h.._j.CM4....2%...Sw@.x.rk/.Nr.5z..<zr....z.a;^...1...{1U....'<..._.....L...c...&QKm.SL~..5..9.a.e...L...E..3...F.....i45.h.Bqr5.ubPAZ.......W....v.D.M..<7.r....i.;c>".O:..b8......4J.{.u.#..T.<.......A.....h..<n.Y[B.Sm.8..<\....zu..._2.....Q..s8|.f..6!.vX!...KU_.x^...Rqf..e....._Z.9....0_...T8.k..6..y....... "...O.C..l.(.....1?.R3..63,.0.s......+......:..%l..'k....7...XEe...........Wf....F.$.T....".}t....A.d...[....k8'.OKQ..../.}..X...o.V.c..e.%g:....'.g..Sh.q;`..P.....7.*./.l7._....s..%.v...A......nz>. ..D.c?K...X.pp.8Et..`.. .|.....^.II....

          C:\Users\user\Local Settings\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B7062847BB3579DD2E70C76E95F4A1A2
          SHA1:FAB4E248D561C82CF0EC6D256059DF7AD2F8926F
          SHA-256:64AE7479FD303B12DDC9AC18BA527C2BFB39B1C26D39507C20E88C8036AB22A3
          SHA-512:5F828AD2D9B9F4E20E91A79A85BB53A0820D33617941CEFF37D5C9E48E92707FBB4C5681D57C11CB8053CDC2046FD8D1FCE399BE3E9599918B98359E3FCD04E3
          Malicious:false
          Reputation:unknown
          Preview:regf..](......Z.z..J... ..F..3,..n..57Q..._.f8......s..s.......0....Y...G..(....|_\.Blfj..]..e.V..Ol.3 C..B..&. ..[..uT.E.7.6..Q......'.)..?..f.@ty.x.....47.K......R.g.....8.?...{wB6......t+2Ka........,...m...]..u...W...M..@........_h.....K..n....-.+.|.....FI.L!3.;.....^...E...B.m.@>G[j...;..*.<Q6......(.(...C..xT........["....H.n...l,o.aN..$.8...'..]....V.K..4K...Z...W.w.}..-.......!$.....f.......0I+..z.W.............%....4...=L..^.y...:%.7{..f,vb....e...Dp.2.=...+.&f!zy[....\......3......k%.M.7.s.}.....oL1JW@e.r.J.,y;.j....d.!..f..7.E......>y..\..U.`uF...-..........--..c .9m~..a...S...}.{...^[.f..Q.X....[....f*..S-.IO.(w....#.|..z..J.L..rBO._..W.Z.).a....`.7...1...".C..2.....j..Tw.f.1T.....!U(%.......gl.W..&..t.+.D.Z...._..0Z..!.6w.7.).....^Z.F.5T.^.yRl...>@.K....n.Y.X...x@0....^..:!....4.k1,..jf..Hi.k.@w.B..=.. 2....FsA...].....4.C.*..S.!..6...>..c...._.H/..W_..d..n_....Aca...+.=..bYS.W.\..6.k.......S."G....Y..N.].9l%.Mrqz..2

          C:\Users\user\Local Settings\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:44F7B31CB51DC18716BF61A3A263DA1B
          SHA1:52CBABD625F706C7A1B5DF600EFE2B73A5B3FE9C
          SHA-256:853B86925963955013F9027CDACB3618004D166FD2E4891D92D98A00C9BBF9B6
          SHA-512:3A2BFAC741F2CA91D5EA4BA0A8FAE1DE3945A0B034A02254A410CCD2CE14876E9A88080EA23B21D6560BC421E5552364C6ABFEE2EBB7E527FAA670B0729190B8
          Malicious:false
          Reputation:unknown
          Preview:regf.......L9.-lU.......8t jZ.3.<:b^*v.....c.?..+.....>......b^..].+...A%.)<......o^=....-|.z...vX..1......a...4.4...-..... ....p....y.io..h.m|G6i...}B...OmiJR..J..A.....[.;a.ePtBgP.%.....a.T.Q..q..S..N...,.ezJ..Ux..*.5....m..7|\.{.b...%W(.M.F..a..Pk...w{..L|[....8.,..O.F=..V...l...P{.g82"z2w'...i.1rw..`...t.kas..i^.3V~........P~.n.,..9.B!fa.6...3.=...y.P..+%.c.. l..v./.V....yUA.s..R......Mi.J..Y'..$!...o\A(/.$B..FcU...u....F>i[.e......A.+.....JAFo...B..p.h...=5.@.G.e.W@...i..k...qQY-<.`.+.r....mZ.....$......VUh6.e=w>.N.....g.9.5..._hDfT...%.;`.=.......@.Y.O.cPp.AL..,:..=.R.2r.P..A0....F..c.).T..B..E....i.$.n...`.....z.U.B..?...[..:#.{.Q_6M.V .2.N.j.9..K...7.j.*.^.0...*..[.....A...ER^iTG.N..aH...r...?S.Ou.UU..v.d.V._.X.."..~.....@.}.p..[.QAUD...b.C..V..9.....8B...6......VsM....h.........,f...U...>y8...W....Noh.."..'.>J....pj...\....+...rp`..!..7.w..b()..D...q.._..W..1.".....@t.b...m.X.# .......F$O.k.K.?..To.w".*._.2....S.=..s.9#H..e.Se....?..&.

          C:\Users\user\Local Settings\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.LOG2.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:760978C6EF951EDA8FC3684F0053CCB0
          SHA1:8E75D74579F2C111EBC0AA9040E207CB4439A25C
          SHA-256:83F993D5383FC7DFA2BBFDAE6FE75A27EA249FF0D7C1CAA392E64FFDBDE10D02
          SHA-512:E80D1E5259A80B11F6796FBF59798D280ACF5ADD3CD32E022D0F569566708ECACB456EF91C7F73572FC8166E4BFA3F4C43FD6D2BFAFD9C57CE9BD8874FAD1706
          Malicious:false
          Reputation:unknown
          Preview:regf.....W....$7(jh..0o..o.......4.......d......{._......<."...>...y.R5..,mt.].9d./B..{X"..-.+oNJ..!...Ob.G..C#..@..%`.v..c[.....|.s.*w8g.........Zg.P...m.kB.._..9.Q..?._=9.e1H.t.P4.<Hl..m....5.@P.Y].......~.e...j']..D..4...Z.f_..a...S...r|...Mu.bI.D.Ab....%.KpUG....j)..=.1.N...ty.......W...^[-...Bu....9....}S.tx....%+.!m5.z....K!.....+.ncA.1[.q:....:L......s*..;...6......i@.a.G.,.u./..a.._K$.tv.v/4.2...q9......E]../l...$..1.}...Hr.;..e...P..3..).i...............%....m.8u.9E.$.A..jX...5......B...<q.54.cy..t..0.(.c.......a.h_....m.&.....v.0)......?.p...XA.b.\....o`~..*;E.{a"..W.~.N.......o.......!..F..u.......<0.*...yk.<.=......Qnm..A....<".... .U.....r....w.s...].Y....V....P...$...A.I....v.~F4...5.[.}7.X..l`.......oM..":..).n...'m:.....w..).6..b......W....8...%.ai.wg.O\...PA}....<..|.>.z.9.D...NJ...k.....6.@....r~..T.....sE..Y.[.Jxr.n.4/..nI....9....OD.g...`]_..!o..C..........P....B!R.q....s.Q..n6.!F..w..F.@.Tm...%..}....#K'..0E.).9.%j.|.

          C:\Users\user\Local Settings\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A1E63FAE8102D604DDA3637F46C13FE9
          SHA1:1F3222F5E962A2B26A0EE9FC25BD4967B40888B8
          SHA-256:AE2DAA2BECD185567FCDA2BAF215B8DDCBE2E0519000030E849BD06D9550C02A
          SHA-512:9390AEF6F46E77E20E44F3D32E7FC5E6D4AB4E62FE0B7FF3052F3F41A74B8BCB4DC9BA87C72CA2DAD7597B9BF5F831D8B55BA10B752C4BB3CAF4F6A7A2C7EA85
          Malicious:false
          Reputation:unknown
          Preview:regf.+U.G..t.IR..+,.Si...6..9..R..$V...H...vI{. ._....b_$..7.......G..#....4...f.Y.2Y......7.C..B....X..',..f.=.:.....Q......7......j...6......<..+.;..^1......i%83,..s..p.!E..f....6.-..j...(.Biv>[..<.Y../zGm...U.%.*.H.$a.H......8.B8.N9hb...{..!x....*1.O..H.u.%'(.m........3k.....02...i7D.........8~}...Y..p.l_M.&.K#...............d.q..z.}@....3.....q...D.....T...'G.v.......'..|..hX..?#'R1....+{.RS....).8b...m........=T..R..>=;G..?...Bh.".[.p..iiR.....H...E..vH`..@x....[1.-..L}jT.c7.^.uS...../W.lv..9.d&Qn~.$...{.`..D...)6.Y...)'...K.c.&..b[.w..........^.i..<..P.. .ys/k.IZ;.#..F#..../..N..1G..)m.'a..bM:6.p7...n.O.B..>~...M.OV[rJ.|K'......y.+&.{z.&.u[......N.....wU<8..Fe.+3+..4s.....*x.P.;x.Z.|ug.W.S...&..(!F.6.-Jq.!.R.~.WC".o]-..d..1..n.{...f....^.NiuM..pQH.....&dq......#.D4.u...%........X...0|$.B..i/@....-.....f......u..Bs...6..9..D.....V......I*a8tO.....;T....`...r..].....Y.u.....7Q..V.........b..9q....+.......9. .5...a....sA\

          C:\Users\user\Local Settings\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:EEA93DD538AA73DCE95AD7AE3CB01B1C
          SHA1:1EEEED5485F0CFEF1D19218A298EDE47BB3A41C9
          SHA-256:498D63212EFBCF45210B63CB345B4FA63D42F74D609F22E12CEF4A4D709A519F
          SHA-512:6D166D3A2C957C0757CF528450CF595C21982CAE6D9DDD6B8AFCF255F75B1BF2C7852CB11C0A00C4A0DC454E6598F7DD14497ECA3CAD0F8A464EBF53763A6B8D
          Malicious:false
          Reputation:unknown
          Preview:regf.F[.<JI...q..8...W.....6....V()...D..K{.u..0..G./Q..xR!'UM..Wq~g..O`..Ws......d^?.bY._..K......-C.'\..K .4+..Q...}...y_..?3`d!..2...+R.z.[(..H.R.a?....+G..Z....Fn,..Q3Kye..o.g...=.&$.....K....$T.\.!./O].%.m..:........3Y=....e..##M...\.6...G2.O.....hA..).V.i....S.-Tp.].....9..;..?N.&+.Zu..w.K........F..n...A..y.USh..D...w..[...\..p....J.9...Z..J.....P?T../W..vU...-F.6....",m..).e.=..".1he/....r..}H......I.[..|E.`....Q.`...;.c{L.*'q.....=......vc^C.....^...@..z..yp..g...jtl..k..l).T..=.......!O......4ag.R.*3.....I.i,.@..u.7..\]....Zq*7.....;.w..y...v.!......U..7.........K.!a|v5Jq..q{N6sp.i.....W.c........".[.U$. ?b..6...Q..q..u:f_n...i&..c>...Lw.T.f.x.....0. !bv..`P.u.QL...L.4.".L..;..,m....Q+.Q.v+.EFN.!....LX...jd@.W.8........'^.......e.|B..sl.1.....9Ax=.&.z.........mV.6N......-8.=..eA.D..y?.DSG.....N.4N..C......f..E...|......#....L......i}3..\,.....z.$...`.fEwV.....2.....a..+<...t0...B"...9.#...p;. ....-LjV.A..S.9....K....C.r... ._.

          C:\Users\user\Local Settings\Packages\Microsoft.AsyncTextService_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B0633612908016F994FE00C86BFAED87
          SHA1:3B7155A4A6AEA039F57BBC1994B18236D9C65722
          SHA-256:EB7409991CC5047688495AFAA67DE03C3FFE74C3D0F0274809D0FF88B8FEBB1C
          SHA-512:68A95B59734897C0E601851F0471502D89699F51E29DC686786923007C8D41B3934BA6359F99DFF2887B5D50085CBCA47DA7F582E6C435DC2FA9B8FD69D79BEC
          Malicious:false
          Reputation:unknown
          Preview:regf......x.I,w.X...%........4f.j...1.[C..\N....U~Z..m.....OP..&/96m).Lb2zB...&..2.8..6.:.~.s.E~.X..9'er..\..z~d..p...I. ...~..9A.s..m....O_e.R*...\.BDan....a.2F[...J.g.X......UA.*..>.D_3.*.....w..y.A1.Dm3.,c..........<...(<......0i...?.It...$X...y<..;..9J(..@..#.z...&.N5..j...]`........l7.......`,.X+...VA..[.._.}.L.Y..`_..a...m...=n..w?.V.....N.......a...3.A.;...u..._.p&.....e..R....t.&.9*.O......a.&G0xd.(f..Y.u.;.Q.? v.k.......T.Q60..+.Zc$B.p...|...z...z................v.u0w...N71gfqI. ...9.~...F....H(7......>vw..3..X...8.6..CY.d...@3..'.]...7...Lc..#5.c...f..<(.Y9..7N)....O;e.\>.ErH..j\.^ ...~>.......G...H@.5.5w....i.>....9p.\^.....%.C...h...9x...*....Y...K~....`...CK...]..g<.D.Qy..B.m....Y.p.~.N%c.]L...fqA.'Fx#6q....8....D......%f.<.f.Q....8~..@..w....}....TA.].....1.F.4.f....2/OQD...oPR.9.ld6..W-.T.u..nh....Wd.b.......>@.:.....@....4..G.ne<...NH.......8*..=....4..../....*..3..cgi....h+\...4XL'.>...L.^-b.48.#..~~B......Z...[N.....(9...

          C:\Users\user\Local Settings\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2F0BFFC5B3E04BE7A7AAA3DD512F2C1B
          SHA1:F02B90CA2E669A1B4E63562223ADA2E6080B99D4
          SHA-256:7DD8E891B2C6A03A0A354904648DB6D932FD86D3868A9129CD50459AB360E8E4
          SHA-512:90DF28C0620E57162E4D39459D2B750A457F991160B1FD98805CDE3D04CC6E4F590F833411B53403B814E5D6854327B7F5A4A54A04A57089BD3579397C350189
          Malicious:false
          Reputation:unknown
          Preview:regf..f....r.@...,...*0.-.O..}5.r.......SM.>.b......L.9..o.:../..QS........-...../(.L<........i...;..b).....X.....M...X).II.4.s.H...>.}.....K!K.\....}.]iP.UG^......Z{../..E..)..c...4x\.....@...L)......&j...u..w.+e.,....&....X....j.)m..\.._.l....6..bN.$.A...e...m......RO....a..QT.#m [;..{.......o.(I..e...z..2..8.9..$t....._y..].S...D............n......=.W7Y...nj*i.$.@..:.7.m...6.).?_n.;%..Io..[..........{...g...\.2.5..._..|._z$'<ixL..-......{o.".5I.../...d.I..8gB.^....\)..+........@v.=.A.'.N G....YC....W..{......!.h+.Y.>@&....L....C`u&.....I....DA...Ab...+.....cc.-IW.a...\.,......L.<.....t.....O`*(O3H.L.....3...L.........m..M....?....&4b.{T>.r....}15.*..;V..n.[.v......Bp...B...._.%.L.2...e. .G....._'.@.Wv...U..QY...Q7..l ..K.=...vn....c.x3..n.S5..O..3~_...0;.Ap........A.T.\....A..n...M7..5W./mH..\u<.(?.l.C]....z7....2./...y.\.V......?.....R..Xh..xE.....~..3.&MH....:.0..I.G\.CV l%.x3.%.m.O3jG{S.F.%..g....Wp............+.m..T.Bl".a.

          C:\Users\user\Local Settings\Packages\Microsoft.BingWeather_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9848D9A2535369F21C77439442B847AF
          SHA1:DBC4E211434D4897965B3685F65EDDF07B8760DA
          SHA-256:167700F8FA78EDB4B214E8A888DB4104107DE7A79642E2A421C1A8AB03253F98
          SHA-512:D21908F675AEC6BD76725CEC704A7468BA05B89D98F09D2B325A0BB66156C674F6808BE92AF42839F34F8D75B20392EA66831DD2D123959DD9A9981D91992EE3
          Malicious:false
          Reputation:unknown
          Preview:regf.]....w.....&.j.B.&....g..O...o.].%....,...]0...1..$pN......A-...o..!.`${ZP.VO.....t.........p`...<......30....rRU.. .U.NM.BT..*..}....>z..h.<.j..S.....2....)..a.p.$...a.q.&....._..z.%+F.0!... ....crt.....a......g....q..u...?.h.rI2D9..c.....Pc.... ..S..f.3+3....$..:X2.Nf|j.7....)..%Q.. ...Qt.&.S....?bi..9.WS?.....W&Z..{?&p!o7..+.$.]*.8..)9.q..|`T.+.V...@1d..XE.y..N..5..4.K./E[.h9.h.7_...wuo........0....'.5...(g. ..MH......@......w3.*.d..2...Q.4Rh.v...f.[)(R......).TZ.W...C....}.k\(.t}McV..J8m.x....lZ.eb..W..`..^4!..&....j....$.'@..c.(..{C.M.....^.%~.2$`..8.J..Lq.$.i...\!..."^.KX...Q....$..&..8..o ..2.)L.n.iKU.`..U.........%#..T.....L.3..|...O..g..'.[tG..x.5HN].h..l..Y..}"b..... .J.........?.f......:....h.[...qt....7......u..$.B..........w."K.:t.....E..$...A.H..wh%v.`...c.i.n.T..S@.V.2.=..J.k.5...h^.2...L?.z2>$....d_R.....%&.az.&F.(..ta...\........<....Z.n...!.X..+M<:....I)[..........2M*].+C.Y..[....b.......2V0....UY......

          C:\Users\user\Local Settings\Packages\Microsoft.BioEnrollment_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9DBC604A3A9AD5F66389D635EB12728F
          SHA1:2A6DB1A6C7830B9382DE46C36415E133705B5CE5
          SHA-256:28E23E6D983119649BC2EE29A99C5230DDDFB8EFF6CA78AA899273918E67D501
          SHA-512:9DD4C1723BFA65701227F9CD1D0AFF7B3F1A975B578C95B7B30C67D6A528E614AD36D73A91063AF9D977BDB3CEFCDB5B301E82CA8D3F2EDE081C6B1D32188D54
          Malicious:false
          Reputation:unknown
          Preview:regf..=...d.......D...,...yb....F!.y..r.s...(..@.....^..8....6..p...#.U..5<Ff.....O.y..k...7... .820....3....L...tu..k.S<>.......K........-y.......fC....{SV}^.........H....<. .bR....B.M.....o.:hz.c.1.I.0..0...|C.\...2^z.g...UB*.\.V.RY.b{...D.>L'Yd.w..|........u....9f..... .....F.c,.... G...+..a.'.0o...<.GUL...K...7.C2../.T.{jpa...O.(.>jGz......;...@....G.......v...O._.'..<..K. .k'Zp.Sq.nM..q....".4.......Q..!T.&3.....H).>."..[......tx....<).@.Jk..x.Ob.r....iMX..c$.s.......d.\.Z...oh.gI....u.....ti*....%.S......_..U8..9....yU......}.g...?.7...*-/3......!..c..'......8.g.B-.`O.:.*.#d.M..`DY......w.......9..&..W.%0. O....J+....F...Q..7.......a....)..Pz...........`.....T%......3 ...*....r...j.OJG.~.+M.:...}\d`..]..........yb...#...b.,.Z}p..#5\...s.......G(s...V........t.'.....G..VJk....|.......4 ..#...Z....#^.....S.*...4v.Qt.8.T.DH4;o"..\|eCm.Qk..M..GE3z....v.K....|.e).....ri.D..)O.R...|.......";...;.n.Z.Q.3..I(.n.d.g{....{./..`*.'S

          C:\Users\user\Local Settings\Packages\Microsoft.CredDialogHost_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2D8FF6AA6D3D4A9AF7B0849386C14324
          SHA1:E19C91F84B256A3A76EEED7D7D448A04E2BD2607
          SHA-256:58ED5053F162E9C405D1C26B690C660884D20E67D31C3DFC164CBAA053BB2063
          SHA-512:E3E88C25D0E481B45DB461137F40532E341DCA70D92EF179834797EDA57A3622C435871E04DE4AA5D7D775E92F68EBEFF15180DDA060BC89D81ABBD8348F6A36
          Malicious:false
          Reputation:unknown
          Preview:regf....P....U......M...;..<.....L......B.).T.}..6)...ia.U..wz.6<.D0.r..t..D...+....y.<.($'.y..........i.i8.Y@. ...W'....ac.6a...A;B....,...D.q.q...........E.z.J...".g|...'...L;.e.>5..[.|.....s00.k..Lr.. .......f. w....%..X..? m..V.&.n....... .4.OKqB....t.....0...^.OD....v.k..0.HxVzNV7.Mp.....u8..)..m.D..p.b.}.G.y.<.`..2.y.....v..E.>B@.8.3Li.W..e.2y.C.{.!.b...[.(...I.......i*...@N.#.a...Af.W.( .pv..C5...J.o..}..Qt.1.:.o..p..Um...j&...V...|9.....eh..Xr.I.I'&.9(...F{......b;...tJ.....$.=.i./.2....bI._.5#............gD..!..!_.r..q.l..Gq.v[..f.Y ........%...\....mQ`>.1....Ta7~.V..3.h..q.2.M=.0..3.Q\.q.tm.|*.#[..R;.,......_.%.~..z2?.F.V+...b...4.tp[...f#.{.....O.......sAo....$...f...B..-.!x.6dyB.l.:a.....)k..u.?~.......%X.4....L~.Fi...b..(<.......QK..X<.........z.....u.e 1J..t...,.h...H|..j}a....[.5..X.2.J.h...k.......K.T.".v..}.......v....H...m.%|r#{.kC...MD..g..2...(..}...K.1...G...V..2...'.....{..d.>:q;.r.?.)..{S2.j...qg9.kf|4..`.......J;h

          C:\Users\user\Local Settings\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:52999F1F0E33E2FC3C0C81D4B03CE343
          SHA1:3C43B349D866D4F8C72EC5C783728E6AFAB54C49
          SHA-256:907BBB6366FC4B709053C8D2847F0E333FBBB13E8CBD1C28BBBF861CB99A735C
          SHA-512:1EFBB072B62DE98CC1E0FC1C9B0935AD9B4E57CC1897E1AE9955F3CD20410E34CF5D5E60D514DF78209132FF56133D0CAAA073CCB1DFF9E9F14DB20B842BDC93
          Malicious:false
          Reputation:unknown
          Preview:regf.......V.q........d..y^.|F...n(..21.@..X...8....?..y..^..............\.8"....w...S...N.!W.|p....3.....6.\..T......H...~.^..!0...N(..l.=c.g..-....].N...A_".E...+.#.&..>..~.Wx..Xy.nu.N.q...4...d)k...#.w.../m..r..1i7..zli.{)B.....MpV<...{...p...=3..MJ..:Ka$*.J.f\..H7.M....U...f^..>O1.....'o?J.........q%vL..K.=....1....y..</.rq..y*]......n.Z...:.^.`.Ds.z1..X.uF....|{S.....B;..Q...MHG\...`..Y.q..+...>L.F.%k.+0.....e...Z<.._V.v@%luq.F..ny?L.. ^..N.g?Ih./.X....?...C.M..:..H6..T.9..!.....]f.K....:.X.E..2.?..oN...L..).A6.</...ak.s..r.o.....^b..R}....X...m..]oW......)..Xk.....0.b..P..a t.... e...b.M..g2Y......&f^.%.'..0.;cc.G..Z_.$..O&B.P...V|...d.......l.E[...>g.......q.q0..l.re..e.VV....g...]WwYjo..\-.<I...F.a.8Y..E...3.O.....x.P.O|.S.r....9.|...(....l.}.N>.xKHg..j..+.|f....&.N..N..\.%....'...MB....*..g.b.L.;8.c8Z.Sy....%...*v..([o.eY.. .F..p.|.?..V1%U.+r......r..2J..af...m..R*01A.i)........n...#....v..Y..m..O.g...Uu.y.b%.Y+..I..6.T........;.Fs!

          C:\Users\user\Local Settings\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F882580ED518EAF183F8681A236C808F
          SHA1:F8E9B5B678A1CF911DEBF99FAF6C32A7A644F9CF
          SHA-256:9A54D109E5B5A82DD3522C6725CDAB8E5E07B9BBB27562CDA4027EAFB2A57C05
          SHA-512:80A52DFDCE24D2A21127B7CB0987DBF06DF3EADD4F4D5E4943239F2EA95E0D22D883A0738BE6AC4B64BA5B9B830265C7FBF377B8E0BDDA48AF397C9FA62E1686
          Malicious:false
          Reputation:unknown
          Preview:regf....F..>..=.s1....~9...]... ....F.w..........}l......%..{.0H22.`.7@o.z3....y.....|.r^..L.)..H.........kf.V.. .&..3.v..2.<H.......y...'1..b.#..d.F..X....:..l.<..0...@me.yP"........S..-..lW.d.../2>.9...?9....r....6...)UD."X..l....D/...zS....1I....-..AY.*.....Vk.. h...Ci0{.."..^.e...&......g..*BU...m..:...y."I...>..*.....8!...-.V[.a.MC.JAD.G..."k.9<.Z..+S.ToN..5..e)..1...M.O..]A..[0XP...6B.o..#..*-M....4U5....&......*.3`...w...+J.J-.....?~.8.AS.....dW*....Z..b.y:E..F..I..D..T....x....vi]=...:9]O...5..nI.....]|.Udm..e@..F._...JG/....7U....}.a.....M...\....C5~.."..s..7.]b#..tXV.z....=8\...mC2...._.C..'...y..T.o_..Fy..+.[....b....v....."........l..b.>x-.;."...k..~V..+:u.....gf..P.WIF".-..L.]t.N..U....k.7..Ye<B4.K..c......I.%. ..cZa.Ox....dG>..Wv.J..e.Qv.,..Jqa.":..p.:..'.odX.......Egmn..<~L.u..../.57U.D......RE. ...p......Z......@..>{]....B...eh...m.....XC;.jO....1..-.o..A.C..bi.F...!.L...C....R..PU..Xx.E.2wm.*..sF...r%7.......

          C:\Users\user\Local Settings\Packages\Microsoft.ECApp_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1F48F3C90B25641BBC44D01E72ECA245
          SHA1:92083EC2BCD9D1E8DC836F3E56F4954964898E54
          SHA-256:CE72739D7375B3E4C8D91D9D467E4C6503AA1D93AB2F60CB0CE95ADD1F4244A9
          SHA-512:AD29AEA6587109954321BDAA7A48C7133A11B900DE9459E553AAE5B9D04430D5D7267771D3F61C0DC09CA087FEF61C1CD74AE296ED93F7AC9DE6708F52E9EDE0
          Malicious:false
          Reputation:unknown
          Preview:regf...^A...U...D>V.."5.~.5..8-.......0.....%.I?..}Ej..R(:>J =.Xr..?..9Q@.K.91..GBd. ./...K.y..V.....:.....t..L.'G(9.{5.P...Xf.l......7..|..3..i....{DJ.'..7+....%.).W]..o.d...I<...J.y...;.)-"....vh....^n...43E...".w...I.S.=H[...w!(...4...]x....W.!.K.zp.....BRkc.\.E?...8t._.T5Z....4{+-..P:..^..{..S.x.8.g$....\.?....."h.dW...Y....lK..N.......d..'.....]D=.'q.B.J` ...k...'./..q.m..^.L+.P$.".w.qi...~.....;.c....P...U..bnS..?jzG....J..p....d:vL.q[...?..F./.....q...MaX.;3K...Y........2..5<).....X.....m...s.1....U..Sd5-ED.:S..F...,$.@.|.^....n.............7|M.C.9..%./...#A.Y0..}.W1.{i$.c}.......8..J.I.z.)Ro....F............}...b V.X.......Tt.J..ia.0..&...*f..D.-".....Kp?A*..Q..M.C....w[b...a.-..S..H....Y=.$$.H9t..Y..{,..k.t...sa./.4.bv.a..#a..9.m.r....d.v....3.\#.`.<...d.....-....tS..r..0.....m/..yZi.zM|&.2D.u..c|?....x2...-.E.X...S.G...f.e........W,..W.5...ae.1.}]..._..#r.w(...O.o......Y.PO....fb..5..u.2>.`..1h.A+.'..f>......z#.....

          C:\Users\user\Local Settings\Packages\Microsoft.GetHelp_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D65607609A2807966160CCD1348203B4
          SHA1:F3CA4DE61C70F7B075CAD2668CC392BD65B0BCF3
          SHA-256:A9CC304127C0D69829E9882282D0C5A312A575D2E8F327BA54E57054CB58DEB0
          SHA-512:3DA3A13EC4874BDD4CD1CC97D4F38F5942219D7E39546EE5C6A54856C9FA54FD1B79F09299A4461BD637A771807F3C69633D19EC3EA4684A505DA250572D3206
          Malicious:false
          Reputation:unknown
          Preview:regf..2.1^.b....z.8.(...".....1.a.j/.f..*...H....z......V..~il1....}Qz8........]i..8..l0I...T{X..K...,b..x..P...h...R..S..N.C.+.\(......#....{..*..X.{.^z....m.....aL..RU...W.[X..J.0...x}..1...E..LM.?Mq...".cl..,..$s....h^'.@.q..s..0...\..C..[_.G...y.k......|...X;.. ... .....J....hG..4....#.9.....=0.mXy.<.{.^..`~..ww.YLL...i...L.w".BZi.fq)..`m.&....tJ.1f...K..*..m....N..A..;......e.QC.u..p=....}....f.E.......8.z.............f..].-z..>.s.Jt<...B.W/2.A]...-..!:.J"...)..I..Q....>....C.Xy/.g.*z...4..k6..{...&..\..|8...b...LQ...U?g.Y..c..}cO.@.u.L.....|t.@..D#....5..i|.Iq..[....+:.4.....%3..+.8:..9...)..;].Q....D.....Yg.jU...U.........[..._........".>.%..6...J.q......U.tN...>F...}........d.d.z....C.j..&.......R.Z.$...*.[{.........*.8.A#/.N...7r.pQ.#x.''*.u.L.B....}.Dk7....$..u..l`..^`..[...Y...@C....D...K...3r....c...,s.t.s...[...w.@...-....<...a|...l...o..O..<...@8..7..k.eU.tz..: .gx....M..[...BR...'....... .K...0..#dJ.9./..fR....Ug.U

          C:\Users\user\Local Settings\Packages\Microsoft.Getstarted_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4DB694E5C286F96B9F68C8F74B838989
          SHA1:2904DB79FCE385DC8388EFEF9AB194A802791D1D
          SHA-256:E36A0AFB1C3F16CB99BBC6E314D4AC9411D76B9A3B1B14F1A10404089C0C7F20
          SHA-512:C770D9D2ED89B27C24B6344603D81DDAC47FF82D0F627DFC84607ABF824161AF1DC08778A19242EFAFB1D459C362D2820563B0CB818A961883E727078DE25633
          Malicious:false
          Reputation:unknown
          Preview:regf..%........e.....+..pj.Y...\.\ ..sLU=h.6.r>..J.....0.zG.1....o\..[.......SDj..c../q.2.@.....m...p5..).Y...+d...G...0H/... ..../.......G"C..@.....@<<.6td.QXf@..:...>....."...*....r.e....D.).#.....\.a..e.....E.]..?....T......Mt...+.....>.....]..'i3....r%.H.Nx.7..Jc.5.+..IxULG{..Y.".BD8A>...Q.I.#..b..G..Y .....s..:...X.l...P.....j@. ....=....q|ED..:o ..uV.....*..c.G...ok.9.P>..\.ZqEG......g........C.Y..^...^....q..w...V.I`.".%....?.X..&3..w..-t.>..T..4...|e.O...fx.TE!..<....z..P.`.~lQ.?].|.c..k ...k..B...@.?.;..]...'fO..0Y.... .&c...S..m.l1..*.......1&....B..q?.6.2w.....x....5.}.]!F.k#..D...i.Q..O.;cOJ...jA...r...W..F~Fjucs......3......VDt....qlv......y../........y1.Q...*.....'...-....4.u....7Y......^^?Elo....4jQQ.x .G..0.hjc.......K...j.........?....l...;.6....#j.|L...Z.?.3xdX$.].....)........Oi...W.3Cn.....PGR].o..U./vgC..ld]...j.<.....D.../G.....6d@.].CG.y....P.?.c....J..I9.K..j..f.[. .k6n..(...i.6h..e:..V......W$8....K...6.

          C:\Users\user\Local Settings\Packages\Microsoft.HEIFImageExtension_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C24AD474D65006FEE6F142443EE6D8E5
          SHA1:BBECE8212337C564417ABF236FD449C7C33058F2
          SHA-256:C50B1CC02612BFCCE0C38B7AE030C37FFB3C4AD9CEBDE113B6FDE45C0A3FB35A
          SHA-512:98A25264E2A1F1CFD71685C611CBDF7F95F393D09E75FC64417E8DBFBD00326C69774D691261BE5DAF2BD671FCB8C7363BDDAF7C6EA29B16AC1BCC87A5F7EB03
          Malicious:false
          Reputation:unknown
          Preview:regf.....:DT......."....w=....K;<.Z.F`.z.Do....GD.gT.bwWB...P.b.|5y.dG..%...g.....n....(G...&....O..?....Q0..5.uXN....Da...,.+.4Jt=.2....~..r.!ji.....k......C....`...2.20...H 6....{......RzM.O.........S..CC<..3^....jv...HQA..&.'.N_../Q....v.'.A.......n6.x...u..Rd._V.../..w.].Q].o...'.?#Q^.?..&f..r...b.[.|8..Av..!.7..Q..g..4.-lzQj...m..3...%-.......o......./.g7?..ulj..k..c.5N.;,..^.....(`V.TA....."BJj....~.4...d#.%.O...7#y.....^z...?F.....\p.rY.eCJ$p.a."bz1P.|#K....YV....q..~7....1..+.=..T...G..~.3V.c...1..k..q.1.SQV........L:...b.h.b}Q..]F:......]..z.S.gVT..N.=.g...w.!Q.N....>$_p...d..>..@....'x.;..,.*.b..7.4.^OE.h...9.B..%..t...'.z...F5....!C.>....M#.......k....h..A{3t"3.y.^..0.(_..0..M....+g...V.M..,.+&/.Ur..Fh....s.(.......12....."..n.Nzj\k./.5d.9$.u./...L....(I..h_...TG....f8........O.hO..E.n....?[%...D.......@."3@>.3...).j.K4..@.==VE.....=."A s....]KT....j:?7.r..j.g....y.'....~......N.....h......?.4.b+...H1p..T*..S..$.R"

          C:\Users\user\Local Settings\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1CF6DA8F9D35DB6868D7B2EFD03BB1C8
          SHA1:C5D3F2C30479D52501AA5253DDD13CA24D6EB75E
          SHA-256:83DF36951D8B8DB6E6BE2AE6E54CD8447F7DAB9C85DA50B675B9A4A51B23BA30
          SHA-512:7AB20155866DCD6E7979F9AB6DCE78EDE9788DC26E187C793609434238A1B4D3038F093262101CA4D06EE63060C8134AE3DAC37D106687C499C817EC89630B99
          Malicious:false
          Reputation:unknown
          Preview:regf......F...:[d..T.X%>....W..*..)......6.M..Z..J.V..{M.'..?*.$xl..F..*.[..p..(.....=..R.}...K.H.r..u...w.._.z3..v...a..qu...v..F...Y.?.h7.lra.....m.z.7...sF'%.........Xg~z...t.&...c.........^j }.,.s.1Dm..2D..N.Vr.w......%v..0.iL._EE........."..E.'.......K...p.....|T..c....szqD.4./8...^..c....2EM.s.......b$.....@.i.... ;.....]..V......cFT.....,j..&...(.Yz&.Q..,,.u>._m.l..5?C.....1$U......>...*..e\{..YK.o....,:.....8.....#d......j.\.4M.._!.G.i.C...._&D.{.T.f..{..)..$6....].....-.Z*.@.....i......:m.......+...sM]..S.!....#.<...Mju.~O...[....eV.....-...'....O"......w6.|..2C'F.n..+..^...j&D..fs......=.R.d....)@..X....<.,...8..5..C.P..x......|....@*T..kMa.......t...bY\4.........sF.nB..*Z...A..>.98........uK....U'/.0C..."me...C...4j<P.LT.R.hx[.k\.....h....DB.c.0.....l......4...^rr...!..W...t.xr...k9C...\.[..#...Y.|1Q.?#..k...'|]...1.M.u.....Z...G.P.3z$.J.....Jv........b..N.........;.U...i0h...\...s.#.r....?X.xQn3K.o..x{x]..$......".

          C:\Users\user\Local Settings\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8552613EA2104A0FC26B473897398FA8
          SHA1:AC96DF7B5F7D466A35EDB1CBF14EF143DA4AA471
          SHA-256:855B16A0661C43ED3190828AB2A0FD5CBBE5C897A9F9F80FDEA3711A56074E08
          SHA-512:09D1842D489C299914662EE864B4E75E957CA6140C91E62AFF60FF18355B96ABE3CD0049343B8914D40E402F152961ADA84F21C912EE6D5C383C1F0A63AAB4CC
          Malicious:false
          Reputation:unknown
          Preview:regf.i.. .."`.}...L..\.n9/....1....`.)....~r...q..@XX......8...-.c.~....7..]Q.#....>W.(..O...i..o(gp[.|N.5A.\.{o.0.........?S..0...R`.t[.l?..6#.....=.nNw..T.j..=......E.......$.k.@K....kwV.g.JNO..f....e.J^.. 7..?*..e.C...>.4...}cF.,).k3`/..V|...%...k....x#.+.x0.Yc.*T..u..;+.=N...F..2X.....A..Zn.......E#.............C.Ngl...... ...14..L....n\GY.W+]X.+8..:p..qG.n..3x...N......B...0.....+_.....z.K.m....7.B..A.q..4!...!a}.M..e6....q.|.U...7......h..O....qP.q..aZ..6uu.l.m....l.S...F~N..M6[.&+..{.v#..`%K...o#)......X.u....C.....$S.T.P...T.@..F8....[H..0D.............S....I.w.j.la^7../..k.%.12...}0r.2.5.Ik/..f...V#D@.`.G;*..a....p..@fE.I...w....\f..3...p.T..|G.x./x..i......_8a...`....G...g...wi.*..w.h...YQV.......2X.f....4&.C.j4....avE..y...g.9...]....J.<.v.W.a{...7..<O^..|.q......r$......N..T..H...WYcg.<*.NS#.h.Z5.....S.O2.....5;?'.!3..uN...w.....(..0..b............&.<.L.........<....f<......BA.x..k..[?..OlN.7...+.{(.eGD.z.l.....0bQ....Z..

          C:\Users\user\Local Settings\Packages\Microsoft.Microsoft3DViewer_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A78BAC502F748888D4D4561395C26AAF
          SHA1:16093058719BAEB5FFD439156AD8359837794BF3
          SHA-256:A01B6969B98AC67CEF7ACA083AB3EBD8922443019491868DE0F172B05736B68D
          SHA-512:2E3959C6113141F62F1F0E23AD5E82D26F21D2B7763000CAF6B36EB57E86C183275B1C12EA3CE67C3FC419CFABC06927138CC5762699FE0470D8A55EE17C1262
          Malicious:false
          Reputation:unknown
          Preview:regf..7...I.g.eX..)06...>...r..yz...)....$........{S.Cs/Z.M.z.}....~7....B..O.*\.8+>@.x%......e=tR...5q}..{.<t..m....z...t{'.y.-..U."B..l*.9..b....54..l..).SGM0@.B..yS.....Yt.._....."j.....r<.......y.H`6{b.\l.._KOe....6..d./]hqa..g%A@.7=db..p....C....FoQ'+..88.....9.....GU.".iId.....I.q95k..z.%p.G..69/...A...'.!..F.......r.W...Y.../.nCG..*....F.K.... {.....r.I...%+...R3w.<..m..........u........$..xj4..u.(...)j.W.d3........i.....]C0..2L.Q.w.....^~.:\....\....#.isE*.l2.|a...k.......;.S..,......Q..L.."...z..C..J.?.....%P.rF...1....].s...f.=1...].?M.......B.).>Xa......B...u?.$/;.!...Ai..I..c.....7x.,..h..b.Az[..*.)L..t.X..K...K|....?|..I.Q...r.>,I...Jb......7B.)..)d.>(..}.f..3..hl,..k#._...m.;.W.?.Hk.0... ].QqN].m.4......x.+^...dc"F....y./.._.k....'mX.....b...c...dD..jfW...g.......e....!..3.t._.U..8.H..|.g...%/..;2.0.6r...xLH.*y::+..y..oSI;..3T.........8J+i.D!..j..v....er...b+....M...\k.....?.)~9....%..H..@S......S.H.g..X.

          C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:579683979861B7853476AF2F27F24101
          SHA1:7B213B409A80AC7BE002E7EAC91758C951925AEC
          SHA-256:6D9366E9E874B51C334C193735F3D47280620DC7F904761BA9CA60CA18589349
          SHA-512:5ABADB32B2B76CCC6621D9B20EA2F4C6366EEF9C9D425897758A7160BCD223B5F5B157881D42A24BCAF7D7B501E18C7656EC1FE1B3DCFACEBD10CDEAAB7377A3
          Malicious:false
          Reputation:unknown
          Preview:regf.K.>...TH..L.v..@.s|../..W..X..g...c..=....=..4.._. .h.....z.n.B.Ky......3.E"......q.P..]...).Y.\.3.,V.5.Y...{....{.$..qk.:..z..9D..i..........H.k......r.z(+.r./....E.X.e4$.3....m^...L0p..<.PL....>T.Z ]5r..^.4<'..1E.q..F..r.)It.u.x[.6.n...x3$............1......!.p`>..f...Z\..|..p.O.!|....).G.|...r........+[..ty..X2O^.x..TB..ZH]{.H..:.I....bw..mSn...B3..7.|.%M.......QC-{.r..$5..|....F.+q...D.Q..I.F..XJ.[.-..[..i..I@/.....ubD.?{.G.aV..N..L.......|0.qX..u16....pG...t.....%.Mv....T3p...@..........+G=<..%."5Xf....[.-ZX.*.2.S..... .....K..`....-..d.......K.j.}H.';.U.'...z...%..w3.d&.5.l..R.I'..l0..,P.s7..e_..Bu!Y$v...*..T.c v.Y..j"..%....eC..eb.....L@?.....t...v...<..L..)..yQ..D/..*.<eK.h..T.mY.....3Y]..3.k......6<Y.....-.=J......A....jJrK.........9...t/.@.=.S.0.x.....Xk.R^.../.y.S..u...a.jO..P...g...N.....+_.D..#...=.F.I..../..O....N..EX..`..)9.j...?.y.."\~ ...7.$..)..6.!5....i..C._..7...h....F....1T]+W..|%.>.....RM..ud.g0./....*..b

          C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8176F586158AA9CDFC8C8E0ACC753312
          SHA1:AE5AE2680D5256DA6033372783D3AFEB48630AC4
          SHA-256:3FE4537E289EF2FEECD920253A6BF5C93FF8FBCC831B6EAFE27CFFDCA7434F3A
          SHA-512:59413498FBBE52D0FEB6892064DB7E9AD057C653ACEAD40FC7F952868A4E4FC448E689499A99DF5DAF8158BD0416DE7E676D79E9C2DF6596894A733D1C9E3CF6
          Malicious:false
          Reputation:unknown
          Preview:regf.(..b.....m|..H.......(6 &^.g...WL...t.hCM..^...x%..\..Q*...J2`..GXE.e\'E..........+..jZ.....w[B.........F...i.-/.r]1.i......mu.....z...S.^.;..S..|3..0%..K....d.....~gW..w.un...........2i....k...>...u.VCgy% .j..6.~...ft....q.'.....X......3...t<&..rjVUp_M....)....E*"..k...b`4.|..p....m.O..Z.~.4.8o..u...G...*.lU.=.A.#.#D...J.,.O.....)'s<.e..B......,...s.X..6.....l....F.<.A.R#..{.I/Hb........q.....n...@. .DX?6t8qP...E..a.a... .D...asA.O.{.R.{..Z?.Y..>...-;.=....Tm.N..i;.L......u...)._..Y/....5.,Z..b_...~.|Z.._....K.7$..I.rj1....!^.......BJy..#'...UMp.....Lj......M.$..=...h.a?$..N..'7.9.. uRsCT.X&.\.>..=...."d....0.p......j.;...KX.^..O..B...OI.Qx.:..e..'..{`..y*|F}...u..L........S...4.@.k.l..t.......5...}.v={..e.X>..,e....7[..#/5.8..O5{TM..dP.....>".>{RpF....e....5...[I$... ..|.F2K.+.....q.d.\.7......w..t...T.:R......e1....v...&........l.FF.....Ok.@6....v....h._....gaOg....W|.4.f.........2..\~...I.....Q3lvi..t.O...8H../.+n7...I@.... .$./...G

          C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\LocalState\ThirdPartyNotice.html.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:54364435A1D28E4EAD278455EDACEC31
          SHA1:E1461C22DCD2F81B2689F8BDF60ACEB413DB6B15
          SHA-256:DD88A5505333616FA505B86BFE366A66A42C69FCE589607E481E4B5B20DFF47B
          SHA-512:91560AD8F960CA734416852F8BA3175EEA35031F7D8B53B8DBBD2BCC3316A0C889705717E199B339FAF3C5C839262AF8EF4D4FAB5BBF2551A75FDA9E410389C1
          Malicious:false
          Reputation:unknown
          Preview:<!doc....S......`..:K.Ae....h.d.v9..o......GX.).s5."..A.K. .?n..9...v.<....!...vP.p..w.9.~....y.Wh.....D...k...S.........K>..[s.CSfD..W....:.U.B...=."..5W]..'.<;.(..0...ju.l.GF......Z.[.',[lj.......:..$_..!3.x.nx..0.........X.B.8E.TGr...p...C..#n.&3..#....a......h.+.f..H*e.d3....i.*.dj.-7ljjq...#...gBmL..iw6....._.k..)....@/X.t/*L.E...lQ....1.../)......2.W...]9.......+D.....EGY.0e....j ..r....&rh..'....@^;..v-.._.'...)c..o...j.......W..BF....I...I.....o.'....TxUu..I......go.FAO.......;`.sM,.~..dT........ ......|..3.](...3U[.*..h..Fd|..x.....}..!z....._.MY&/....:..#[.=....:.u.c.4....1D.....=.T_.].m...a>..u..Q8.. w'....cI...!.*E.....Q:..9..Y.}......]Z}.h...2...:...E9;]F......AQP..&1.v.F.y..:....l.;Z..........0#..9*.........l.x.B.U.........y..\&..P.j..;".s..b..T}.w.+.S.....G.t..'w.*..hNW$.........w.<{ER..a......Ur.>w.9....}.._.8....3.=.Q..K.%</nRE.`)0Q.2..7G..-f.....a.K....=1.6.e...u!.sCf.@$#.CauC.m...<..m_t.;.d6.o...iIQU+..X

          C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3809B770995A207F5CE10DA04A4AA75F
          SHA1:EF8A3C01C358047093D530CD5C154824BA769C2F
          SHA-256:F250A1E7F23722D069E7544714E7BB48758B14E3EC5D28C8F50BFD7962BDB43C
          SHA-512:45738CA7CE8FC135AD78192E7EE3EF80ABBB1A8E96AC8F1E80DDC06ABE25DCE74E6F4D66A62BB2879447858316F7B4F4F66B1E7D7282EF024FAB8AC44BBA5E68
          Malicious:false
          Reputation:unknown
          Preview:regf.a)..d.:+\.q.....7).;j1...HN~..z.PLt.'.'...y.......P.F...X.......@.W.j.u.... `.]$?3r...p.....Q.NLE....B........*xeA.]Pcmd.}9@.{......H.*...R..j(......M...e..=..'..b..jt..|.....B.R.h76.*G.N4.....l.....V..t..Kfd.?..`Q.r..DY.Uc>{Ng.&.i.z...u...Z..`..r>j....}...D;`d..j.9N$3M`_9.....}..t.....|r.../:.!.'.2WvA....t..."...F.<yP....2.1Jta`.......#...........I;..d...128.4...:..M%.t..M.2.:.8..Y.c.G..c.<o.^qP...QA.'....K.bM.OyEr.....a...D..@.D.kzg.,...g..#..+X,.X9.........x4..k.....b.....sC..=...^........l|Z.R....:%..>BAN..X.XBf...G..L..j....\.d..m..:..P8D...^.....-.F....K...C.'...]d.b....h.L....-.Y.+.K..V.q..:..|.e"........3T%../...........f~T.......D..C...g#Y.q".8.c..T+&j.@..2.._..T..0[.S.R.G..)...pO...].ClJ.J.n.`.%.j.k.)t=..n..'b.L....%=.....A....#....B.....j-}=!.2.....]>.D.e......i..7Su......q...1v.c.u.e.U..z...,B....9....(.m.......S.uY.......%vV...o,j0e.6....;t........fu0..edJ..1(.7.m..G...(...{....8....8.Y....lzV..s.+i..-...p...1.D.t....Y..

          C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DD85C6B8CE207F5EBF541059A7C41EA4
          SHA1:36FB7C485CFF6F8ED0E1CF93F09F5D7DB0CC9536
          SHA-256:382FB41A8F99B6EA76C2217B08259645C2A75BB4B831E2729F3AC63584E5F1FC
          SHA-512:7D0113B703D05B583F77782296CE7CAE5FE3D1E2AA3A89E34A2E2B742CA7FC8F043EAFD50817CC8EDC7417BA6E15CE3FA0F183A9759C99DD95F591170E3D4F1D
          Malicious:false
          Reputation:unknown
          Preview:regf.....E)f.a....CK..G.v.f..O.i..W...f......vt.....P..>........%>..mH. ,J\.5.m..B...,.".....(P&....?2.....O~......;..:.....z..J.t...nK..h(%q...tF.*g.cyE.^.$....]..I.J..6)..}.E..4Dw.?'.q...*v).Z..d<...sE...Q.#......y.<.Y.m.|...j..#K...M.d...H.\.*DUD..7ur.a.b.jQSm...l..p..o2.!.#p.=10.../)}}..%.M.v..&5...6.T.M$..Q.8j.............wcl(S.....j@......~"..S.7...k..%.#...P....f.y{.GTZ.](...*....MR...8.{'f...a.......(...qe.......L).:...(.O.`=..[..Y.....e).;.<=..g...=_...v7....x.`9x7...s..a.n..!B...+.>E[..1.7.......Va..c....B[..[lM...$X...c7X...V....p.M........1Pc+.1....b...{...Y......V.NS....x..xJ\...._8...(....DA.`.)VAj....l..P..~yE.v4..~k..!t..IK.@.-6Y.y5..(8.......Ao..+..}..8*.....$:Fs...[g...bxf..o..;...0}.....*.M...v.E..*f@.H..E+.#..o#Y...k.5..D.. ...C..Nx...N7.fK.e..)h....g_vv.;|..:y43$..+D.\+X.n.F..=7....b..lV-@..SD.Mx.}.>u.VY...1@z...c...Z/..I..z....E7....5'...2(g3..C:.....uq.3.~!.)j..x..9.....zf...;..M...d...4.z.j!.eA......R........

          C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7C282D69EF3AAA7CD75184DB99B98AC5
          SHA1:F0BF503565EC6C746AD0CB2F5B0CF40A8CDE35F0
          SHA-256:0296B65CF7882E5A4F592A8B91EB3A33B08AA5B0ECAACA61FF442E42E1F22FC3
          SHA-512:ADE01E909C6258D2B3B12A699CDE4AE26BF524CC0C21DA864BCED0CEDFCBE0CB8536D6C913DC5E26772CED8F9B832E063C7FFECEF9443623AF9CB45103BCD0E5
          Malicious:false
          Reputation:unknown
          Preview:regf..Q..H.N..}.x.RzWa:..Z..5.Td.D].=.3. ..4Z.....1..H,....m.A.;@..5.....9...b.......b.<.~(....I..i...XM..f..|...N7.....D......d......x..Y1...m.z.X.*.i~.x..;..u..H.Z...xLIqX4.F.B-..p........ .(.A......4.....E.uc...-.._..-....9....(#.q.....q[.>.7......D4O.[..P......M*.......k....s.G.z.*.5Q.b.j.....e.Y..%.....M...C..J%..I.H.[..t%]..h.G.....5.. ...0ag-.;.i.._.dQ..qg...z.A.B.ACuO..:I...e...:IQ.......2...C...I!]}58x....K....o...j..Je.2B@.fW.f.k....9...E*8.....3.....T...,!#.G..<.1.a.Y.%j....Sl.o....,x..A.k....`_......@...s......u..3..]..c..o|.l.yP...CI<$.KNNd....F;a.'o..uC..}.Uh.LWl.d.F....r...!.......x}c.p.*.>).......G...7....S..l3.3.g..j.u..../-P......k4..i..Bs,e.*E<khy.>vW.D.Wb.qR..,hoF.@mpt....q.x......I]...f.6-.t.s..H."......;<'S..m.A......G!..~7...L.M.<:...f..../.3..>..I.@.....y.....liD..........L..9...Dlnz..,K.....w.?.&O.`.|........W..%.,.Z/..-.N.G...u....:.[s..>........E...'......dq.....b.....b.Tc=.-NP.0m....#..8...-Y&|.........p..

          C:\Users\user\Local Settings\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1C17EF8488A4B8AA1D6EA0781F9A9FED
          SHA1:9F19FBC6186E9E669F3D66CAD124CF6120AD5768
          SHA-256:99A8D3864FBAE2DA5D62B5C72E529A3F82AC7190604B7D168AD14640FE12467C
          SHA-512:57DDC76C2D7B332684E1B821375DA2F3607BDEE8D78B93E10ECB6112AC55078730256D0ECEFE9EED3CA2254F6D372D289E97DE4D5C7D752471193639B66DA730
          Malicious:false
          Reputation:unknown
          Preview:regf......F..*.j......4.y$.....cJ.......bhC........z.a.'.z.......K..ns.o8..=...{...=d...0.D....E......./reS..DZ.`0..p.T)..L.J"5...y.d...._....}{....@I.A...i.X.)f. .c....."..8.tfh....8.....#`.U..?.r..UZ.>.#.(i.."r....F.......$...c..........fy..xp..j#....).?...8..L...u2...F=.U1..+./..Z..V$u....Sj............5. ....E:L...K.a@..........u....=3K..r.~C&;E..1$.6..!..:Y..9..l...&.C..&u....b.]..j.e..x..8..v.+.jr..cg.d.}G.../....g...Fl,.t.%...R.....]..c.=c..+..f3/.....{+..&...s..S9.....8...m..|.&>.....y;*G...G.=..@.lh...dL;.4Y..*AU.{..X.%.:...E.y.....t`)......P..D.\B.}.'.ocW..:.t.|..-@._g..~.A=)'....e".-.M....D..".O....I.4.m.a...Gx.s.d......i...C.c.Wq....V....MQ...x.%..nN..._.f|..t.....w.R..........X.b.7.E8)U...........S..RR..<..d......?.v.......-.h`W)...w.......6'..o. ...+.'.B\.oq.B..H..S.Z..b...o.P.S.!.j..q.\..38_bmn........*......l.5.bmC...w..Q9_.L......Z..;...[..a.z....1.-..E.[..;i0....z...u.1...../T.....L.cP....0.e..PcJ<R... .r.ar

          C:\Users\user\Local Settings\Packages\Microsoft.MixedReality.Portal_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:54401F68B9748459BB53ED5B45920322
          SHA1:42187E8F2C1E6A53EDECB0B4D0DA99AF8E6F5C8F
          SHA-256:E74ABBB08EC10EDC0A7248CDEC17CBA6D1993F5F12D094B9CD61D9BF3CEA49E9
          SHA-512:5725606895C45E64DEFEC664F623DB2BD15BAF33906593558713B876C18E7C30450D18B831C4D86272A9FB04C37D39681295D8F592AEDDA3EF3E523A59F424EB
          Malicious:false
          Reputation:unknown
          Preview:regf.?...NCf.J(k..(...o0.W<57.~.P...C..h./".I.X.5........X.+.\p.../^.3g.@0..g..'1.r.....S.Bsb.(*.yW%....F........d.[Y..2...+.D....@r.. ...-2..r..SW@...'=..E...p..D..he.<.\..G...2....{._.J....IB...........k.@i.fq..Z..|9..L.c.~...1:SN`..+.....t:.......6.\2Y). p.xL5..m><.....?=..n.V.....,..g]. .]q\....U.q....... ..J.5..z..M$.X&4 ....mIOoo..U.Y.......g.../M...;-1w.b>...J.7.X.s.\....`..93.0.g.iNU.=('[..;:...Q....{..,N.5]...M4"4_..U../"2..|/..a.=.*..]{.r}......t..'ht;@m.r.s.%.Y.b..00...'...%:_......(...Q.i.td>$Xb."=.m.....H..d.$.....P..;v.g....49.^..q%.%.V...........I0../.....,.TD.K.....-...@.=.P.&W$...P..r('..H....8..........s.+.H....h(V....8.k..x.uO.(Hvs.Jv..]K=....}S....y..j...E.*..#.cDv...5...........DF.B.....T.......P..x.l(.W...4.?Oa+.W.V1.5.....W.,.G.h.'yi....>u*Ed.]....^......I8.K(L.:y(....2?..`.....~U73'....%|.<.....?Rf.k.8:./........b.F..........]...Y.....JV..Y.P.!....Q\.J.h@...9...a;...#...gQ...)........1j..`*jL5..[.v.|@.| H...`.S.[..W.`

          C:\Users\user\Local Settings\Packages\Microsoft.Office.OneNote_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6490BE4CFE4969B7227AC30ADC6385FB
          SHA1:C66F34275DB2182CA14C33F76A891AD1EB3FD52C
          SHA-256:762784C6648EFD611703D4853CADAEE6BEF28C35FAB8401144812B84D86E4477
          SHA-512:0BE975BF76DA6EE57585F9D82D782C0DA064D1FA3219CD215961E7361DD42F1934672D0D14A017E3D3BB6D6105C0B9E7000E5C3C020FE7FEB3CC26528A275FB3
          Malicious:false
          Reputation:unknown
          Preview:regf.....J.....]...=..l......T.A...]....3.-Pj7..F.).......F..<...<.8.I..#........Ss...[F...u..r...]. ._f}..d...X...uH.......(..D..C+%D.....k..Gj.....1..C,.r.Y...W..'....../..._...w.G......,../wH..k.R-..xC....0.qi.......@.j.8N.L.A.8ouv.G.T.'.........i.+...J.....h ].u.2t.l.<=-(NN.n.%I.....j4.H....1...V'.I..}...]R.\...~..`.T@..0..B5...c..i.....Wf.w.b....d%<.O..E......-...(.....TE..._..c\.d.....K.l.B..=tH.-......6....."^.<S.....P:S.>.)pi.......P...n.........k[...d.5.v.....^R.:.t.......S<..0u.8.7..}c.v..>.F....hc.~...G.fj.......Q.%u|....6.i..d}.w..B....f...i....@.r;...4L....0@...>311..x.a;..J.Wl...C....,..*.......]..=..xJ......,..;..?.o.........9..f..T...j;....p/^..@...f.{..<.........^B..h....N..3..!H...$ s..:g{....#G.QE6..0`.E..g.<.........<.3..T...d'..c..@gG.oK.l.Z.#.:dg..{Jn.t.R./?...N..Sxw.gx1.B..N+e.......Lz%...;..+*...w..-L.pZmk.L.q.B..Cn0.....Qy..w.+.x.........S1./.2..Sd..s....".GF..{.*:oI..HH..6.v.jX.".~P...4.....3....[$-..

          C:\Users\user\Local Settings\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6F8BDB95C74DDEF4E32F3F4BC122CE7F
          SHA1:38F823014D9D99B57A8F0EF68A69621B5664117F
          SHA-256:75D4306D48B7BA9E84D01845A1088CA84D6212CECB0C1421273D1056C5217912
          SHA-512:888F2E580039229B37F1D7594B815A04FB5467871F6D0B166BE1486A3F10BDB4011BB5BEFBCCC4B3D34AA2501264B50D3E8021E1084B9494ECB948B4B68BBBD0
          Malicious:false
          Reputation:unknown
          Preview:regf..l3......Tr-......7..C.j..^......`3G.."Mf....%..w5..?'....}...4..g;...-RL..q..q..aK..oT..DF..7..U..Vw.K.|...a.I..T.@.B.b.....D=9v.uN.gVV..F+..}.].?n.lW....E.....*I~7.Y.|\.....b>r........7.i.\..>K..1.\I].._;....#...!I.<......&../.A...L.G.....h..x.]+..V.......0..bz.....z.[D{D.."R.....^A.H..."."..J.....uX.(cA..:;..7...*.D......U..!...%........R.#.T.8Sxb...>..V..Y...~..G.B7m.4......~!....g.%.&.../.i7 ji.P.B.-....9]..............QQ.q>*g.&..|..A.R..%U......?)^.+W.v./....N..(J...v....~.....V(Qp...>rr.*W.....k.VFm..6.<.f.Qh.uE..+.+s....m.$...W....*.z.9.6j..|A>....|.%..3e..}....).....N...e..../.A...N4.f..8..p...S2...=.......v.....Ku...>.G...)`OE.qp.c./.q..(.\#..}.L8A..t.o..SaR......@....H/...4-.....V .b.6...tTp.s..d..r.....*:l..>.t".P.........C...;...^a.._...rM.n.E......u&....|(........7...q.H.....j........@.K.[X%....Nd...?.Y7....)...%..Q.bu%.....)..Pu....n..K2....=:s...p.. .&...r;cKg...B.NZ.,N..5.3..x.zX.%k..U.....XT4.V.m..$.pY..

          C:\Users\user\Local Settings\Packages\Microsoft.People_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6D871EFED60762EE30BE030A8B01194C
          SHA1:DCF83F7AF0A2B0A0CE2A50BA78EE82AEE669A784
          SHA-256:C91262DD75A5A9A78B117D97DED9B2FE478D6F935A439D2F5741D3850A941780
          SHA-512:CC1B17AF740D6170A50FB8563FF71AD15A724D5488B9B9592ACDE263F32A1830256214B17CC5E7E2E4019079A2CCDC49C4A23CD804CC0658E99A3646838D9371
          Malicious:false
          Reputation:unknown
          Preview:regf..]h.\..cA..... y.cOj:.@.Z.....^#.&wD\g. `..W.....3QpS8..(@.F.@w..kd;.$...T....))..G...p..K...y...h(..sz.O6.......Pr.:..5v.....s..5.......J .2=.8...:x.j$yV.S..K...$"u.o3.D.w.V.r.....Nh.D..9.B..17..=...#....x:.Y.[..t.........`.Q..}.s..%.pB..@...n/$..d.1Qlw.n...n:~.q.K...Y%T.Bqv..i.yQ....,0....[...)".^x.R..V.^...~...3.2nf...I..y..(&g...9S..E.._d...).Q.q...K.yp.]:QEN.<.!.....Q.G......W.)A.....'.....55.a...V.....;.2..Z.4......&[2...;....d.....}.K.qf/..q.W3td....q.dr.N...&3.E............i.i..Z....B.alK.........y.......W3"}..\..uD...4.]8...C'o...T._?.......v.Q.7..+.J3N.irw...QQ.....'d|.M.u..I..E.1g!..q..K..Q.`......cQ..R..J.%....D`TJl.Pd......$.H...+..,...9.3!......I.#5.+.1.*.?%=gb6.'.?.p*.m...Oe_.N.c.{.N..Ic.g.<..&.G.....S#.*T....`.[.+.uI........J.uj..:.D......._...]i..o.=.kk.b~....C..G.f.D@dv.}k)V0..1...*..fm...lC.nb...3.....VJ..0...$!Ft...8c.i:@.,.E.?.$.3...@.?."<..5..R....DY'...O...kw$IL..4..".j.....=....RR6.S.%Qez2(0...]u.

          C:\Users\user\Local Settings\Packages\Microsoft.ScreenSketch_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4CB2FA8E62E15F443C8E4DD856CB6473
          SHA1:25EE529933E292A9968EFDC6A0D1E20F368FF242
          SHA-256:4457C25253296975C4ED65ACDF8B3A3B7BCA64B0FAD26C40CCA6876D63914D72
          SHA-512:731A562E13D7C14531275940B4A4BC426D2758115789EBF5A1280344E7D6AE0AAF26FA75C89D9EF7A3D4D254B5BC7AE25E707119D640CB803712403B2CD9E305
          Malicious:false
          Reputation:unknown
          Preview:regf.L`...........I4.+...!.KO.b..x.k..1...DD.8mxf(....#.h..0.........tw...61D....w."b.a......,..h..A,0._)...W....S...t.HX..8.*..r............M"..3....".==......3....d.5....m.....kQ..,..I.J.l,...0...$.C....6.c.....2Q1.&...C@....F.P..3..]E.I...<.k.......8...u....l.T....b..2........c....B>(:U...<,...v.U!pRin...1.VdN....N`v....;w.-.<......5.{|.-.v...Tbr....]V...?*>.4<E%.A...}}r....m.A*.._.x.K....]F...n......\.5\ ....v.KMa(AN...%...M ......J......2.ynd..4.....J...\!.4.05.+=...zX{,......A.......H.N.....f...6......r..K....'3F.m...@.J.....n........$QU>&.sR....j.6.G..q.V..Fc..h.*.#...3..O..r./....~.G$..5vx..N.E.}.n.?*..6...M6.i.G.PN..4...-......T..h..e.. .V.(..&..uf...j...Y.4...$.....=?..^.9.*fEq\..A..0;.S\?.w..O.....s...w..5...`..3.....<{...TZ..c}6....V<+V.r.A7....4....NW.....9......xt.,........(..t.....wQz:%.L..G.g...<Z.....'..q.}..C.....r..p......[2f..n|..*nL.....m..l..]....?"j |..r..Qk+...9....W....'.".|#........~..\..oh.\b.o2.I6"L...

          C:\Users\user\Local Settings\Packages\Microsoft.StorePurchaseApp_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9C4FD03E81C9F1A866FF65A665C88FCE
          SHA1:C47880A20F9A2A9255E6F9B47E81C3FA5BC62F88
          SHA-256:587CB882935F6FE12EE194505174D9072BC4BB83A8797A3FDC620746F5B92587
          SHA-512:CFD903001C3F4D7632DB96A097DC6242604E92CF376E99FAEFA0F6D40FBA6439DDEC3812A0F0A8CEACDD27612DF8EE0ED2FFE815C098CC2856FA50A074943D7E
          Malicious:false
          Reputation:unknown
          Preview:regf.K8.F...jw.=u....p..{.+......alX..{...K...(7g...cB.f.. ._..iY.-.g.j....kG..ec.....Q.@..a}<..7..c>5.WNW..oG#...l.Y...6o.s...6..-..XM0.....[..E0.....{eaX...d.7b.j......AH.m..9..1.LJz....xD..|....X.X. .F.(".....uP...M0.>.T.F.7b.R.sU.+.... ..:t...OVe....g]..i.3.f.E..nCT.7..%d.6"Mj..w]..C}Lc...\.......k.$.g^h..j..f.yz.G._........c...X3y.TSIs'.....q.@..i~\...;.6y._...c>.(C.n..St.9.....fywFr+...L.......UQ..G..~..A1....j..Q.Y.i../.n.w...{)..U....DZ.:m..F...wg.9E.;.V&.y|.L.cj1.6t...Tg..If.B... ._.?7ql).?.3....}..9.o.h.m.......t...W....V...........~...os....1A.b...lw..a.<..*..+{.....:.q..K.P...-j....2.sgb.KC...q.s."...#....nv%....K .nk....B ;9...K.E....w....V.:g..b..."Y_...2...1.{.@.Q..d..Z(..$.=.V..j.v...*.Q.r./[.X.+....u~:.cQ.......<[.....5r.0.5i..S.Zr...cL..kY......7......]I.mb~.=....A.&WI`....fJ.us....kH4..0..sl..z.......'...Ji..R4A...h..D.%..L.ZP..?.{...Y'.4.#p.PQ.f.o...5.G.?a;....T.yh..,.D.L..5...."s.....!..(..v..j..o..C........<

          C:\Users\user\Local Settings\Packages\Microsoft.VP9VideoExtensions_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:264B936A8943CD7B7D77D45EF26AE174
          SHA1:1FD36D4FD5FFA7CD019F08A8CC46C0B77BF395D0
          SHA-256:794ED23139EEA2A1AC4266EAE55DCF628E5D2B36F03CE7570FC1B530CB719AD4
          SHA-512:27BC7EC0041D765861EBDA62204F19024A903CBBDB984CE31A051D2E0B1ED01E8A4B1527CB5C106355852A1222206227A4371D857865CABBB2D986AE9A3DBBB7
          Malicious:false
          Reputation:unknown
          Preview:regf....=.k....&bb..h..i..gK..>..l.\.V.*1.....".#@V.l.).....@......uSY.h/...HZ.3.P.I.7...j...q%....*n.....GP<..^=Y....U.-....$...j(..1...U.]...7..9.5db....=...ph..........2.Ah.........E...J..1.g.`.0..NQ2:n.%.M.r..F.P..g#..o.......;.o...Ym...q..Y.C.[]u....3..yo..?.P.I`c9m|A=...2.ldW.....w.....`k.r...-.!N@....v?.K..@\.U.R..W...c~.]...*m...d.yi.,o~..(.'K.Z..Q....|.Zy f..._.....-.Yi...:..Q...w.b.1. ~....^S.^ .@......$r.....V......k]..t...>:.:.....:"..V.A.Q.V...K.B.@.o..r.~].>.%8..D.........%.&.h..=..[.....H.8...4p'e...3W...)$z.=]......U...WJ.B.)%4m./....jd~s.lt@0v....r..=...d...'....V.b.......z.4..m..FD![.Pk..k..7....^>.L...N....W..s..>...C].)..R~.9............T...'.j...T...]......5b....Z...^S..j^.b..#.Ni....L,...._..$ht..._.F.kL..5i.Fm ..z.z..y@!....>RO._....3........3....w.....]!ux.J...=.|.Y.R.M...=.^..SY..s.....wF...-..Y..k.o6.B...mb`.......f.Cb.X..*.C....U....(..G..-.T..5.3.gR&..!...j0..?3..b..'...........[M.% .$~wy...Yu.\...!...r.q.......Vh

          C:\Users\user\Local Settings\Packages\Microsoft.Wallet_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5BF80D9E214BCCB575219A6E699C1FBC
          SHA1:ADBAF38F87021C00CE5C0435C362382A8479EBAC
          SHA-256:23D58F309EDE9643EDC181B128E1E9D0F1C3771CE5D64C1E33A5FB0F5DAD95D2
          SHA-512:0CCBE997BA8F4F8316BC1642059B2991AD9C07461CEF4A1B2E7A714430A2D91D1A95D83F5452EC57F059D71177E95AB834D81B9A0597383BE1656416DCB80FF7
          Malicious:false
          Reputation:unknown
          Preview:regf.....p....R.F...2P.C.#..d.u.hD+...w........a.SFs.."....v.86`.@r]r.Mx...2N.A..+.(...I1....O[...#......7`0c..o.e5.s.....6..wI...aE...h.m.X.".V..8Re.....u.+....|^......@{;.5!....8@nXM.K1..#.K....%>....]..Z.I...2.......L.N..}!.V..1. ...;.......hI$.Y..no....[s...P..7z.&>.LZ...`..A....T.)x..c..}E.K:>...EK.V.P.^..}.8.*J...O!.|ezD..m..&T.KR...'=V.g....+z\...5..K.~.....SR...J...f]W#....3...1..Q.=.V....Y..8],.Q......>..?.h....._..-s9.|S.....Uc.J!.oZk/.p.]I..c2)..h}..gk.U.A.JZ.}x!Xv{.2.Y<..L.]`X!..u..~.R...T..9...e?.....o..,.U..^'>.5A.".+>...V..x....'...F.... ^N8.T...D...m.F...@.fk..\+..b>O...v..Yc....r...p.e...\.1.f.....Y@...%..{k+...y.G.*n.uvz9..3 .....rnV=..f.E..Q..#Y..u....?.S...7ok......Zp.K.;q..p....;.D...[;.M8U.4..'.....q.......`...<:l^.3.=.'.}.m(.A.>..t}.a.mX......`|[d|._.(.(&_.\..tGH...>R....a..z.J.E.lC.p.m.R.....H..?Xw...C..;...=...w...U.c/.C*;.y....d=3....... ...t.P....;.Bv(R...k9Vur/.!.0....y.j..~&.rV.ii.......o....i....J....Y.8.O#R....<b$.

          C:\Users\user\Local Settings\Packages\Microsoft.WebMediaExtensions_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:723AC3B23DAAF2EF65D667213CCB528A
          SHA1:993F2BFB76AD7ACA61E909F4DFBBD24E6EAC22BD
          SHA-256:8CB58848FC9AC24BD92475A36994CEC8564FE98436A906019214CD49CC9F0F21
          SHA-512:0CDC432452A6DAFC0913C669630433C7208D51383DE3022243BA6F9CE358FBE5CF9CDA6C1AC15409B461A0B64CEFA219DA8D80A65143038F2C60382A88515AAA
          Malicious:false
          Reputation:unknown
          Preview:regf..-<A...`.(...1.*T"..b.SE.@.!p...r1.uk....xC....t..<v..K.)d..@.H..s#Sh.G.6..F...,.7.fI...Oj..7..F<<.n-....45y.1#.2..:..ELK.8`...mX...E...X.D._....DJ9q..1._.h.w..P.tn..;.x`........4.....\.]Yp1...jq.+..\.....M..GKo#....;I...s..3H!..?.G.L4.....pQ||}S.}..\.-J,...\......9.86.p..=..f..`.U."......|...4..4..{F..P..d...5.{f..9."..a........@%..7.R......T)...5k"..7.46aYJ.....f.|.{V\9x.....[3.Z.....51}.?..g.......;...=.$VdV..i@.%-.?.G.<.n...Rg..8....H.....j"ZH.}.:R.+.}4..JV.3.in...)..(.d...[z..O.'X...k.....J....35...N..(6.8..|.Fr..|.Vt..1.(.....W.2-..4.'h3...$./Lll.).....f.Iiu..,...[."t7.......E.u"....1...W ..SN.m.U....[.z-..T...~t!(...,p..$X.........=.......g..`.8. ..`.@..,<..x...OD...)..W.T..M..1`(.T.Y..9....;..@.."H/.xmv...7... ..p.....fh..,R.(U.U.._..[.....i..jwcTp..3R.l...38..Q.bo%.-.../.I..le..C;P>?.[.Eb._r..UD.".V1T..Z.....%.....R.........+}.Wl...M.7..0:V...../..##.]s.4.mu...\..F..UF5.r.~?.p?..@.....{..@.{.@...h.....:....[..(.7........s,.

          C:\Users\user\Local Settings\Packages\Microsoft.WebpImageExtension_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:EDAAFE251100D9D5A021231E2A6C1AFD
          SHA1:F137E915C432A5DD7880EC06A9CA11DD9C118986
          SHA-256:14739B1E22F6AB3694F414670D65987F6D41F4CDC07E1F9461409A56B1D0FBD4
          SHA-512:7C39C23BE913F0279CF78362E2587CDF9B3EDA599D02FC7EBDADE918AB13CA6E0569038F6750F340683AAA6A1228370600B46A9DD5CF2482CA868EA74CD64F4D
          Malicious:false
          Reputation:unknown
          Preview:regf..2.....{......Q>....m.C\M....f.]....]q..+:...L.j1;j...........k..*.].J...............g.q....*....|.\.so.TI.a7A.......'.....-.....|.v.|W..I.(.T..M.....2..gRu..]3.......rt.U:.*............g.jv.*d..o....._)........^..d.cH.N...{{.....h...v..1`.#A...dk...m.f...{.j00C[^.B4.x-2;WZ.N>.I..u..M-.7t>....k.....D..eP.Bm..t..].....7Dk..%....S..L.Y@b..n...'2tQ..*9.Y...k:'.z@..N..1G`B.._"~.v...0H...\I...&..C."....p...)I.{.c....B.Q....(/....gJS.k.S.)..N.=._..[nu.0..a..G.....@.mT.L.wW7.......J...$..l....I.{..[|J...k.J.>..f.o.....V.%bJ...o........`..[.v#.....XR....Zm...!.U..;...X...U......s*>.).Wb.jY.....GE...1...y\..../...}C..Ts+..p|/#>.~rj<.O]....Wi.n..Kj.....j..<..dc.5.PC~.^...!.....N.9eH=.....y.e3.W.Z.."`y.....A.y.-4TK..e.=..J]b_.r..Z.@.d..Cn).y......{\n..{8....&.....0.V.2....*...?VL......}$6.M...Dp.w..Y.....Q..)...)...!_ .......U..........a{..d0.E1<.=...".Q..%z...P..8....j.....po..M..;1t.}._7q.o.G....^..'.F..z.q+.v.2`..b..x........c. @..;...

          C:\Users\user\Local Settings\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1DCA849950FAB393425BF6696A44A6A4
          SHA1:6CC21CBD0626228F1CFA2FE6F3DECC00A20BA1E6
          SHA-256:6AE5B18FCA1D149F5EBBA12AF1D12C677456F89388A9C792BCAD2AA4863CCA92
          SHA-512:529DC504CE221DC649B8E189BC5E673D101DF679382BE1E7624501AE4A406C2A254973F2D263FD54A7D133DA45109AE60A1D310DBABE37BC0E8924BD68044817
          Malicious:false
          Reputation:unknown
          Preview:regf.3...E..0$.h..-....ST ..F.A.Sk.In..Ck0.d..Y.\..\Uh..o.4..mH......Y.......G.s .=...(..?..".....u.'....*lR.1.EK...MR2...L`.?..-.R.i..4.sx.1.....Ub....p...O7......y..1b....C.9...~S..a...b.(..y..&....S..@.[.]~.0_../u.KF...n.Kg.b...!Em.v....l.G.\s...;...t....}.)u.v_l..Q...>..uH.......R..!...9.Hz.B.B..LlP3..v...n},i...4.....+.>.."..p..nH...,.O..B.:..,..hzmv]t...0.<...c.u.))o.#god..._...l%?[B...B.,.s.....g4..i....A....x.S.e..jwb.....,X..:.,p.]G...s.......r^2../5..X.b.2......&......j*s...LEAsI...=z.3.9..n.rK.."......b.1..C....0.A{mY.I.kl[.{.jq....V.qL..MYJo .d.>..Y...+.........-SD..Z..W......Z.o'......... .........K.u.;P....?..T.d.4g...k...6w..W.....%...:.~..[..B.....V....\.MB.g.*...7w.H...#......#..=.k.7....5..0.Q.~...K1......Se..Y7j.U5w..0.&!.._4f.....o.......qf|1.X.8z...........Tlv#....r....9.i.O..+.^.%RK}..5......m.......G......tq&^V...t...b....2[..M.6.*~m{.I.<7.n...&ON.1.....5.#..'.\.E;...../.Z.<..x....q....ZU...V.K.?.l...&......^D.L6.......

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8602A2C64E9A7F69AFDC9AC7DE9E2436
          SHA1:CA92130EB3710E23C5A311635E6B6002770B71CF
          SHA-256:AFD2FB2C1D63F5C5FEE4567182A4B389879CA060252D03B86DE7CB30C4DA7AB9
          SHA-512:4B554FB5BCECDE937E7547726EF4A7A21FD993A30024BE814AB58B01009BAF324725BCB04037AF25E974CCA46A16CECF778C341D06E70AB733439B7B51B7661A
          Malicious:false
          Reputation:unknown
          Preview:regf..=_....R.)..9....v.9.....kD.A'f^..1_.<3>U...F6..k2c .u......%~...9..O..M.<3R.,:.$..,..RG.m...E...T.J..`....+....Y}x...6nb.....y..cyT.=.Z.I.]..D.n<..a......9.._........g...^Ev,.u/A...d.Y.......T.......G...~....a.X......&`...`.K.&1.m3....6.... .;....` ......dP..HI..;....j.].......Z.?..*"l^gB.=}Z..fo..aF.Yz.W..s..L.>.....na.....)..;.\.#.6,2....'..]K.[....u.%..u.HJDD%?o3....5....v..)._de"..........iEW|......X]....Qy....V.,...#t\..aoR.T..`.....(.9........*ey....xrtZA.$.#B..G..V.)...c..o..}..v.H?...Z..p:.q.U.*...W.W.T..l';~(."../..37....F.V..w..........+......D..@ .....uBX..R.fNw.D._..U.w'..U....dN..X..3..z|~.@..."k..g*.........0.H.! ..f|...l5.g].'._...v.hE.@..L...>..j.&.^...*..-&I].N..;*A.U;H.....NHP..V.........(G....S.X..o~F>....C............H...q.6..4..[.......V[....eW..,.".5....8y./...2.09l.].y...K..:.o.%g..6.(`'Q..7..02..N......C...,......{..^...uZ3.-.5.....&G..%f....... ..Y.....6.'....M...d.M...5......=...N>8;Q......~.v.qW

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:77795614EB507741E7261281340BFBC0
          SHA1:9FAA9C241893F3C6E9221EAC27980EDA1EF933B2
          SHA-256:D8AC907BEB2A3F0CACFF6FE3AC3403BAE0631DD6CFFC6C3B7D690243539B58EA
          SHA-512:37D3A45448E618947A9F8EC3B3AECF20852724EEB7854A50334D22A1126DC9078F4BE459AC38CA76F0A9B2CDEDCE338520BF00E08B21E50B7EAF3D6DFF8512F5
          Malicious:false
          Reputation:unknown
          Preview:regf...Hr..M.{.t3^'..:%aO..jm.R..k9.nC.-.O..J.WB()s1.'.1.P..1...co.k....Z.....u<H...h^.>......W...M....`(H..x..(.s..N..V..7.0.S.W"/......|..-.H.*..]."|.hcD...n.=..JT.'...-a.9..1e.]...c..rJ....q..xy..78X.._..ee....D..D1.H*..s.Pq.O.....dr"....VY.*...3).z0.$......4wT.n..._#J.raD.^...."...U.2l.....n{...........R=].....5.L..#M.....Okm7F...'...I..0..........e...g%{..........>..7..0fpn... ].;....d:..T......_Q4....4!d.%P...@c[.RY.M...Z.Z......c..w.<.%^@ .v.O%..s.W6m.B.6.lT^....F....3.V.mY.<...........KK"z..k..l..W..j...d.#..+BiE.v=%..W....bS.kMEa.N..4z>'b.8.XsD6..8....._?.o.|..8...6...8.D.V...Z..."..H.NW.Z.;.z;2[...t.C......o<)...@...|S...W.....p9..Xqd....C<..w#.Yb..h.f|.d.y.....y?...ao..1..d..#...*c.?5+$n.+..A..#.?,.%&..e..k.RJ.>.ve1.s...+.JZ.+!...D..h[..'.+d.<.@..!Vm...E.s..Fr."U...EQe....r..f....|.-K9.&.L...N&.).....6(.7.v.... ..8p.+...r.r..f..o.YrS...+..x.Z.......1.Z.h...<....Z..%0...+..&...R..&...S..({..<.Pq..,,./....h$B.#M.4.A.F ....WzW.

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:BC989987E27040C8D599A729EAFC06C3
          SHA1:0FF0861CD9D67241539145FB7E4900B3BF857ED7
          SHA-256:C14AAFC3FBE557BA48BFFBD9165C87536863A9BE3BAD3324E7E63B1B3319DC89
          SHA-512:8691611C3A22BF7E26F505347ED867A1C4927EA83ABFC2FDF988F7E39B8603E10CC780A642C0B5BD12419309BDAC108725E86908220AFEE15C220B23F54B663D
          Malicious:false
          Reputation:unknown
          Preview:regf...7e......%'.c..Tq{i$VM.b._E.i. O.o.*.Q.D.&j..../.x....B*..7.....I.x...sFu...3=......)1H`..([e.....rr..\;1.W......x.......x.R.a7....B..[.}0._..T..$..B.=d1.k..%........g:...).H. L.B..^kt.B..v.q.../...q....X..5w2"...n2..L.0J.2jB.........pys."k..h.Xb.;O}F0."..b9H...}......P.A.O"......^y.o...*._...#.R.YI..C))....)...f.R8H;..Q;...".g^....:...SUT.YE@...L..A".[D..7s.`kJ.....tPwv\}O?...=B.?.(......\.........OWs...t..Z"..^0.=m.S..Z...r..$.[#.Q...\&q.6T.....D{..x....1..cqV.g....' .x.....1z....B............e....79Y..z..F...Z........3.(...2v]P;.}..f.C..%.-....|....Q.u......_...^..@.o..X.(.`\\..@..7S....a.%z..u.T.. .%..om..g.?......;....LhCJ0=_..%z.&8y.8...8Q...A.V....7.....6.b1....:7...\Z..].Z...P...:.}..C.../.q.0....<.].,.^.;....s.....D....jx.`.8^.B..?z3....(q..q..x....G>m:.Hz.mVg..].Y. .o..X5._W.xy..s....A.k.....5......n.3..#2.X&.?...PJ.N.....{.s...w...o........<..Q..u...`...p.!......8..V...$...4.F5....(J....LX..Ez!1.=s.hh..A./...H....".....p9

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2C8BE44531D0900A7374B4965A0C9014
          SHA1:19C1ABB3CE94070D2F6BCC6016E136DB3CF83CE5
          SHA-256:3CFBA2D3DCA307BAF7167220D93C6BBA56F998D331F58CB2D68810C5D8F47138
          SHA-512:EF64A974C6BF83588F4DD04ADC533B5E6A09C81B8B8CD2448904797E744CD8B1F0C4DF87193D9F6064DDC8EFCE1680A753ACFD75E5BB18F36D7A81DD94CAEEA0
          Malicious:false
          Reputation:unknown
          Preview:regf..!...xw.X.la..........:r..`.(;.m`P...H.Nq'.>X..O.y`.s..).....47........Qa.?....1..8...).1....T.4..v.....g.e.....X..e...U.z\.N...W..Mz&...\$.NQ..^....[~..\.t...[..._.V.....I.as_GK*,y..H....R.m{.....,0.......5>0..=...Q.(k..BP.qc....0..=..............L".....d)yW.... .)zL.....8..t..m..8_Nu.$....l.+...a1...b.....1p..^..RnV ......f.>..+..<...@A_\...U...II......Z.S..+7R@.......\...>..T..n}.anY.`..*H.$......;r:i$.B...@dO.....".?...3j..].W....;...L.[..7...io?>.9..A............G.D.n.B......,+./<n...)4.T..H M.hHw+e...d.._a.......X@3$...=....%Y...V*;.zz..z.........[...F...k.f.J..~.S)....\.V.......|.......0....C.M.Q.s.........)F.]0.M.Z!..}i/_.K0yR.+.c?.}..g.S.@.RP..q.?.(LfG.w...H.....&F..CY..%...D.......?A............8\u....T..n%U,..(.....s.../.....Q..^....v..>.pH.NZH..-+.g%D;.<B^......$....`...\I....;.'.H..h?n..T(&.<S.~M_5F.....4v.e..,.]...p{.....U.dkS...|.a.~R.....!.m....U.C.X..+.d.?....n;......K..r..bt..r..D)M-!=&..I..1 .;.$e...w....7..

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E905AA15C039948DAB8EDE54AFE15D91
          SHA1:64D3A8F288D4AA34F470292116C10A4A645162A5
          SHA-256:E46C2A9E5E3860519E76440A19F6E63DFDE0DF1057AF6EB342E762BD88BA7A13
          SHA-512:6F8E24532E223D9F78830E5FD20E03AE880E95130F64C13A6A8171BA657782554276D02A9227CCEDE53CD67A07A96D0A70A2086311ECD23A19C18B7BDCFA8299
          Malicious:false
          Reputation:unknown
          Preview:regf.>.f..Nm yK....xZk.......w./j.:.v.L-...p...m{..E...5.BW..rC....c.%.(.u..G..\........3...d.D.....,%'r..w..}.L.D...,yP.@...+@1.1......NH..D..O.".V...Zp......U@...VtX.i......t_.qf.pv.7.F_.._J.2L...o..|......r.N.q....!..R.X....t.o..3u.s..CW.m...z.<qX.$...^D5.2..a..*@.z0..H."...I..a........lc..r`.az.....?c.".......4.d(...,....S.J...*.}O..r.d.g..y..........I..0.....Cc .......q...e....M%,....\~c..(.7..-.73.O...1'..4.o.....:M.S../@'i.>j@..\.u....j.C.Jo...n(:.:g(.>.t.%75.H..#......`c._...!..>...t..x.?f.......V...u.........I.$\..!,.QT.8v...GJ....B[."..p...hK.5UH..%....;..&......kif......g.n.!...._-.h~..p.-`.)...Wr....'.....o.......E|&.%&..#..p....7L.' ...i........b.Dy..3.f.6.c.+...w.q.e..p.....T.%.g........x.S.....M.{...<..$..LV.Pt_..[t.{O`.#.L...A.C....'...[..\:@.6.i...BJ.f~.|.....ss.....g6.......(.$.Z+i....$,..m/!m...J?"......(....p.[........].9.*b...q.....OD(..+...X..N....l.r-a...'i.,.&..*b..Q..q...V..~..I....(<.T.^.t-6..a.*.r.......;pH at.H..>F.b>..d.

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E89BC1F0FD264DB3C6095086DA1A504E
          SHA1:E5C2C111CECA98F7E95FA2277EC83B91AA2D80DF
          SHA-256:F2F3FD9E1E71CA9FF6352E76A9409B525137391215EF01E8155418C9B70B2406
          SHA-512:B3C66DFD1FCF2BC726236F0FA68CE07549FE7B1B165DF5385455FF91476B2F5CBDAEC5995090E0D75DA04869F521B368DAE5547E4C8C49312841C6206C8F36F6
          Malicious:false
          Reputation:unknown
          Preview:regf.t.h.s....g.....*..H.....2.6.Y....4E..C8TTg......G.eT.....U4..a.)..W.[....o..t....F.g-.X...Y...n....!...h.gt*(.,.,.....^8..7.*.4K...).\../...S.INW.M ...R>e..xg.2...91..U.m.n......7Re..H.4......O....2.Q..1..0...[..md_.......<Z...)m.1,..\<.N...E`.x.Px=+....:.#..G..:..4KZ.J.P.S.F...3m'3Eff...'.p.0........E......Y%.D.V.!.}.....u...'..WI.Pd\M8..a....*.p2.Q-....[e..n.........@@v....T....b....`G...v....4.....f.(..D....%..3.*.......f.n..S.P.i...rf~.p...4S...p....0.0Y...J...........dpS?....J.1<...y.I.\..).s....K..R>.LU......j.*$..d.;Y[..z.....?.u."w$J...Z..IY!..W../.&x..G..&.1...+.(R>...........K..O...0....].>B9A..FE...yE.k....=d_...BEa@k$.}..?..;.rC.....;..D4.`.......g..K...}...X!...;....gR c......92.U.O...<.V\#t...u...<....8$0E...g.m.Q......#B..)..#..P...q.i.Jc.!.....toM+...(.F6.o....."...I.5......j.Fx.b..6....+...Aq..6Jc..\M...j..9........].H..h$.k..b.5......P...\u5.4..L...D.x.E.Jo..\<....qaM.........bM.}...l.......d...,..'ElE.5P

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1F530C2906435119654E584FF810B2F6
          SHA1:739D998ACC3B46D2DF49B48728207486B8000F27
          SHA-256:27EA17DDC4756406028F2B4A8E27A3123C2D69D63597CE94E074DE9D96FEC1E0
          SHA-512:0EA48DD61F69B277EBBDA6D8AACB59B59FD72B050596A4B18FAA69F51610270A4C92918A67290BC0EE3C671E96E322559713EE1650F684550914113856EB0ED2
          Malicious:false
          Reputation:unknown
          Preview:regf.f.P.(.S....[.....D..#.h.2a......^............%F..T.I..h...,1..V)...2'@{}...C.y..Ph...k...f...<....D...+.........^..`..|........`.^A[?).n.=.:.....P.#.-.6.z.t..[%0z.|.../rQ.....}_.5..W{..s..s.=p:.3K..."/.._|.?1..~@.O.............k....=\z..@..@..7...... ..`..^.hi....F+.V.u..!B...2<.j.9w.fX3*.....Tz..P.F....v.-.am''i8_j..9.Q\...0.:..0..S...N...:Xt....h..}.Yp.l0..`N}........&\h"..>Dg..J.....u..K..../..}F.L...*.....`....>.\.l.xQf2*EdcP.....>.S.. ....gQ.[.....+.....v*.H9??-........G.*S...Oi}..z.K..4..@.Z..O.x]{\I&....ER..:.....mR..1..78[d_....:S..o.d.i3{.0. \....FwW.?T..e..'.I...6.I.2L.1I.|......vSY.@o..&....o....\P..C..j...x.".............6.x.Mp..g.T+6.._..k...VX..Z15.&O>.6~.-g.n........{.(M..@7....zk.......[..].Y~z5}D..q...x...c.]Aq..r.S2rM>....M@../..J.m^..=.......P....k[.OgY.}u.#.;..P....-...8..(...,.......bE_N.|.o..C...V..1....#....w<...?5.->~...-........T.8.BR..3'1U..\.u..K.1~./.t.9-...t.....3.ex..+.dx>.6.*:..e0....x.\T..#.....E.

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:58D71CAA1F8432DD0B9AFFB3CBF460BB
          SHA1:C8589FA8818BE362451A7B9E6C2AB13B32040117
          SHA-256:CC1CAD16BE7CD02E2C694A3DBE230AF060B5EE1F2A3E1F92D0336CA7BEEE6AA3
          SHA-512:D6AD154C8F46A5AFFD53EB92B34FC1D90C0F94C6E1F974DFEFC7293D8611D8335BD0F7B594A9A3A17BA8B9C2EBDE2F54F7C92C667699BF77B819DCCCB7A69CA7
          Malicious:false
          Reputation:unknown
          Preview:regf.A.tO...F;...X=....}b...*~.......]LC.$.T..i...d...M...@Yp....5cs4.0u.@.=?c.....2%..+f...i.....[.................gS)..g..F....c?].X..v..I..{$.E.'.Y.V.#H..m....^Q..........Y.....s..4f=.x..j7..X..n..\.........a]....(!<..qM. .,.8`.B>...w.Q"..v)...0.~.....).../n..QT.x#.D.1....X8..!./jS.Afo|..:?..~Q..v@.yy~.G..........el/.......E...z~.;..lb|=.T.8......[`|*_+. ..D.]xP...U3.[... ..@%..6..........T....,..B..U..HD(..;[.U.0.8W.8.RN.U...N1n\.G.......>..^.......1.(......J..{..S..I6.o..b.Z....9....0....3B....]....?..R.....b0..$.C-..b..D...:@.G$|..D..O+pxYzR&...8o:z...C>.U.....1.....,.......w@4.G........Do2.Q.Gj.s..+.....E......./:...N..9||V...I..~..u..{&......[....K...bD.:....R...}............p.3...).-.HgH.r?t..}W4lQ{.Qm)...!B<.c.x<h.y.....tJ@..@..."..]...G.$S....S.b.aW....FU.2.p-...&.._..hD..N.mj.J..ff...>......Sl....lL..c.2Q..V....t.VJ..2s.K.q!o'....$...*&.+F..'|..U8.[......w,vU..B..RN.>.~K)..4..Y....#.....`.+.e./..LX...L..S.q1..q.OY...6M..a+u.L?o&.8...A

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.NarratorQuickStart_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5CCC4ADB1FEC9D6AD28C55CD2C3B6814
          SHA1:9DCA91DFAC9C2ABCE275ED69DBC453A9A50DB887
          SHA-256:2D0EC9E52DAE6C629669225B9F94CA2664B011A80D86E0CE2BEC7C13329CE8EA
          SHA-512:CB4EA6051C7A61543D8636B488F87FFB788F01281F811D086828D36E3C01D5274BBC8141C3E5A5A71713310F10BCD2B35F51CCB9F9E73FD077AA3C4DD0F118A2
          Malicious:false
          Reputation:unknown
          Preview:regf.;..A...R.8.....HS.z......<A..~e....A..=E..&..x..i..=jR..zC..RT..B....[.k.v.}.....V..rj/.S"}OH...../C.j.I..*UTDEW........Lc. .d.m3S0..T...e.\r.....QWM5*tv1.n.S...Z..[.ao..9.4.O.cW.&..F.7#.B.y+..J:...4/.G.UB7....^&..H.4..I..u.:..n......b..]1..~[...O^e..........g.eO&y;......J.7`W.2@JO...g...._...q...:.H.l3WM.....p.k.Y.e.a...v.`.j....s....S..g.Y.T.qe..~g%....'w.H.}L]2.>.t............D.R........M...........-.&!.y^(........0.S...(..K......F...4-.?WA:.!.3^.15!.........R.9...Zf..4S@kl...}.S._.5...?]..>x+/.c.4..K-...ItQ'.p.....Fu..E....1..q.="<.v......<V[IGn.Z......XLE..Q..gG.a..T...,.b..Y.AI..T.ld.)c.[.....,..E2 8..ZNB'`b.%....g[..._<<..[7h..W4.....l.|.g5.<M..9..-aR.....A...$..N.......p.&>.:.U...\..u....M.j(..@J...2G..k......+Y.....r.....[.!.f[..n..n{q....2.,}........<._r.[..5....T.urZ.?.jn.....m:.zK+A3.f....o....G|.G.....9^w.......1r....n.d..v.<.@.;..>..:.&.#.:..(94....?.......>.<.1\.....-v....~...8....-/....6mf......_.%........7f.%.......Q?.

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:33A713AE96AF567A95EC6E94E9B8ADA2
          SHA1:E21CD395B0501DCA520C55A315961B9807210F53
          SHA-256:AE93E9AB9F39B4C12381D04D6B917842B8C3861615154E62FCA82CFCBA4D6732
          SHA-512:B582145380BDF907D476194F7C942D1B393C215570F53D55AAEC0B694218CA46B22418AD5987EFD3C9EC9917200EE8E20106B410B8E25A2B979E86949CDA9B10
          Malicious:false
          Reputation:unknown
          Preview:regf....B.Y~.....'.H..!.w(.6@l0.y.\....J.....0y...+..|...zF&.....;..a.(6}......8.8:<.4...@.r...vF...o.vS.B...n....TV...F.=4..(..f...Q..*...>......Zg....`,..D]....*....D!Vg..W.!.k?.\.S.`...qx)/o.n...:..Y.p#.t.;.F..e..u..W.<..Q.WJ<...=.._...I...A,gNl....6qz.%...j/H.)........G.O..?......Al-.....@}...U.D..J.B..[e.........(..V}........Gw.0...-..T.k.0..1..,$.../...Pk.{..PR...6b-...3....D.V.... 0.._...E.L...WJ.S..eI....S.Ii.....!..\.+..].2......z;..[....."w...0'3..l....S..4....8<nM.T...<f#..2N.hL.-VU/lka.MgQ...}..*.1.s3..(J/...~.X.=...GK........}.+M[..s..'........a..k..dV.....>.c'..-..62...9enS...UU.[..i!g.X.{T...:.....bg......{d.m........#......).\.S\.>.L.7.8.5......r&)..e.Y.D.. .....r.n ..u9.L}..t"U.h2.#iO..q4)r........K.........p..Q..cw..HIi.=.. .(......z...........{...>.*..........~v.}g..).Z-......7.cz....X&.`..D\........=\.*.q.....S.v!.g.94..O....C`.wZ|Kx...x.z....s8..|D....Mrq6.)46......z.#.%../o>w.`.6^........X...N.N.A. .?.%...z.^...

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:AE23FC3385AB6E4EC045E4F33A0AD722
          SHA1:67CF7C7B93DFA294B2C0F9561969419870DEFEBC
          SHA-256:6F6E8AD2B89E1B2D6251259FB06E39F60DD3C18452B76DE9C4F2556F3D485694
          SHA-512:6C9FF2493E25C9F8AB2D9387F42A46815566CFF3FEDC214F6504A2D5B62DA84EB4C2F83DC374B6D46E25094BF94C88226C4C0D51342D090383923E0B857E3323
          Malicious:false
          Reputation:unknown
          Preview:regf..+...@A.m...Qj.{)`f..k...CM.D3....U-`......waQ.@;..s.9!.k.<..6f..............8n#...j......m.!..a.+.....G..%3.#.+...>...9Vm...g.Y...n..G1.[*.m.`.I..5...o.,.(...P......#......K..b.-O/`..x.W....)"..".....Tp..\..D.....xb..e..o....{.Q.d..$.e..%LR....g.@..Y..j..w[....(0f{o+&g..'.i'..Zu.ROL...<......YO.^. ..[.......h..-[..Pvx-o.....:.Kt|......IV..;t...#?..O=y...$qk5S...2....ZRB.......0o.s....K$......I.7)E..q..U..9hDQ..&/..xs>.b..?].7g...X5.\......h..z].=..D..y.G...)` >..".Hl...)..Xs I=B..[...k.9J..........~o...[..|x.6.%]..4...?../.....b.....p...Y.u....c.<]*K`.KM.........-Is....%5*...!.*....\dI..$Pn.X<..)b...]O....Ac....J.......Y..F..........#.....>.@.....a.#.-U..2.inT&<..8......S.`.vFz.?.K..h[C.tI..........j..g.u.E.-.....WW..........Lu.\..};.....;.k...l..$.9^.O!>.PFY..p|.i/_3*.F.~.M.AT<......s.d.6k..I}..|.s.....7..9v..\...qg}..k.T=+u.Y...A_.?.jm..E...]..:..U":......vep#.Ws....5V..5x.].Q'..._.e..H.ZKo.....*+...$.P....F..'G~.P....s.......

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5012B5FFDA2EB788877425BFF7C6F23E
          SHA1:D362069494888BC939A86F6449F4D3AEB989EE40
          SHA-256:094EF28D3847C7D2809C2D6FFF2638B9E0CE4817924707A1C317B5F3F57A6FB5
          SHA-512:DB3F10ED9293CF525190FE7CD59B4D2A831B57BA0D4D0BE583A3EEAA59E70227037CA1D3873B8739E46B33C5875BA684B62250FF903965C9347A8EFB3FBC1E97
          Malicious:false
          Reputation:unknown
          Preview:regf..9.Y.....]....)..5.(4N.Y..oZ.9m.V.......p.xq.1S.3.@.z..rDnD.T.....d..U3..#.C.`..Z..:.oox..%.e.j..:B.J.$l.x..8...9.QRy.C....FF....k...-...W.*......H.mS.....T.....+...a|M.....t'..=/.VO....?}. B=.^4.bm..e.+...........$...GHDLM....e.y.R|.....Q.:~..>..hf..E..&...>.Y.....|F...R.........:.L............Rt...5....G......m.9?....;....n9...X..X28..$.#...w......>*4^Q(.1a..gX....X..h........H..)...8.3......s...g.v2..K.Pw.u.w.X..`9^.OLL.2+:..x.^l.5....{..=C*...A[I..>4.Q.0..X-....B...td.H...w".T2ch'..6.....C$.~.......9.....J.....^..s{...|.{...Z..JF.v..Q..hz...Ig..T...._c.y.;..d.msr.......Y...&...u....W......l..I.)}..M.T.VHt8.....3./P.%j<)E......p.8%..&....0a.....%;BN.).}r*.....T.L9).*X.......4...(.W.o...#..t..W....]n.)...9#.r.ue..X.z....L...V.T\.......dtpw....j0..Z.B.[G....}...........(.W...v...^w.+./%n.q.Y9."I....{..@.$e.%...&1{=.m2.....B....$....i.M..HX<..'.C.g2..D...kF..L..9...I..?....N.d..~.@...~78.b..~..s..'.c.}.!<....{h..2..!..h...T.a$.

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:26BACFA7A492909453F8A115C8382941
          SHA1:65BD830A9A4AFDB26189075BD583DF7930E524FC
          SHA-256:729518D78DC896479471DEF35FEC196D6CF2CCEA6DC33A6C97654A42E0C09E2C
          SHA-512:4143848310FCF4244242CDBA236AB932AAB87D13080C6C2FC6E1D361203DCBD6DEDA73FB3A232FB031B6BB9D9CC203169084AD017E5B579C7AAC8D36170DFDB7
          Malicious:false
          Reputation:unknown
          Preview:regf.f4.Y..a.4.,....p.UL...t............2.e.].. ..".~.S.....Y..e...7#..o..mV_=Gj.Z.c. .-....'.......F .Z4.S.{.Kuw..aP..&..>......_..9l:%..$.....y..0...i..;x.{...?be^....t.b=...|.FU..c".......=-...D.IR.T..2.-E.._`'....VVx;di....h.vf...>....p...#.' ... +O...".@O.|....x...Fu....,.+.$......y$F..X..6.%..v..h.x.w...KG..7......+..|......9..A.]e G....z.m.......|....K......R..j1/..OR..:|..b.....>Db.dH...X/.v%._.gb. ..`F..zz....\...V.4G..".....k.v.....P...=V...zU.....K@eu.....V.^h..a.,....Z.J..Pri....!%1...K7..B..M<.....<C.Q.-.Ry..m.....t..|.@pO...\\ex.m.....s......o{.btZ...MK.5~.o.......I.GAG.z.I.kWW.;X).....PX....(..<.ik..$........h5...#.S2.JT`.q.*.8.Ek_O.K..R.S..m.M.A...Q...<.........oP..RbP."tY..9$a.D.z.%.a.X.....Tr.....\.%...d...+.N..`E...C%.%..9...k.l..xUv..........}...-.1.].....#.....w.....8]N.Cnt..\.C=`..z.........+......?:OX....w:.Gs.g.....~..Q.`....?.....X1.Kme....n..:...W.....u.i.....LX.........:%i.k6.......:..ri1..[U...f..*.l.*.Q.....mz..SL..b.

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-shm.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5751FE2AD8D5922B2D34CD1D362B9563
          SHA1:1B5CC84E4C24661B1A4FE701537023898C1574E8
          SHA-256:683CB7608C132FF383B5C8292E583159159D656E69A0AA4987A04367FBA8DEE9
          SHA-512:CAE64F3DF7D99097EECB461C7A5B73C4783F2D5DA8E9B90204B59AB1B12B6F3ED07E4267C3FFA0647DC8AC1928373C6E2C8319D65F45E757805361E076A739C5
          Malicious:false
          Reputation:unknown
          Preview:..-../..<r...n...._<...}..T/?K7:....2.w.h0}_v..V(.>..........z..f.>/...U,0.......=..1.......a.....0...:.A..$B.n..`.)\.m.1.m....SH.!4X+...4.5...p.._2o....Q.L.W..O...)4g.R.-...]."......rZ.kLc........6Ed]...N...l`.C*....r....HAA.=W...z./.>'....!&.q..fmk.....zL..?"-.g...e.Xv.........o...wT0...q,../..".2..../.E,.;..g..y\>...]...c.O~.~...r8?\.r..8R.....g#..e}.P..-..Z.Z,.....Q-..dB8ZZ.qP.b.!...u.3=.G."..0......^..>]....r.|...B...>.t....\.&.$E.&.i.w..1,p....s....spY.5..>.....d..a.Kb.0.ks.s}2.a...}3..O.E?.I_...}?.G8.L....U.eD..i.>..../..I.I.,...:.a.*G..d.T...m-..l..4hM\.5d.....}..>......&...#..n..`.(.+......k69.Cr...}C..h<..t.AH2w......b.H....)N.......L.wT..7.J;Y}/L...).O..d....[e}/.....lb..]YM.....U,....y.e.E..R..q..j...`[.#...<..j......,..a?.f.5r..t.#..w...K.....wV..._.C........Z..?......F..(....U.....XT..z.....8.C.IFi......z.%.~.c..+.=..f"....p....T3.f....3.7..Q....yqrF.U.}....Y.....r.6Q...y..<.........i0.U..e.#....h.}......ua6A...r.....E.E

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite-wal.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:SQLite Write-Ahead Log, version 5591136
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:065FC80CA0BFDB4FFF0E25DF4E3505E9
          SHA1:5CA500AD14E68CF2D30A97E8638E70256E647B6F
          SHA-256:4BBD8B6FD028A55A0D355B95137E5A08BF347F80F2FC3E7C02CE59CDCDF3F874
          SHA-512:54FA39DDD344666D2FB93994C3E6EE13DA8190B2662A2D372E333A238647F169B4A148DBC58FC5818EEE24F5DE18A237FEE81E21F7069F9E1EDCAA7F0F2DC0D9
          Malicious:false
          Reputation:unknown
          Preview:7....UP`....+r..._.[g.F.T.Z........4zz.g..y.Q^9..&.j...2.P.3:..dV<.-%..}x.)Q...........f..J.l..|....s@?.%.H...*z..b.c.Q.}.M.@$.?...VCe..D.4Q....@?......\M.h...3.N.......g=a..Z...4b4...D.H..2.XFj.....z.@S..D7%..b.k.sS....... ......<.5p......$..l.T I+l...y.......9D}.r.S.%.....6t.X......[...o.z.......qP*.*d~.N..4..%....C."..2.?.?V..G.w)....../I..A....^}J.l....QGff*.bD...O.e .~....w.~.A..0.:j.:P=$.....F@wM-{..^.....n.O&......6.b|.[rS....<....Xw.>.......R.C.c..r.<..P..{...........?..D.(..\.|.b].. .+"a........K.`B..d.........F......6..;\/'.]x........5a...Pl.%m..|I3.?.):y=.-..f......#."..b....6N<...%....C..e.+..B..........F,..#J.$~.7.C.8.....N.7...A%....2....z..^...@..Rqqze]E.q&$..K.[....2..M2....|..b2.Q.5.V..[n....~6-..n9'..z.M.~$...$..2. .._....D.[.8.6......t../.Iw.9..>%..h.#..3J......P../..a.7..PQ.......5.j\..Q*..A..'..-...d.<N.M.i.....u.t..w.6.P"...3f...Q.rd.v.P.........._...[.)..-....".v.._3vQ..l$.._......Q..x.d8.....Y&..R.Q..o...D].e". .3

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:099DB8129F00C94AE054B945A27890C6
          SHA1:18F6D609DA5D3E150A3311B78FF4AFBA086C4551
          SHA-256:146DD1F85AFC6C98502D7692DF1D485EFF9BC7F56387A945965657C2FF384CC3
          SHA-512:CD0FAA2AA626964D75BBD344FF36B34A3EBCD53B9CA490451340CA63B95F2A44CF2631205F5E0B719BDEC577FC7A94B6D2A413773EACD05C139388555AA5FF41
          Malicious:false
          Reputation:unknown
          Preview:SQLit.....+.Op....K...v..-...&......T.0p.$3........l...]......(.fw...6...C).V....>...5.h..:t......X.I.c.....OO..H.....c.w..mD...P..s.7..qE.p......7..ECHz..F.w%...d......l....I....y.N.w..R.[........e!....CP.#.(..(mM.(.>4.p.P....i.....t...dy...mJ.F2...kh..@.:..@..n..^..pD.fe....GW..M.y>....Q\....i..p.].o.._..C.k`.TX..s..~@8$M[...|...^..8p....zQ.O$....:...a.....EF.... ...)..,=S.6........P^.Gx..zY.^.*.....U......E....:...ti........7bX...J.$...%%.FB...`..yN..h98.O#f..ToxrG....2@..HI^...B..y7.X-Y..R.77.K.b.9.Y..S..BfQ..3...PN.n-.kK...xR.;7.X..D:.8.(.'.29....0'.L.d-...q..R.g...>.o.r.....394.kqQ>.8.....wZ.K8. _`...g...*..6.......M.,.6.....b..bYNz....;.&.....aS.w[9..P...f..4.b..f..". ..5..A5...8N....F...5..:..F.d..D.X!...c.v.\Np.5.~[.lFh.e.|.r............-"...<We...(..=p....W..).xR.l.EF.`j7.<...r...=J...o.f,6C.-.3../G/..Q....j.....l.Mq.[.J.G..^.!b.~;.../....W=....4..<6l.z....+v.E..~....;..........:J".P)..... .].:m....h..`hW.'<,..i..%"c.....Z.T

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppTracing_startedInBGMode.etl.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D761DFB78C4156C10BFE41B8BE2778C5
          SHA1:5A433D8634B4B88D8865A956924460CCDE7DC3A8
          SHA-256:F8698B3D418C1C92DF136DD9785D1EB2396AF1076710CBB3325882A327A29D97
          SHA-512:42394FB2306347E1F3575511E0199E6F2B0415BC27F7DEEEA83D2FC0FB69D6BA89927958B0DA42AD01DE846FAE8F81D2251AD2F2F000329846A0F2A1C43D9D30
          Malicious:false
          Reputation:unknown
          Preview:......U..Za.M)..D...a0..T9...&.:.....?..".~....]...g.=....._..v..fSr0...J...^BuPy..>...u.E....q...p.[...%....e...&..7c........Fi.H.UV..KCz....<O....7./.]..*.5j'...tPA/..4.....z..#F2..=h.Bh.Z.x.-....&a?...'..d.f...H.J.h.L...Jg...$......}.....VK.I....N.`o.~}?RsL3%.Q.$....,..\.X.K...u.)....i..3D*..Z|_..e.2.~......7..M...&..z.a\.y....|./.t..yL.\V.R}..~....VaO.....I..n..&i..3...*u..._>M...7=..x.r..5....k{....XkA..[....6@...7X K.v2Fn."...G......&5._..TK.j...J...z..E.*.%..L.+..a..3..>A...w1u ....^&%..C...J.e.M..d.R..,.. ..\|...En..v`...d..c..X...../....#X2J;._..z{z.C.[..&....P<...[.iGz>Q.Me..%R..f.4P..w....w..W....6.5.d.....t......."..u.{d[.i.ak.$..vP.g..Y. *..l.O/...I...U.2..a....blB.P..t+%......T.....Jw........My.?_$...a{. Gs..U..d+....H.wj.L.}1z...............@..l../...s._?.Rz.....;.[$............"`q..........:.0.f..xS.f.y;....M...DK\.....C..b.u\."z]...!..y8.R..[f;&:...].,/...k..a.G...l..5.{....o....gV.{...P..E..k,).G....-.yQ:.,o.f%.|K.5.$.....a

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7F46A5853C83690452DD79E8747019E3
          SHA1:411891A4BE6C55A79169809A1AB6475346681E85
          SHA-256:18C6F06ABE0F7DACD764C2275B8EDA2C5B73B5F53127E8EA57EDF9025882973E
          SHA-512:B958A3D5A7AAE310AA87ABB1696F5F1A3E46561836344957B5BB3EE9BEAF33C6FC0914D53F465961F2D48363B4AE53ED1ED9FFCE64DCD9318F33494668118BAF
          Malicious:false
          Reputation:unknown
          Preview:regf..i#.T_..2q.}......r..o.8...;.....B....=.=#k.G.8..]6.<..9(....7E......$..B.*yS=.....@\.J...).Z.....T...#.:......{.,../..K0...R...l,.c...9.....5.C......]...c..~...?a.O8.....!T..;t.._m..U^....m..[....'.F...9F.XO.!.y..GJ....._.F]J]......^...`..c......JB><z.!.9.,.......|......M.'Q.M.u..^./m...\ .+..@...k./....s..v..F.?.p.`.9C..K<FJB.]U.`....rd....!@2Q.(_.......O...B.$.4..6.M....\.l)...:d!9A..|.[....AN.S..U. ...j.,..s.j,.?.hiA.+..-.$g..C........X.S:.g;A.2;.-.~...<...O....!.<l...{i4..?.!..`Q....8.e...a2m..J.u.0...B.NY..8.L.k.;.~.. 3D........a.t...c...a..o.....f)...)..Ee.6....2{W..v/}...g.<.fF.;.g7.8`F...UB@..l....z..tNa[....D*.......H.h........ld..ur.s?...9.;Y.......b#.{.*F..,.D.3.iI*Gj.EX..q.......Z.NY'4+....T6.D.S....`._Ca.L3....@2,...x$la.j6.K. ..^...:rpY...Z...~2....W....e.|..n..8...BU.H.....^....=H)....so.....K.- .`...j..ky.0..A.t........6&|..m...P.pp.v.zL..)..3.nb.[.l.P+r:..B{.eb..TR0.H......G.A._.@..I../..z....p...K8*.K...!...K!..-..#. ..h

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.LOG2.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7542FD768BE6BBE8FF6CCB02981A4FC2
          SHA1:C96695073AADA1C722A057F7E4F803E0061BD895
          SHA-256:ABFC85CA6BB8A50842E570D8636C73E033AFF7A9E4255D2A1CCC4BFDA7A6D23E
          SHA-512:60682D4DA9CF60A936A908C0184F64729A1D3075195B346FEF6BDC5561D9AF727BA38A810A0F53C5F416E73BAC3F125FB876778D9F05D7601C958C11F69C5825
          Malicious:false
          Reputation:unknown
          Preview:regf.&...t.3.jh.<...B..b.q...0*."........_.H5.X..@k.....2...NR...;o..h.k...jkk:A....tkL.u..'.X....,.s.'....C.......F..h.[.R)..Xn.].CS.cbI.._5...W.S....}^.1...zsb4.1e"..9.....[./.F...S..0|.d;..x`..^HS5g...p..%..s&4.....|.KwD..d.jA....xa7l\.~..@ky...#...%.......a...e............;@...F...F..D.T.+..&.4..vRW1R.......M\J.9> .. ....l.k.......L...9y.^.9..-.>.g|Z.m...f.....x_...l.K..W........S.\J......F.w..$VF..R.-......\....`..y.,............u...X...V.....z..5A....Y........Y....+(.^H..... .t....$s.v.qE_..wvOH.(....y.a.7.N.&....\..9+...+....'I?1>...XR$..ir3..U.%...t..$J...z.......3.#<.....I..9....."@F.c.....[.wS8.a|tM.[.6..Z.....Z.}...q?..5.Y.e.5.NJL(...^J.5......!>.."..8...>..K#uO..30....)k.....q.?!..i..{h#.[.i.....@T....._.`.D..V....-...0...YY4.N.....b....;.2t.E..U....$..J...B%..f|.....?.0/e.!.....`.HiKc.....Iw."...,.......Y..g....U.R.b#.Y**..b...u.@...O..."rXK%{^8..@..07~...Y.#...'.$..j.&..xo.G..Km...?x.......~!.X~...%.<3z7h.....S.h|..\.tU

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C446E3E590E605A65F425A429B9EC834
          SHA1:AADC3190483D6079C3514CD03C3AA8AEAE6F41B1
          SHA-256:6069C01B66535EA0D22248C94AE5E3E25570BECC8A8E23DF6AA75089EA010403
          SHA-512:F088EA06AAEB7419338705C5DB9E192E6F3083ACBEF117E2DC211DD036E36C526A535D1D0AADE46A43E4D27FF580B9332E6FA805445BF40959EB09793EB4CFE8
          Malicious:false
          Reputation:unknown
          Preview:regf..".#....?.nrSk..-M..qp....x..=.U2..'..|C.]%q.OG.k..oI).......`.|T......\r*TG.R...-....8!.....I.t.Z.,J......GNGW......1.Dn.F..K.......s.Z.l.t.D:m...7....`.y....+c&^=.z...>L...m.......|.E.F.R..'F.6S.@+e..]g".Q..t.@.v.AZd..W..Dy.4.[...X8.Gi.?.0..*>.=+.G.+xF+\K(?....f..<..~h...$...Q.e.h(9.7p<O>.......^.....*.>..up<0?....gI...Sy.l.ZxB7....z......B.rh..s....g..0..j...U.......{.Sn..*N.....@..3..U..yq..^f&..F.......&......p......8!.k....mh..3$...-r....I....db..My......s3...5o.;..Z..'.)..3.m.....Y.T;....p.....A..Z..f..........>+...HF...I........^.wwr.....D.2Ke...v.ng}..JZ...16X....J5.T.d.HCOZ!......'...6;SdR.G..s..c...ck.o..`...*vq......S...;..Mp..w...a.....w6d....O..t.n.&...|....2...[.Z...{.%.]...kY....YD..e\.g.....z.7.$..~k.r..........h5...%...r..c.4'..`.......>...H ......./.ui......[6.@Q..P...e........6.....l3..).{.h....e......K.#..=._.....L.......d..q.R..~.x].......:..K.3.PE..sr`....k i..f..........t..U..x..q.;.....N.....WZG9.

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FBCF7A94ADB9F5E0422916FC62537A55
          SHA1:F7FB6EFBA38BD17A2C7BF3F244BC3AC87B1B9781
          SHA-256:B1D7533E4A60470459DF5713EF2E3AD2A3F82DF266570B3335B3DF6C3631C0CF
          SHA-512:7CC58E17E7BDBA8E5EE525B77A2EF417C524138453DEC2C101EAFE330B9DE21074CC2DFF3440F51D80D9CDC3AEFEB95B66F7195DEE9D8B23A8048271098C2E8D
          Malicious:false
          Reputation:unknown
          Preview:regf.C..C.....`...e.~..;....".KU...8.3B.k.V...|E..........]..g}g...".F......v.T..@X...St.eC.)..?.`.f_..VA.H..Mc..H..d.1..".T........<0x...b*.?.K,.....%..E........h..".m\.o.|..;...<).....h%.bK!tG.{}..4u..a.P....x.O.....w/...q@'.D...|U....`.H...$..KZ):q.%..]<....&$H..-.L.R.i......`.:.n..,.XZ.r\......9xP....k.!.z.(vU.z....6...a.zwt.y....Dn6.i&q...I..e1.n..BT....b.4.N.>`&.|...H..."...y:]L..Z8C.wP.aX../.&..k..'...c!L..a.Z+=..\...1........TRv..q(..=.....j@.0i...J..d.h>....F...W..f..l..1.YY.O|k..,...$3.P.."$.O23...@t..Q.."^U.=.u....zB..w8.n2..6...[,.....}....L.. .1It.._.....{.an...._(_.....-..Q.j..8.:.Q(....E....g.6.D_X.N.....6..%.....8..;..Q..B.....LX..==".......gD.WT.R.1./.x.....c1!..\.VoKFK.....$Q....?.....D.~.b7....0.`...t.7..]..2.B..+g.Y.....r..Sd....|.{.X..".N c.QF..2+....jkd.R..N.*b..r..)8.i.h....)..c%.^..._..w.=P....U]!...d.plNs....H.=).........$|.I.....awT..%U.....Tf....cey*j..........]e.(I.=y.hn.\.S...1.!G.+"Z-9k..6...s.m.0.;izYg

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C55A0F27FFB298D72E92A7A7A3822A6B
          SHA1:3D4116CFFA443190840B376C1DCF6AB9485FB826
          SHA-256:81CC41A17D72791F6458D17436BADAE085C848289E95483C8B787AE37BE10325
          SHA-512:0750F5A952DDD125A6E172B0673CB882089A18810D9575CB69F4CBD49CEAE7C7D14E2615992BA2D91AA8C992A4F7CAC5171B091B58C5FE37DA4AA50BFC124CF5
          Malicious:false
          Reputation:unknown
          Preview:.vl#..?c..}b..`...R..M..Pr.rA.V.....Si.^.."h.......6u....4..L.D.}.UH.x.uB] ..(S.y..]Mw.z....44"..l]....u.$.,t.....VY...?.3.-.@...5.-..[.e8V.L)N.t.wL...V......T......)'...Z....O...{>c"........M...X.].uF..h..4S}.j..&........)..._.....FHWA...Mz.....t.W..k...s..I.D'.V.9....,..qm..}... .Y...........=..5..d.v......N.`s6l(.!n.3e....Mv..m$..zO..}....Lk.......=.b.........\....C.....9.>>......d...Q!.....LQ...J.U....Q.x....}. Y...........N.g.#g..{Y.e..V._.~....T.}.".....B..^6F...r..6....lOL..D.q2.[..e..,{..B..l..20A.).....ATM.v>.[.u.D....n...N..j.;0.AH.her.H[.WZ=..i..o..Z..+.>K.y[<.7....f.Hj..9..__.1Y....d.E+.....^..^.c.+j.I.f.P{0I.....W.....Z.}...l.P..I.[,.......#:..w.T.......!O.Qj6.H,.!.nW......x.0..6.A....n..q4ds......{s.J&.F.k.X6.C.j........t....WJ..9../.,..7..#...m...z.....Z..C.PZ.U#S.R...G........+.+...pA..Y[..4..'L>.*~.....'.Nu..mcc..~{...\...S. .}{.).RqB;e......Y..].x..u.oi....D.Q.oR.).%..~O..."|.n.dk.....V.0....'..d.....Z

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5D84345F9E9EF97BB1BC59530E5A150D
          SHA1:921972419866DBCB79356E3DDB247165D1B52CE9
          SHA-256:0EFE00E622D2AAD3F7CA9FDCB686624E6351C44C9D85472ADB90C077F2E48BDD
          SHA-512:42712D8093AAB3D86F07766950C9E3965F438569F91E05A837EA22FDECC5A8E6ECB636F435D6EC7760E74AB409069CDE65FE122161CA87E1C0052E37D1BC3741
          Malicious:false
          Reputation:unknown
          Preview:regf..Ssm.3*..X.D...k..4F.....6#.r..'.....>..A..*...0..]..6...T.A"...'o..q.l.5..j..O.L.c.2QYvyh...;.C&,L..7ApL....4...R.0.}...9c.h...4mW..pmJ..~..;....R..7x...!...b..h.s.'..X..B..{.h..._.e.4.j.bB.2..A. [.U...!..#f${v.g.l...?...y..>,8^..m=.:{..@S.~.a._...N'...4.(........lN.Z....Zt.V......9...97KL#q.I...;..b..D.X..;.H3. a...c.y.y\?>...+... ._..=._7Z...c3..5..*.;V. .."..!......&d.%.U..2..c.(*5.u...Q=.....(.S.<2............l........L)K.w2....J.*.............^....}9n...W.v....)....z..........-...........\.b8./.....=u.B].+.....T........q.Y%..m.k..-.]BCt|...n8...8...da.,..`.8..R8]Q....#..A..y.Qu...j.6b:r....j[..=pp-F..d.R.....V....j..Z.....<...@7..4T.....u.z.,.v....t.y....3. ....L.8*....g?I...i..r...uF...k*.c..\+.M.....jj..K\.U..8@..+.[.q.2.X..:..\0.h.4.?.G..w.e_.&.1.{u=.._\..r.{6{w^..a...(9..F..q.f.....%....c.LE..]..4....j.....o.2..:..P.-.U..k.4|.&F.@.*.6..j??.m!6rS......2.D(b.....>..HvD"~......B`..M.M..P...8.........=#.vx.=u."s.....D......j

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:140B064BB092A7C3ED28B8C84B452F5E
          SHA1:5461FFB9EE4153B0D0B4A31F74BC68276879D937
          SHA-256:640BBAAE1B8C27644FAB1458796B291758CAEADA12EF83F9F415ED8A871BC82B
          SHA-512:CF5DD4BFBD76B5CD65F2B6C04403A32834189776196FA016C1D7DDD137A6B68E30069A8F12D3851C298943475F2D3E8122BF4E982514F6A314B02041700E7288
          Malicious:false
          Reputation:unknown
          Preview:regf.|.......G.......I^*>K.....|.]....NC......'....>.*.b..L.N.Y.....Is..IdhW>.:_.@ISY.....?@..Tr.'.J.N.{.Q_'......GOF..iB....wO.....Y..wBVZ.S..#i..Q........?.NJz.W......-..q....#Z.G..)p....G..W...K...z.^.1.........l...........A...v..S.C.|..u..E....)O...1C....7..J....Z.ntS.[.R.....O..S..Z..........|..r.......(^.z.^`..?.F....]...R.f<4C...'Ry*?..f.... .;......+....i..3......c^.nM=].e....,...*.M..o.F.W 3\B5?.fDV...Sb...be..;x....?.BSK......M}[k.$..fW.<.\.6.._........x?..U.m..T......S.5u...H.q?'.....g..?EqIJ;..F.po.J..\Y7....S..&8>.z..+?.......FJ..L.WW..dw....V.../Df...i...&./.Tg=.d.$....J....Qm..m-...U.m|.p,.......if6E..]D....w.-...V.....;...3..D$[D.,..Xs..k..G......O.....^......O.*..t..5.....t.~.1....L.....%.~..M...z..2..UU]k....8F:._..1..'../b....B..,.........O..'.]!#y.Kt.#..e.)Q3`...<5...SY.:B....H..'..dc..a...b..='b2w..tox.).p ...h...z'5...|........T..t7......Ig..I.MM }UF......D..F.].#..u..0.....c..D.u.@.f.4.Rdy.y.0.Ep9..y>9.r...8...khs

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:42FD23D71479DAFF490F0216C17856D7
          SHA1:2D4E83BEBBB92F6EEDEE338AC5310037BF8A4550
          SHA-256:04515CD5DBF9C76E96A3E4A47161B825D1F634EF965D243437F0094FD4DB8CBD
          SHA-512:2C105FAE5E95291141C6E605C1A9B6D59789B399FB9081CB72639AE090680590CD6392A8199F20644FCEE0218E49A24A3C820A277522EA2865405A0E9BBAA23A
          Malicious:false
          Reputation:unknown
          Preview:regf....kg..hECi5}............&(..2@I.ZQ.......8.T..+`.7^.IXzi.}MP..@.....-}...UC..1n....J*D..X.k8<.{....Bl7.z*..ecF........O..."g.R~I.B....I?..I..:=...q{.fl....}f.X.........2...F_H3..~.Zc.kBA$..0....2.J5L....1...[.........\.&...9b.n.7+..L.....r..^....`vs...t..V8....L...Pt.2..*.h..W.V.F...4.b.......H.N_........Y..c9.T..z@..#xq.Q7.c...M+..s.G.I....Z+.+y..J*.........=s...}.w...}j.&o.>+.6..2.F-..G...1...c.O.Z...:..r.q.J.D..K)...9.v.).%.8s.i..'.o......>.&........%..........NW.\.=t...sq.eK.YN|`Ls....H.8...w..\k...h..H.ul.&...h..V.L.....0...)...U p+.-..J....N..Y......?...V..m.E,..9Os8....I....}..%..f.si.EI.E.H......b6.ZH>..K.1]%W.....&hB~..m.|..M.C....O.......e...YW..U.0x...e..1.L......Q.t...^.4_.\.f.G@d~..J(.M5..{?.!..hV...|..^.&.m..K.....&........`.0*....8.G.#8..r...?..RA.......I..X..}.z2.*..L....g.....)5.!+...w..A.{ry>..O|.{...F.u.....4...*8.....f^.qzzX.2?.'m.V...)...4n...Q_W.!...m.U&.6....#5....+.q...<Y#.].J9.p.6.'.F...xJ..R..U0.m..O...iZ..G.

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.LOG2.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:AA104A78058C2610C216A0D4D800A19C
          SHA1:EBF8DA8EA87E90D315DA23EF896476939A818F60
          SHA-256:0E3007F87E0F5B9EA1853ACE7DC0BE56B362BE4585794ABFF7A1D179DA1A8AA5
          SHA-512:EEB2239E43B8F16104CC2E4F5C03CDCEEAC7394E935A8691718E5AE6997297726DCB1C2BD0C31B3278F3293C4104BD1BD6FE5D189E2F39AFB9C785203621337C
          Malicious:false
          Reputation:unknown
          Preview:regf.BG.9.....|.!.J.2g..D.....1}...o..2X..v....'..N...3=>..T.....Jt..Zt?.V..j..F.....Q.....@p..)h.P. .1..8..H5.1......b.h.l1..f...).......R-....i.....u=...q......#.L..U._..%y..U1...9rsu....E...}.(M.kG.....We..].\.S.%.VyNW... ..=.i.s3r.U&.....v.d<3.F.e.x.{@.f.DU...d..s..=(.(..n......U._....I.0fZ.+..z6.~*nLR..~...,~.f...L........Wh.L..c......r#..o@r....oy.aI..k^Q..p..L........P...J.Mz...#E......4?]...e....z....:.Z.X.A.UW.P"...%...2.....S.1..N.S..>.N..{...G.WT1\..E...!l..i...`.S.$.1....W.h.....P<...!....C...c.....b.....v.FJ].C.....G.....V.f....l#1..D...7......^-T2. ...B..~``5.......I}1.F.....=..*.....D..g.....s..+*..M.......q.6.y.q.. .B......+.j.cF.=.@.k..........%..G..U..>..Q.Y78.2.Nz.H..)../.h}1.aB'..t........U.ve...62.f..no9...d~.....H.q pw....nq1>Y .dA#..8z8.P.I. ..7T..."w..M.=.....g.{..6@{z...S.B=:-#.(D....3..Q_....?W0.J...&+S..25.(.did....p..``.2.......V.g......].G.....X.0..~/..(U..O#....O.....].}...a.....G...+T .c.,.me.'.HU.W;.

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FEFE1D36DB954541E774292DC258AE4A
          SHA1:508C4DA9A38999CD427D908C0837E32C0890BE5F
          SHA-256:C4F5A87ECD9ADCC82857E746277D9402B0DA2D423FCE014C4ED950F424CF8884
          SHA-512:AAB6682A94349B90CCBEC4F5FF77D6C4FBF580B69A875847C7BA0839636DAC6B91488DCB5E064C0030E4805ECA7A302B80399E41DE838F72118FFAE12A8EF952
          Malicious:false
          Reputation:unknown
          Preview:regf.L....V...d...../F...%.lZ.P.=+.....#..4.,.J...ltT:.%.+}.Z..\....n...Nz<[...S...P....t......+...#/-...cy~.f...Y...OM...9.R..`.j.y;.......+O...(.U.\?.......)....u..5.kt.D<....>6i. .i`z...@....3V..."..._..\).aR......-.)%.Cn'.4~..c|.zA...uF......[...Mi......7.n....t.U7|~.Ne2..ZJd.......=D.jy.k$...s~..x...M..c....p.!q/...W.XM...B`v...k...\...0..HM....G..e..VD>.j....[...Qs....)64..y...?H.n..:.~].RR..(...=..+{...VS.~j.|L.........[h.\.7...y..%I....m'.`...W...V..]Q8..9{@8K`..rVKT....Z..c..H...G.....2.5+[..}..............+.q.SE.v.c.b..`/.R.-....9Ss.../..|C...$...w...i.Q5..].=.......t...e....i...."v.C48......z...s.. vp..v...e.w.............v.%.... ".7....Of...C.....P..*qxx...k%`Q.$.....:^.".9...9.......%m.|..%.>YU;..9#!...?.`w...e..f9....#7."g.],KK...A...{...9j.Q<...i.I#p.Z.3.;.m......t..G8.[x.c.M..........6vNG\.....l.T.e.s..k_..E...W.....!....1-.Q..b.7...C.Nm..#."9...N.......V..B.".)..#DU]..3..../.\..T.6.-.~.L.,r.;...q.[..{=...L......kd1...A..

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:ED8B934EAAC0399866D335548798F505
          SHA1:70D4199D368DAA4622D7DA66EF1C6CE2B8ADF2F9
          SHA-256:C0D78690FF6779C08A3689B23EE49CFFF3FDE8A3ACFF2B96AAD6CFB191ECB809
          SHA-512:AE45B7F972BA04855CFB225B5451470206685DFD24B26479819287909C4D1BAFB643D9B02CE3C06F60D4C222D747B9AAA9474D76869437064AB511BB6A7D8555
          Malicious:false
          Reputation:unknown
          Preview:...!..../N.E....1.wg._V...d<..T..x.~..o.....s*...T.W9...l..z...8....n.8..hd9. ....k.7e.../.......b..,F./.w.......#.....OK.o...L..6F...G-.%.q....S.....>.Y_......ln..."."b.9L.9c....-..BW.........u~..CR.)..>....DW.+.].'..$...r}g.tR^..k.u.e...b....4..c.M.e2.............A..6`...s....,(.>...S.e...9..@.S..w-...K..5/.:..r.k.l...eA....5X.. ...9"Iq..iz.J.X.JAI........U<...W....!:X..}.$...V....=.X........._<v.]...8..h...........(.."...G46........!.9IF..r.:T....{"P_%Rxr.Hd...@5..v....X.>..NE...ym..7.L#....?..$...ooC&.{#I.Y....+..=O{.D._.M.l..n.ED...t.5".*...+m"7J.I.<.../...v...."......^m,u....DU?..4f.........=.CI.Z._....Y9.._.m....+F..t..f....GA,^..S..w....g.....2..V.......b8.f.n;wq.Y..e.e..M.8...Zu..."#h.*....i...?..^..."J....1.0.|Q..Ws..C..-.-l..z..R^..~......-4M.0.8CE......d..8.....97.d..N.._<..,.v..V .u+^`..t.G;....R.3}S..p....`.K.T>c.......z.....-.S....h.%.y..Q..o.G.92.y8-...{.<!.s...h.T..~v5.vYaY.M.G..ee..n.a.+......~...(.L.......s*#=W/..C'

          C:\Users\user\Local Settings\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:622683D5C65078454896F3AD05E11A84
          SHA1:60314B6174943CCA285BA8E6AEA779051E3E7E0C
          SHA-256:E396F3925D14E1149D6D40C53913190D92E9A891F65CBDD9D5906BE51A5E7C5A
          SHA-512:EB55A18F942C014D41739E0280D952D014FC17369873B32AE8F01C7E80663130B3202A4174CA44F0D30EAC007760C2B3BE0DCDCF9799E206B6A7702F6BFDCFED
          Malicious:false
          Reputation:unknown
          Preview:regf.y.qY.D...Qv.y*.v..1......W............@.......;g....].F.i.K.o.:.2.}d.8N.Ugk...ZZ6;...U....A.J.......aQ{X._..j......w....N.....m.bu..C(b.(~.S&..f.i/ML.<......._...]......\w.d.&....Io.o..j@{..c..A....j....z}.N'.6+.. ...V..Wc..-2......ik..s..tLpj....(.[W..r....WzGor.IN.t<..|Z...4.J.q)...p'...,./.q.T;|?.......X$......S{.o.{..26............{..Pm.[. n.F..._.l#..?..X.d..l$..\.C.T=.VuG.(.....+.=&T..MO..}...M.BrC.s..<.....,.Hb....C~.D*....k[y..y.....kt....u....';....E %....../\.v....Z.c...+....././.Qb:.5nM.J..B.'aOt.W'P.R...6...F2#.1...S...?.n....z.1Q..:+.6.Z3e..Y9o.@q.......o...p1:.:.b. .tf.#v....{*..N..D.y.....4.?h=...+d;.. ....0.s..v.r.Q..-.7../.:8x.E..X..v.t.....X...Gl....c..$.....#.......F|[....R....#......uA...Q....$f.l.....*L.3....(.7.?..E..XS...kY.`...*.2Hm....\.A.."e...Q.\i.^V"..x..S.m.Tp..P..09dPm1.....V.LE.E...o/...W.O.P.@.Or|....~4.....g.!s.l.v.;.r.._.;..m.y.....F|.C..T.EL!...!..>....c.n...0......O{^..l..tXM...g.gf.^.]v..}......H.

          C:\Users\user\Local Settings\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3F46098D8202BEC88BF69CAFE0341961
          SHA1:1ACCC0034D274EF6AA996EDC1B0E0F1CCB9DBEE1
          SHA-256:98BC10FC50F9A2E8F00D4A9F83E72D96C7B89A1FD982EC23571161FCCA570985
          SHA-512:6357AF9714092709F69365B88F6B2E5B5BC4F2736E44F8FC2FDF037EAE940E595690E25F2886A3D12D416FDD9DC958D0D69D1B38A0B4B20EB001580F8D0DD19A
          Malicious:false
          Reputation:unknown
          Preview:regf..}..z.....9.r.l}.....h7R..+8........c.k.... .~..R..?]<....F.OFA..@..T)$..16....u.......m..@^L.-....s..."^.v-G.Y.L..h..."f.m w...fT)..m>..c.*YNWT.vS..?...Q{4.&D.u2........._.X2>...)e.Ell.q...N.*.Z.Gh.@`.6f...G].dO%..`.<oP.oF.Wr+...L[s.pb\.o..n..TT.'y1\.'~.&S..s....|..A...-...z.M.?'.....e....../..F........u.r.>......A..B.c.s..I..'.m..!m?.b.d..I.E<..=!0.....{_...."._.PJ._#,r...uJ.%.*|I}.'..;.\F9V"O......x.&.1.6jo.a.l.J..')...]....R.L(.R%..;..p+..{r.......-.U.%(.T&.ss.....?Y...P.J..dN.7p0.........(.>.#......+....;...`=$.*l==,.+...$I.. 9.......dw6/.h_o..K.wS......]$......f..Gn_f.......*....N..O.s[.|....2..!...`..(...A..A...........X.Z.D. L.....pl.Vs.....b,.._'...A{..+.=.._.s:.g(..h.zC.'....T2..-.-.......A......].].5w....R..z3.(.4.|)..z.m.~g.O.w.>..a...+.ed.wP...b......hHi....:.......Li.o...\.$.....asJ.....+.|.....\......l...s........L..;.~[..n.f.Q..\...D.......,..;..3...w...j..........[....P-.......g..U+...xX'F..=..h..J..b.c...p..u..e

          C:\Users\user\Local Settings\Packages\Microsoft.WindowsCamera_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:418D84C3C4DA1AB45EDC406A39A89849
          SHA1:D1BB75253C2DF482E96A9C66B078A5BD56D17BB7
          SHA-256:2A17D8111DD7289C72B9603016F9678889779CB6554321B9BCB4171622C08184
          SHA-512:86BEF2935A2AAE0F33EED69D6DAEFC48F45E3ACAD98979C1A0FB5C511069CDE4640767FD18FA8C181684AB4202F7BCB0E0F400735DCE34A6FA1B5E856EAB3216
          Malicious:false
          Reputation:unknown
          Preview:regf."4..a.K....q...V4.V&..D..J..T.3...@.-w....%.)8......f.M..k..059..jKh...z..&....dF....9ip%...4O......d..F..|8.......af.3....)|2..s<..x`X..A...q...X....g.O....]....$b..T^..~.....8.;AY5B[bJ..7..F.N}$.R..i8..]5...=.h.0R?..!.=V...C..7..,.......so#i..|.t...0...T.c..%...R9.vk.Wc.Cy.ItK.X.^.+ ^.].....A{.pQ..4}S....T.....NEx.&YN.7.....h>..R....>....u.V..zX....l@..y.>je..:...9....5Y@...s:.n.V:;?Z.q;.O.....0....A*..o...........L[.aX...B.i....N./t.....tA..8.-..kx!t}.I.J,..7.....9....(!S.l..".d'lD.5......7Q..e..4.F.9&..6q.g..G.rc..e...=........4..1.?..m.P.x...u.........M4..0$.....z.ZS|...B.)...d.N..}...#s..x.K.....>.'uA.3y........@]........?..*.u......-.......!....e..*..4...w...s2.[.._.... .....R.i.Y2U......U.=.E....~.....'..x..(Y6...pD...CA-/44.@. ].(+...$}.%M.m>..a.-..........4.b.g..yH.fXWQYw3r.....0...iF82..#o3........s2;....|..&.SU/]..p..w......0.q..N.".`.{.fh....n..!K.RE.......U.^2....8p..s..I...~#.L{.r..9xw]s...f.+..F(4X...p.N........^

          C:\Users\user\Local Settings\Packages\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E6826B66A18A2540AF8D15351391C762
          SHA1:749AF846C36A7B8C4D919ACF88A1D704F772C8BF
          SHA-256:3350EB8D51A113B66347D5821C0DB59B1982552D7B98660A83A727C31084B4D3
          SHA-512:A0CAA715B44B76E4EA8C49DD8776670FBB31619AA61D840A20FA723AE9D336BDF3A7A4AB87E38F93C654AEB8CF39920F5BEBB76B2BEF5F74454A6F087B12E906
          Malicious:false
          Reputation:unknown
          Preview:regf.M...|9u?..L..D..y..B..8.....RwDN.4...:...*..v..N..rHv...bJ.... -....Q...Q......%......;....r..NX.)KpO...c..-...].Ry..$3...W.K.......}x...!..oG.;...(...0...M~=V......0.0..C..Uz..7..{..oi..6..xv,.A.....w-|T.&....t.U.$.j]zzm..E_.......x.....6...[.Pn[v..'.Ke.;i..5.....L_`..l.*3.....@eg..&f...q}].....Io.6..5.To..N*.....B..U.........%.6v.._.*v.t..q~7..)..:.*.|..@(\..&A..3.}..m12).v.S.p<..z{.l..N.?(Z..jSl......y.%...=X.AQ.;A1.r..i..Z].=..,k.cnJ.<...I.G......=..n.....O.'%.O..p.FV...f.V..s..s.%...j..Os.i....%...UV....@......T.6.....l....../pC&"..T.bW...W*.b..c.L.2....C.s...F.........r.u..g.ES..........Q......I.;g..k.tT.F.[N.K. hC.29..L#.6h....>.8HTk...[:...4..A..U..8.hz[_o.&t..u....K^./"...zmy..G.O...+........[.....jm...F..8...i..<...pm.I....?.|t.V@.?.~c...l)^3.dhT..-...i.}\...<_.T.ugP....4I(..< _H..<.....ma.Ip>.K.......E....u........w...{....b.k....FI..-Q....D..dh.......*F...U+b8..D.0.w...;S..c._.h..n..(B...{....R#m..Z>.i.-

          C:\Users\user\Local Settings\Packages\Microsoft.WindowsMaps_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7A9D0CC6365EE757AA3EE32F77190509
          SHA1:67601B3453EC99B94D878705801EBABEB7151AA5
          SHA-256:7FD52857F6BEE7E6B2DD8190698062C8555E765E2D9345510A68FA3953365658
          SHA-512:D6DFDF4D04D93E5CA8ADC1B815262FFEB93B5AE28CC6A860BB7C4F8C26ADF3E8E2087373A36722AE4BC0EC3D2660E6E00939EAC2D34EA012F2B08F77DAD37213
          Malicious:false
          Reputation:unknown
          Preview:regf.....?'.p|...%...#bd.=.:Z...X........%....u........at...KO.......Hb_L.......%.F[...&7.f....l.d.A.,-..L_s.iE....G#...%C.B.H..B.'......<?.h...m..<M..o78....|.....t.. ...x>8.w..f...F...q..u....s\H;,.Z?-...\.N.Q.H..f.....0...;`.sD...5.]|..U.2...m.8T..D...>....l..gx..l7.....4}...{E2J?).R:.+.,c.<.R@.....z8aA>J.>.}..)......Np<.YoP.M............q%UB._..%d.K......2.Nr.[.x....Z..A m...!4.1e./..<....<..zOM.P.....4....l...B..5.fzK..Xs..ur!qs...3..n.@..`L...Z....dy..,~.(.F..x..k._$>....%NNOV.[.C@dQ3...,6.w......K........q*.x.7[..k."s.za...(.....e...&".....:.o.)..|<i.K*.....Qi/.M....2...w..6b0j.Q1....qc.[B....M..x0..NH._....6-..wH/~...D.&j..x._m.I{U..Z..yv.e...|m.w...z.h.!....+.h...Lu....x\....>6...o>..xD.Y....\.7..;.;.)Lt%..../Bg.._n.O$j..._.D`+..-'.+..6%Sz8s.A.....[z.9.1..~IP....K3..J/N......2.........1..k..(e.aC.US...d.......Lf.cf.2Q". ...%0..,I..[6.b)0......q.LN..P...[.*...L.G....>.s........ps......a.=~^4. ..g..J6....c.1O^.......&..9-.*..+k...C;.

          C:\Users\user\Local Settings\Packages\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FC81200A7D3FDD21573565F778BD8BF0
          SHA1:5EB36E8AB36B331BC5AE2CFBBF015592563BC1E6
          SHA-256:0DFCC8EB5973679A06D89AA698DB7E5B7EB95241B9FADAA9EB8061D79A3C600B
          SHA-512:66A6DB595F238B565527B54E2365C4AB47A592FFE1A85DB13770428921D0A9856778489B3AD01F8834FD7F1EF1015850298BE1FFA43B77E548BBC4D3E159D9B2
          Malicious:false
          Reputation:unknown
          Preview:regf..Bl..w.:.0,.#...M.qE.+.D.c..k....}...l....k>..q...@..\.....`..y[!.q..\;.l:*.Y..E.y.S./.....o.!>.$... c-.z7..z.L..U..'....}.. ..WN(.)g.CV.k.v.e..Xz}s......2.U.U~.c#r-X_P.......J..[A8...i8....)....c@.w.uX..d).../...RZ.>z...Tk.Q..]H.J.fw.(...?.x.7...........k..5g.#*.o.....w..q-..`M..3...R.W.`m...:_........4.:....SF....cK..y.)@.....(..)V..bR...o.D...e!...........A..{v..|.....X...,K...G6..)....'.........&.u..|...*|B..u...,h.A0...D..4.GD.......We...AU.}......o2.....83.1..O.<?N;.4.*..j!..6xCk...v. ....n..I1..-...6)c..~.9.....?.+...l...x..{;..h_...b.....[W.O*k..1..w.....G.e.../.Zp....V.B[....mg.u.V...6>...Qt'.\.*.$...>q...b.bv...Y.9.......t.l...V...".A..cu...>...Q...u.y.!H..?V.."...h.(N.k..e..Xci.1.,...,i.S...eJ...e..(a.<.-e.N.E.IK.g.....&...Se...VM..\.#..Pm.n.n....F.....\y..%.?f.8.6.0+.ST..K.G...ux.<.H.T~..a2..Y..i..._.#.......4R.m-...%.bw....w.:..0.i..F+o}.(....B...:..G..9.....!W.qN..f.G.hV..x..:"u.G.......+Z#....:_.k../n..y.Q.....>....i..[.L....

          C:\Users\user\Local Settings\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FF2696B2A2858085AF4C02C76668EEFE
          SHA1:46388145375A63098BE04E82D42DE7029862705F
          SHA-256:91A31684306A19B137A58DDD0A64C1D1D60F6CEF5CDA2C533AEC92C31D03859F
          SHA-512:1A22495D2CA6D0C38FFC2ED69674C99351AD193FD30BA8E8AFC1ADCAB087E00DB95418A28F808EDA4FD079E1C8AE967B510FB3289CA584FBE2BF0B26E33AAFB6
          Malicious:false
          Reputation:unknown
          Preview:regf..-..r.........RYe..f.[.Rti..M*.w.v>....+.#.LC..-v1..P..(..A..........y.Okz.+..D....~..!..>x.;.;Q........G.X.V...k..6.m.P.......+..X.c;%7..,..L.@.g..2QD..x.W..;o."...51*2..b.}..vJr.......2..$../mj.R0R...... S....*..LI.......c..r.qZ>.......].........L.d..C..S.......2.c.i.....I.5...q...G.7.W........Fc.._.Zgn..N.E.3P...W.0.f..........2...........'{...u...S.`..+...]..T.....}W{.....Q.W.X..*........*...ZM..M..4D#...{.......v.......)....'QrF......m.].M4. .Mu...u....`...E%*)..0..I.h...Wo...^..-. Z..8........9.E..)2.|......4..?8...&...!.;....0~Hk.F.3.G..y......2.4.|.....sia.c..I.NN..L..\LL"....}c&#..5<...wj.!......z.TE.\...O...v;..V...Q............0...H...x..Z.0..`V.W..'.;./........AM..>..JC4^k..lU..V ..K.]...E.5...z.....;.PT..........L..+.*B.,@.J....Fb....n94..o..U.....z9j..2.........^..'...=..h_ M.P..ln2...L.[..o...#.kA......N'.O......%..............C...........e...F...0.....Y...Lo....<...\....z.^..#....P.q..J.z.NJ..q/0... ..w

          C:\Users\user\Local Settings\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.LOG2.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:917376310C13E30768D1D8F6D09CF31F
          SHA1:A5967C79077FF40F3F1589DA94CE226C1C3971F2
          SHA-256:80456C0E7966A4CE335656CE3AB1AC53060267B47D1E814921CD48A695E60527
          SHA-512:431CCD70290687D4BAC4D200123E138A0C848E0AD5A98195225423B5C2C3438D23C77ACA81245DF38DEC49C2B82E1512DC0E76FF8820E3FA3973B146083276D6
          Malicious:false
          Reputation:unknown
          Preview:regf..qpI5.Oe.R....X..`...[.rN..?q...k0.../....x.F<4..{t?\$Xe.j..W.;.w.+......o..%.\.y9k...w...6.;.@K[._...H..@...F.C......[...p...:^.B.....H>...3'U........$h:Pv.`..e.M..*.`>.J......b..m..I~,....4.:.2{....y.3..O..Y.#.%F..\.8..*..s..........t....nA;....w......l.o.2.8.`.A...$@B.rZ...m...{.c2.z.Oi....J.~Q...p.23`.W...[FH.....H..+Bt...Q.v..R...S`}6....n.U.&.U.gy7........4....#y..A........|...2)O%.-.....Do...f...j.......y.L..-.......j...*Tm.........vW.$..C..s..x.k..u.=T2...3.sb..y.^...=.....a.....m.j..(...0..g./;...E...l.0.....$...Iw...Ys'.{........(....O.l.D....F.*......x.....'.........j9.7.yeT..#...V.5^.%.U.~"...i....7..2.....r.1x@.o..|^.u-iR._......Eav.X/..s;;....c.zg..5).w.~..;..L.-......K.p@.M<.k.'..t.kSv.+.s.....Q.......D...M..0p..T.../E@gM7..&lN...Q.M%D...........(.<.....".....k....L.;.....;..!..}.=..Z.@....[.....O.v.ux._<).~k.#...b7.D.rR'."..Jv.]..N......Y.f..J..E$X.625..F..7..re....A}.....;* T.u..&.....RJU.V..5w...l0.X(v.

          C:\Users\user\Local Settings\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:00BA03044BD5C06C2135DC37857D90C4
          SHA1:17201A69C7D9367518DF184A70347796331279BE
          SHA-256:9FBA05E897FF7EA1C0173C4608F141AE6A581E20DCA0AE4CE642E24C3570C7F6
          SHA-512:76D30E203E822539DCBAFFFDFD61A91E6B604BED0E2C0ACFA09BC20D9C74FF2A33F78F0CD706A6E5A39D19FA5F256D8CB6807EFB39408267ED52CD88461E7174
          Malicious:false
          Reputation:unknown
          Preview:regf..F:.....Q./...(.q.z=2.0..71..8.w. ..h.R..yg}....^.xu...e.C+/.....z..(..7.......LM.1V..g.A.;.....-..Ob...M.^..!...._.1@.....~.w.w.v.C...N..sT.g....|...%R.k..S.s...X......|$F#cd.......&>'...1.....ip.....>t>..LH'.........>..9.R.K$.@.=...}[v{..f.5a../:..E.h.!.....lTV9.M_7.Q<...C.x.8...a*$K..^I).*%.V.._...Z%QXf <.z.y:i...Ca|....o........h......2.+`sTz..1....d... ?....[.w.]<.&.>.4.yz.=E..]:Z..w...^..1(..Cu..#...!...=..T[...A..b..?M.........S.w9..%i..m.....WA.f.G^L0.....*.M..d.......".'.{....l|....v.wAp...x....o...Qg2.<x.O.m.zaU..d.>.....z....K..$.a..s.'J.......e..s#.7Je..f..x...|.....b.&...[.d.}...a..$Bj..&O...,t....J.X....s..m...+.i./'/u..g.j..9Zy.g.a\P..... ..q..1.D.;wG.\.:..'cI.E..-.C.-.X.+...XMm.'&.G.J.VQV.f......x.....)......t...,....B.%..\=m.oi....u{E..h.%nQ.'....C..RKYW.00<.O.w.4.....f4...N."OT..QZ.u)pQ C...yf..(4O..K"^..G...2f{..;......si...F.}<..m.S-..0.Um).....b.rK...?F.....:U.0.[-..R........_....:'M..7\.#uPW.U..?...

          C:\Users\user\Local Settings\Packages\Microsoft.Xbox.TCUI_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:84984A964CD2AB40DF3579FA168FE5EC
          SHA1:0EF0105B5334B842F430404D2C63F63240F7D6BA
          SHA-256:6C78FA2D92D9E1EA8571745F4EF1E7083FB7E60ED7D6C95B7044CAD24B396BDA
          SHA-512:D339E5662DCC5C2034547CD878D92A9826A214DDDF8301C79B8185BC07210913DC7E8A9EA114D91B4A082BE86BD8FB3E8CBA475A2FE3BE257A79FC517D8B6CF2
          Malicious:false
          Reputation:unknown
          Preview:regf.s.N.G....d:.1....;$..F...hyl.>.nKku.V....C......8w7.M.....\`7h.n..9>[..B.s8.H(....v....(.......r.Sz...D.....G?..cy......\.[Lgs5q.Y:...:.....$(I:.......s7.....0.X.E..i..Jx......df...<.5.Yv................KC-'>..W.|.m..f.B.GJS.WRY"...Q...+X..W.|3..q...8.AA,...;jd.1.G.......N.[......6.m".L....V@.v...B....wN..$.%k8.*...l.g...U.%.S..L...~u[.&u...+..]....\b.QY.w.Y.......!e.,BE.v..P...a?.8..%E.........&..;wg.V..J._..."..x..c..A$....|....r.4... .v.V(.$..@...N..{BzFs.9..q.L...n..d.ikF5........`m.C...Cq.\.'.."2........Z..$......g...c.Ss..Fzfk...@....A...<'.6.k5qd"..W...T.R.. .5...~3HS.W(h....A".Y>c.t#...5-.....qX.k,8..5/5.q...b.eN..v{@.*D\.y.3..i)#...a..Y..o.4...*..{5..6...T.f.P.t.p..[....}|..?....p..lc.WS5.+.-...<]}f..^...Ag.9....n?.i.L67)B.Q...@..w....\.H..v.m...i.N.*.bB~..RH..)..>PA.<.+.Z.a..g.+.?+.......bl:.V...5..5......5.Q...T...kt...Y.b..d/..P....,p...KB0$..P....c...I.kBa..eJ7..>>~ /.0..$.Q.I..%r...%.T..'.......A.,R*T_i..E.r{,.....fj..(]$..p.>L

          C:\Users\user\Local Settings\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:43A682C0728C93E1352ED87793DDA446
          SHA1:26FB67BF9B6D2B463143B9C6AB5571DAB3DFDF14
          SHA-256:2FC20BEA5FC297E4EF9C719ABC7202743D1DCC56E81ABA5A8680D8FB7CCF0346
          SHA-512:51C37C242552D58D8560ED53DF525A24E49B852E8F62729A93B1674CA42C1FDD8BB5D6FA27B5CC0FF2277EC369D1782BAA4314663B6E40B884115A9D6DE37BA4
          Malicious:false
          Reputation:unknown
          Preview:regf....K.....E.v.....g).I...G..Tt4!...y.'......j....e-u$...P[....t....@IkL.....C,.:.....1#..~w....})........mP..a..m.O.....J.y|e....$M'............i..F}|............I.....-..)..}.+Rk....x$H...g.....,.Q.U.._<.f{2w6#.oO..L=....IH..C.......?c..b...L....(.\. jVt.,..U.ZR....!..l.0..?.......M.1{..d...Oe...\8.k..T..)....F.&.Tq.fO>.......t..T....)P.|..&`.....V..BBG...+..>.Tt.........dy<q......v_e..]Z....o.)..TH...Y..?.........u.~..}../....f.6..81...}.~..-.S<..C.....'8....2_....vF...^..a.`......m."%..g5....5,...9...e.s....W...|...AD;;.S.......0..P,....p.6...kb.<.,.}LsN.6..D..RZt.....9....;.U...a......+..We...*......P....."U..B=DJ...5....%C.`.z..a-....)6..{:]..-A..t5A|.]T..j(....1.y,....df...'`2......a.&..#.|..+.bo.....{.A/...\...I.2....h...=......^.>..%...5...f....7..43fF.hnF...j2U!..?....#.2.\.x....;.n/)M8[.0..{..G`..4;u.S^M..6...~.h..)....%.......K...;.D....tc.0...[u`A.#.0.OH.C4JK....s.]:hC(GMk..Q.K..*H..)v..........<.1..Z7.8..Wh..A.g

          C:\Users\user\Local Settings\Packages\Microsoft.XboxApp_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2C419E26CE6F99AD4F0CB0F3E68D7B66
          SHA1:1E1DCE292391003764291BDA19E729FC9F50512F
          SHA-256:F3B42F319BE2569669FA5731A26ADC9D37DF9886DF331F973B76FBD845EF7F4D
          SHA-512:4875B5156DE006256E77DDEF81CF5C3BD13494D398C1FAAC6E6DA8C528A960F3D0E20396DAF0AFDAA7B3787DA8C12F1C4D9D86D2E3473B83033EABFB292F10FC
          Malicious:false
          Reputation:unknown
          Preview:regf...&.g)...&t.....4IZ!w..W.G.&f.p.S.....J......li#.(..Eq../.%..e..l.....?LG.U.|.f6....7\r....&..zf..I.r...a".`..r.....:`.F...D+.+.Wi!../.vL%.......Ri.m.....%A.......M.Y.a..|....."....x..o....8pa....VU`=[/..7.z...j$.C\.....&.&D..xJ.u..MT.,.xwv..(.......u+..S....R...5........L......Zx......`.t6+.....N..vu'...I-.^..m.:..L....Mt..;..E%B.B..M.v...w..oO.|I....._Y...c.P..=b..,%$1|.l'...r....Y!...z.9...@_......N....=,A.O}...^...Q..l..I.G...b.'...y...).ra.V.....TL[E.`N.m.K..6.....,...F.....?......>.S.8.?.Y..>.|q..X..~A.R.p....y..6"..%.C.U.q 5<.b..`.@.8.3..'.`..E....{.O.{T.J..r.g..NY..]\Qf.d)P.......U..4.#:...z......:w.E.R...4..{....@....O^.[9[...87V....I..]$...<....L.%...d.....+..?..;...).bZ&.q...E.d...P.J...!..x.;q"..4q.B..<.....D%.5...B...r..@...].,..^(.@j..R........]..^+.tdL.q.v..y.x.)..B...N...'{]j.0....s.3=...<v..?`.e@.].XT.t......D|....X..u!..)w`~oS..:.'....HF..)xt.9..{....Z)".....I8.g.A..i..C.h....^ap^....=CJ5C.../.;...3...e.Q...`..

          C:\Users\user\Local Settings\Packages\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4222BBC83C78E525A50B5D05E0E469C4
          SHA1:09137D36F4CFC88A8757BDC1E1E2504C64E26569
          SHA-256:BD2584E84164BD6E7C7A8200E7C1724B11848788B397AB96346B7ADC5A67ED60
          SHA-512:8EC79F5E19C6DF588658320980BC9B20B9B1DD635531F78B3CDDFEFD247F0B6A6C805C79725D74B6EFC230F18AA8B71A6706546A2D66AF9E90B073992B1B6C9B
          Malicious:false
          Reputation:unknown
          Preview:regf.C..-J.,/.0..$..[.th~.....O...,|RJH20...Ba..Z.}PX].......^H.J.2...h-........b.....G..s>bb.(....~(!I.`....PHy.D=.8...z..i.........9..2{G{4-..I.....L.{..\C.N..PW M.p.#...U.Gm}0...`].T.....`3.&.p.op.3....u~..)...H....d....!|...".9..... ..@..\..E.k.D.'D..r..F...%....X`"~YNW.`.+e./......o...0...u~..]..3}....F@....J...).1>...]D{..y....1)....3..^......s........C.T.[G..]..]..h..,1k.Z...32.Rk.....u.K.Z\.1.|.....v..*.H..p.:#fi...Wp`n.EU...g.)CN..O.../E.....T0$...!..,......z~iK..(._.p...E......7|'$gU......@;.3.~........(.>..m.Y.<.!...0Viw\..w..J}R.9..,.PJ..'A].::.C............*.,.._-...i91...i5..r.I.T._Uk..+kH........-.&/oLh9....^N.E..(... .j.p..-(..yb...,.q. ........1.L.5...Z...(`r.#...p.{8..n.....O.@..wP.y@...I{L.v...b..z.;.=.....<.....nqMwS...9..`g.B.)..%..........u..')F....'1@,$..lI.I...I.....pvI..wl...e.......iT.f....ML.........g...ns..C.I...ql#..8.3|...yh.^_:;..[,..n.L..q..b..P.r..o....$.t#I.....c..\...].Z..."...CQ......\g..4C..b*.d..'R.\..d

          C:\Users\user\Local Settings\Packages\Microsoft.XboxGameOverlay_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A6386786B28DF080F30B5E3B040B12F8
          SHA1:3C2C2600550E4BCF4DA6CE4412DE5DE6782D2AC6
          SHA-256:BFD145F9A02D647FA64AEC5725F8223F4C97A065B6F14F2E184D79D966818F17
          SHA-512:392DC30BD024F50169CC3B6619251AC5655E3827D2D0C16D62193287B9898D58C347540A699230B5762B6C19E094DB7A1ACD235E46CA4BE92011364273BA9CA8
          Malicious:false
          Reputation:unknown
          Preview:regf...}......o.....UT.?.c...p....7k....^i..<..D?b8.E ..gh. ..4.8.....^o2.4(..b0..%tZ4vBM.{...;9zR..LsKV..5IE.'.&;O..y.I..v....fU.....>...B....~:...D..U.y..d..M...h,...D...|.?;.X..}.A..Z...$kq..F.p+8H{0..(..Cp......>..........OO.T....4_.T._/_.......=....%..I...c...-&-...7..C'~.e...5.......).`..P......OQD..._~..lY...8.)S.xm.....u.Q?. ........',..g....e*.t....)ny"i.6e......y\.0:.'u...;.s....*......t...B ..A7|u%0..g)q...25.Ct}.....\....+......]Z.....$s.9.a...[gw).b.q.H|.X.^....V.S..%.7..j>J..J.!.z.p..g.U....?.....,..76.s...T.4N3. .#..L..i.............!........Q....X....%..Z.....vS._...Q1..7.*8...%.N.fM<I...<p../M.#.\:...33...A.."J.#...|.K.w,@..N...y....GTL.........K.....o..E......&.N.jby|.gW......6"...w.....LY-...W........a7..*.g.....z..j......e`....w8..3...6.R.H.P.u.i.,.f1........c!S5C..i*.../....=T.K....'M)./.......e.X.....<d..F.}......s$..z[.h......6n.4.,Cn..e..T.K.y./n[Bc......<..J.`.S.o.G.......j.......1VR.%B....................`....

          C:\Users\user\Local Settings\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C901AFE67584CF561EE573DB0F6C8BF9
          SHA1:771BEC05D6736F9149BFD32AE681DCCAE4B31A4C
          SHA-256:31F804B7E64714F24F96731CFA817810995AB80277311F928DCA2743EF220752
          SHA-512:7D24731625A17277148DDE61E25430542A9F99567780F65BC1A07A65DCA3473CDF6FC57E7A834F44F7641A66C442650B6AC77D6DD0E48778BDF4B55954641E99
          Malicious:false
          Reputation:unknown
          Preview:regf.i!....\......U.y........Y,.o.$....a2..T..._...F.@......T....Q......F....*b..v.TyHV....Vy.f.B..C0V..[.*....ob..%..!.1Z...knF...ldC...v9u.v.2.-P.....b..$....h!(..:Ir.....V....g.b6.0..F....n...s}.}ON&N.j{RxLF..d.,7.....5z.Z...\..7.N..].U.p ~..A..".....d..v......X.'@.V[l.2L$......t.5......0o..\2.....7.A..=.+....V..J....f....$p2f15^..........X..7.$+p.......S...} .k.....-5.hp....R....K.l]..U.. %.5...GB..n....@.&]5_....._<..2..U..8.U.U/I.{.5&..#..z.+.97......@Z..IX.i..R..G.xAyg.b......tC#..?.O.E.={[SC.>]*...]j.5R.%...Vb..{.(.t.T.(th..c.ub.k.7..R.s.D..(&7v..U@..j.B_Trj...*....fZ..._...S5.....b..r:Y..........(_..[......2I..5.....h....Y..X.....-..aor...+.X..b.7ut..]58M.h0..L.U....}.....8....p".Nt..hHq...{5'.....].~.I..Fk.~0[......\...N..z.4Y.5.Y.Dw.0.<p).1.&Y.2...2.$....u..&.{{}X.....-.3.=.F~_..u...EA..|.hSf=DK+.p_..{J..(.{..z..!NdaT......ox....._..F.X.._.$w.:.....o.{.c...t.X.g...N.........D.2.x|`.}.. .M...;..,.w..^H...:K..A...FS2.....s.S..

          C:\Users\user\Local Settings\Packages\Microsoft.XboxIdentityProvider_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4B96CC97BCB5AB26940C2E68A15FE952
          SHA1:E43D6F5D5A7691711383AB925D19F45561197F4D
          SHA-256:59364EF35EDEA8EE369BE481C25508DF965E50C5278202DFF0B5AD1BFB694882
          SHA-512:17B8FEB8A4D5E9F772FB4241E1FE14DF1E59225C45E4537B18FCFAE97B858F8B800DDAA3C93B4E25994CE9673E2320BD5B65E9E249AD6F99FA4B142841D95F4D
          Malicious:false
          Reputation:unknown
          Preview:regf....cB.-g.C....%..4...'=..y._.]5).2.@=y....bj..."6D.2.^..x.N.....]e.f.....{...........CIm+&.U&..>..&.C...+.-H0.s.`T....N..*...IQ..h=.t..~50(..79@..+..z4:.....U.=.3.DO1R0A.......|ow...;...9.k..4.. ....v...v1Rg.....AQ>Q..Y(_M..LW.'.6..?.9)....p./..&.P...V..G...s>I|...+......sb/.A..pN...\t..........,.1.e9ST....T..'.I.=...w.g..'.....<$.....g..~..9:. ....C..|..7..>.@...r..,.aTy...,.M*.......h`...q.1.ysO.1.M......[._Q...|...G.R.`..|@j..?.......]..8.c..B...H..c.~;."..F}...s..........qyn...&6|..*.A)A_a.j.+H...7.y...57...l..WGIW.....d...j......;..0.v{.S.Y...."...B. ...Y......@.l...p..N...h...].`.V.e....n.......A.lW.}.L....5.c.......).C....C.r..8R...3..."...&|...W...0PV]f..w*( .S.....1.....0}c.;...t7....;rv.a....7.c\:.....)..4...2..xQ.._g.c....IO...CC...l.......m...^L..q1.nCv....0D.....X.nci1k..........$._..#....R..g...3.muN.s.7..E)..?q.lx.$.s.Q...p.hg........_/..8xx...#R.V4.A.1..xB.rwY.O(+..m."..ar...m=G3..z..@.G~..,d(I.(...............T^...X.S.

          C:\Users\user\Local Settings\Packages\Microsoft.XboxSpeechToTextOverlay_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:DAEDD80230C047E98508E57228967094
          SHA1:89F9D0BA954C7935CA0E376F2B31C75E32F6649F
          SHA-256:CC9E8D6B6845B001C77491D04D36751BC572E16BAFAB8D0A63E3A5F41A496EBE
          SHA-512:CD1E26AA53B13CFAE594134D040F18C6F792D9F11DEE703C913E3C5736C283574322C40108C94E674B830B8AB4E87FD1A10225B540309A9A00EB3BEA67E4E33F
          Malicious:false
          Reputation:unknown
          Preview:regf...rKo....CL..O ....#.....`......_\'.e.N..q J.>G>K..oF..t.:_...H....t..2J....mb.}e..6-.MGCb[,..R.T....n........Z..A./...~3~/.....0..z.. 1..22i..."R......>.h..5.^...sw.\...t...,..W.s4...H.4. ...l.....t...1.~..kF.8.@.!..L..,./G..`Lw.u.d....D:.@............-9S..0..Y..p..Q...R.IJM.V....a.1g.......Fd..cP.6M..)..Ek.w?E.G&$D...._.....qqW...[F.....TQB.o..'C2..7.}.K.?d5.<....v2@Mk...R...u.x.`f7..K.u ..V.F.......K.H....IY!.Bt.G4..w...."....!'P..*..m....m>....\adJ..U.--?QyxU9...;.4..C..f...2.......Wru"6K0......Q.I....I.....y...%;..T...H.....b..k...e.......O..U.W6.|.98-...K...Xo..[.\..5F.Z+l..m...c!f/E..;..k...O......n..a`.l..O.u...9.A8ay2.SJT...f...Y...i,...r..xn........&.0.k..._Y...Z.gb.......z...x...b]....`.t.b.).mj..`.H...K.qT..k.".....*.IM\.....?.T...?.c-lr..2n.}..%..1....|..<.DE.2\.....D8{k...!/V..4..C..".>..[......a.N.........|.......c....v....z.P.Ro.y."L..h..M....rM.......p. ..83H...4..{).o..5 *J.c......]...d........)..RwAcN.

          C:\Users\user\Local Settings\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8452D0B67856B8A6DE4F276043C990ED
          SHA1:4639AC7909792ECE306571F14C59DCA9E50E8995
          SHA-256:419011D4BA740632A19CB4CC7A4086E503D05674A1348AA58FA56F25D3F709D5
          SHA-512:09CA93CCE0E23585363C386FAD9C9BA8C29F221414E6934EBDCF71BCD66E67AA3A66A5798EC0AA9B08B024357FC13914F5025A023E82CC1720A5FC8087D3529F
          Malicious:false
          Reputation:unknown
          Preview:regf..8!.<S..B?...=`k.\.^.HPx.UP.P....@.n...kK.....b.I...*..J.........).^..<s....&l.P....H..O!.I#.G..1.r......{...%,....o....|-PwlY.AP.y...v..[..4|.+..r/....5}..@!ik.1d..;.H<S..M?...C..+..,.N.w.i..1>..Z&).'..~........B...-.F..K...J.e22 K1.a..5..@..Kbf.....R...B..'..E...............T...d..(lp.t..UU.xW...N....7.y..&...~..o.....1.._._r.0..{.K_^.........l.2......"......C...M*?H..|.@....f.@.`..O..+.i.,o...C.p........ao!h}\.+.2.i.n}.f..Cq.s..V...8U.i..5....1..d...`....:..a.+..].......O...z..o....l......%.d....l..... ..s.2..&.....#.%.t..j.O.f.',.C..(.2.V.REZ..Fg.....R..$\.dy..!.|.]2W..T..g....G.. .........Ym..e...L.....h{A..$....4.......c.%.!r0..t!Vat.4}.:..Q.....W.....UQug...jE"....w\..+{.8O..*...@._O..>SX.^.L.. .a.hM-=...#...H..*..EA.f.`.:..}..6aJat.znD....?....eZF...v.5R.o....t...V3E..|\;P.?.b...;......VT.hAe..O\`%....,.{~ J.....]....Du\.-..d..V=:.@*......2m.V.=..p..Z.......?......{.r... V.5..b....aXb.....3.U.=..r=...R..`p..T"d............#"D..n...=..z

          C:\Users\user\Local Settings\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7763BB291F95ACBB0788BCC06CC9A446
          SHA1:54D54DC54E608FDED9B5BA801F1BBCC0A49A3933
          SHA-256:79148C7C7451C6D3073C29E1FF31432086D711620AA458FFD9A86D16819841CC
          SHA-512:CEC4FDFFCC33C82B0DBD32B1684B0BBDD723333F154930527ECF4074336395E2D17F12A227FC4C986716B2DFDA8A95D677F49270EF85BAF188FA1B6E5A2608EE
          Malicious:false
          Reputation:unknown
          Preview:regf..o]...z.....N2.19.^..0.......&....K.3O....VT0^......Ob#..E^4\h.D...j#L....}.}.,.Y.F....".._.3..p}.i..|...pY......@#.z.o..(....S...aH.....L.....PN.J_...2..|....&_...CxJ.HZ?..9\...Q.*f...q.).?g.....xr7....7........x;. }.0D......:.....a.#...[....',.'F....Cy9....'..d..o.4.-J........*...X.J...t.C1il.....o....u..7}..P.w.. zB.8i*..2..G..$*A.K..i.J;....o....%#"....w../Z.H.e%..jD.l.A....'.+t....5..B..D"hW...s.'...78.2.....W.K..8.....O>.....Y.*....kw..%....y}....!.R]."K:]..84..y7F...3...d......s.n..BJ....c~....l....f.y..-..HB.#..../.y.0.,A...S..5/.3..y/5.i...u.!{qH\b~*......b.Kh...NH0..9......#.-.m`.0.^.1.&^.y.5B.N.V..%.......(C..%...0x[....b..Cg2]...[.@.'.@...auz%.w........~...^yx.....=....S...;1.*^...i...B{.n.D~.a.......$.ve..kZ.u...b.....n.....\4.;f16....R1.QS.r....?.d.d[C..$8l.5.M..n....;..|.)9...A"..Jz.OI&.*........=:.%....Ai.m..X.!+b]....L.\_k...e..w.;..C..M...7.....^>L.....D""r....{0..`....ixN....No..1~G..L...p...cl..p..*.b.Ix.....u.o_].

          C:\Users\user\Local Settings\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5AAD4EF76049C16978A55F96072581D6
          SHA1:EA298BB2C7FFF771791A91996F3724CE66C5CB46
          SHA-256:CD1526BB013E376D49EDA9A780AC5E75A74B3CD60AD89DBC36B5239F098128CC
          SHA-512:15F1B7FA9A0631E73B0FAF4A89D5776635700FD227B163AFF32D6DCEA85D42D5676AF34E6DED181EE9924CBAD184E1FF8D8A88537766722B8D047FF986A09F18
          Malicious:false
          Reputation:unknown
          Preview:regf.....b6?...+.Q...+c&...:..03.....e<...L......c....8...eH."Mb.@E:(d.`x.u.....3.l:.t..f~t...^......B)O.y.A..V..H..L)..._...j..&..J..u'.0.1.....F...Z...'.U+...pk......A1.s...y#5..7.u..h..<BSN9;._l..I.D...{FGR*..s.t.....EE?.e.]...m.5...o.....\^^gG.1.^.....J.u.'....WPj..H........E3.d.^^.VV.uEU....o/|......_....G..~.t'/........r6..)g..b..ND..._..(]Im%...p...).7j.(.#u}...?(#.>.....(.%Z..O..r.....5 .V....S...J.\....H....6..."{..W..]..4q!5.>--..^..7.....0R.<.?.Fl.*.-/..u.2(..\R..G..e+..6..R0....d0gmcHE...`W.+.a.._.E........1..VAU.....Q.1...]T...#.....K..]........),.x....+4...._Pg.`_d......l.J.>.c.D.....?...u2...'....f..&l.#...UU?..Wd<...W.)6:.[.W,L..Mh.LG.i..{...A...N.K.......90R9..TJ..}@..R..\..T.~.bjJ.J5|....r6..Cg........yWO&..f..3.....:..:.......K.....q...EL.....H..q..b._..6.Q.9...jJZ.i....@..j....BQ.Z.l.d.".$..R@.J..|l.p...+&.._Y.\.......M.,o.%8,*6......0....5.`......g.:X..q.?.......k....4...K..)......[8.&..u...b&).4.w..o2.5>

          C:\Users\user\Local Settings\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:BBAB145D4FFD729BB6B4805E193F27F3
          SHA1:70C5775725D587CBA9A583BF5169668CDDD540BC
          SHA-256:2E6877BD5A3BAD330D18CA5E64DDB72EF9BB0D245BF76C614B7CB652D2624BFA
          SHA-512:5A29D7B69D073587B52AC35968E8EE7E62DB49DBCD693003F32A3EAB1279A41F33494D11CBCB045B80EBB7081FD17E95D547A84D3CDE122823F08F7A8978271D
          Malicious:false
          Reputation:unknown
          Preview:regf.....+.M]'..........'...@D.3le..y.R...._{....n.l.i'...Xb...s..K..P.&.U.hqk...M..h.....:q..G..y..Px.#....../....XT.i..B.s......%..:..O.wE..j-..7x......3hbJ.C.#.g..XT..OZN..>.......i..d.H.SQ..d%..e......i..J...EQ.y.... ...S>...$..g.En7R1.3....0..}p..6.lV.X.MP...t....-.......`.T>O.*.T.7.!.N..[.C.....^...8q...X8.#...t..t3M..\...............0...1...X.4...X.D......#..,V/..6...SM$.^.u.9..%~.....[.....z.[~....d.[>....8T..t...%wc}.MG.P..\........R.|.C'o.E.q..?.J..at:d.GH....Ev}n.....9Lu.(5...0G#.......4...wqU....m_.Y...+..f.J6.l.N%....<.H.K..3....tY./2...o..8.V..c.N_...=...'.L!.1....L...s.O}}.-..A....|KR.3G.^..!C...n.b+....l5...h5....mif.qr....E......r..Ji.....9c..Y....H..1.P.Qy;!.x$.!.g....@3.bD..@4....~...*6...`...}PM..[.{.d......"..#...!J`..C.m..b..,...+.jz<.b{M...X.WwoS..XD\.....-.;....K.'...@...$#TCc..7...._.Cvdb.m!..}.TL-/&.^L6.S....V....O.=....h....D. o.. .,eG.....<...#P...N..HJ..........!...I.S.B:W..u.\.4.O.B.Ltw..U.~iwH......1.+~.

          C:\Users\user\Local Settings\Packages\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D865F4838115F4B985DF3CB3D60167DF
          SHA1:CF0E1FE8B0F0589DE3BC355D14652294CEEFE543
          SHA-256:F4358ADE2F7F16FE471DEA5DE500003512BC7A17878DA6E1635CE98020771D45
          SHA-512:FAA9D08D538880EC603D4C68D0B8455D1B347D336AD196E646844AFEB1B1411850F89CB7495DE816E4D1B869264839E92BE4D109206780965EBA997BB07D39CD
          Malicious:false
          Reputation:unknown
          Preview:regf..^f;..h....aI.9.....8CP......,.c.......Z@e.V.{O.'...l..W..A..A..FQ..|.C0.U.}..>;G.g..C..w8.....dp`]..x .s.h.\.@7.......n...z..gS..%y..K..'s..(......)<w...]...2...`..5.......P ..0fW&.:.....?i@.?"..+/..3>..e".M.e......h'^..i.3'y>z5.....6O%.Q.B.0..F..!....Jf/...J..../....B.@=.qHF...t...=...<k.`.=.@}......mYp&..dE.ek..|.LE.t....;....a.@j.,......P.t."._..~..K.N..%t[.#^.a=.#[p.6..(..$...H6v(..........Q{.Y`m./.=...W....!HPd..~....(X...+>.lt...s...Av....|....U.Hi.`...k.Z.. ..X.......Z...c..'........"..r.......L..L2.]cd..gq.).F.._...m.q.l..p ..xu|...Q...t.....@.a..9....m,W..g|e.=aV.?...E\}.._.J......J.=>6..0.....R.<..V............s$?.....Z>...aWn...M;... ...@.84.1;..LO../RJS..h...{..j.#O....... .......n..P.....d./j..]6E....5....."...SO.=.7y..}..V..v.w....}..w.b.5RB.N...B...r.J.....i..+.[g-.%....J~.....!.N..D...#.P.GX.'.}.J..Z.'QmR9.M.Np'.P..Q<... x^Y.>...t....t%.Q.b.L]5..N....c}h.;p..d....j`.^"..[..".......>8...W....+.p/.YMVfA../SK1gO...Y.A^oO.y..

          C:\Users\user\Local Settings\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8EEC95CEE9AD3CE1C516795A086EFBEC
          SHA1:3F68B44547C953CD5146FE196B65DD544412BB35
          SHA-256:7D2932B2E3A3D23214BA57720AAD37C884D4AB1219DB3EBBA8788BE607B3E061
          SHA-512:D4785F332F3CA85C00960FD6E2EEE0C74F85233DC3364D6B46316701543D8908AF57CE36BCC008DEF21F6EEFA7722E272F2646905DA8193F088EE60114BE4C2C
          Malicious:false
          Reputation:unknown
          Preview:regf......I...x..x...r4.....q.......#.5....n^"..SI.....]MI.....C............b5st...";.3-i...R. +z...J!....f..}.:!.=..:..'.G.t`&...!....(....>...ZG.U..?m9...U/..............:.KA,-..z.0..+.t...=..g.qp5^b.s.=.5.hy..E.\b......u.i...'.....!Y.uv.!..~..X=1...82....9<Af......$[.}..s..3.IE?...(mo..-..zP....p....ME..$1..|...E..);3..T...m...K.......K%._.18.A%.?...f.).;....a...Ex.>.HD..U./.%..C7C.".no.p.s.F..W.<v.........k...*.....2\g......Ms^..lG...X.......}6_.h..vd.[..[.........."...v|\.N..K....5=..!x.)w...f..V...."*.Z.s...:d......iET.I.'....d.T...MhA.._..u......B.oN/.U..%s."cc..a.AJW...H......L.6.....m.."&...3......d.ST..~D.tH.\.s.v.4.".l.z.`8...g.....[y..)m.. .<.....A<..\..m.r.V*...w@....b..u..+.:f.:....[...s=ugOs.XO...>k.....Q.a.i]........}/./...[.C..9c....a.Gx....5;.!..f.&.....0..l..%.o.....Vx.3.........44..M..fn....NR..2.(V\.)".b.V..3Y>.L...eN.x3.....O?/6i..g1eA........>1......p.~B....'.V.......l....L...).Q.:F..j.t@*....[...ES..

          C:\Users\user\Local Settings\Packages\Windows.CBSPreview_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0036319B91772117750CC2968720B9D9
          SHA1:79FAC8076BAE079F9CE56EA743C5C373F65002A8
          SHA-256:A193D5884C78F5BA7EF206772F6A4657525DB9A061F183980ED7A9039E5CB81B
          SHA-512:CE42ED6659FA9B4C83973424DBC4D76FE31D2D4BDB6974683E2F41C8967F3DB1843A54FCF175060AEF245ED08CB70A5110CA796C0210F6AFF0227B95568F2E9B
          Malicious:false
          Reputation:unknown
          Preview:regf.%......_O/.2.n.0.......X..w.B.~l.9...........It._|.}Il...*A+...j.,....>...xR..,.+..@.....l.tK.....q"4.v..hB....#'G...^..\N."...,..FK..H.S..,..+...p.._/n#...9..*...O@.S..k.q..-o....._..?.0.~...23../.R&Z......f7.~...H.:...B...Sy_.....>]`2t.iH..J...cC.......pr....B.W......q....d.f<.I.......c&.`Bv.)QN.+d.y..r........;v..d..8..#7...;.m3.R.MS.c.*(J....YL...r..S............9.Jo.U.N...#p..Y...1...MI:..b.b..,.-..Zr!..tP.t....w.. g......iE<.M...5....K*..e\a.Z.w....+.6....uqh....l.~]......p.l.......v.o.V.=#3?..|...Q.....!mep.$.x......u..IK....A..r~.......\.....&qr..[mN......z.A....y..sQ-........y....P.4...}...h.^Az.0....[.~...q.e.|..y...{.....d.JR...+....1.<E9.t..u-.{..U........R...[.^...iGa.7....1..w.H ..[8E..f4.0.....}+.....L..K.V.......\b../....w..-.Y.D.....D.C.].7CXJ`u..4.(jw....\.....MZ......0...<......`...d.;#^'..aK..;..M...A.8&.......U.V(...1k...%.lg...5&=....l.Kv...h..1g.V....!..y..4.d5.O.$......V..~....[~!....l0v.-W...

          C:\Users\user\Local Settings\Packages\Windows.PrintDialog_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D971D75A99B5D22EE21CCB54E5F8677A
          SHA1:F352ED264939146518E49310FBF5171F839431B3
          SHA-256:6E0CE3E93FBC62B71BF5DA7CFAC87987E25E19390E69119A985E3744433840E0
          SHA-512:BDF15FC53A22C0C6C1876DE30DBFCC04B3BA5A72DC8E5C5C954B2E3BC52426974B1AAED8DD1ED155D7683D9B7BEB315DDF8BCEA2F4D8486E412B38D0CEE76A44
          Malicious:false
          Reputation:unknown
          Preview:regf.Y.BH1*..5`d..f......`.EU.A?.....l.j!$.K.k....B..R........=&{..}~........h..0]O`.r..i/,....{X..^.......Q..>A....k..\.......)M.Z...WX.oe.#.....+...).k..)^....b..{A...X.<2 .V.....\..u...?.......7.....>] a.....c..8..3X...7_...k6o.tr.....z..[.-.3LdtQ..7....X...V...S:.1{....|nb}.d......y...a\.sK$..fh.......rJ..3 ..Ll.|.=...UZ........w....*...,......~..{..C.Z..7D-'Y....i......K..V.}u....o.|.b.._......%.6..H8...@..CI.A.+y...@u: .....M...@.E>GV..).G:x..y\ .R...R.Sq..3.;....V.G.... ._$.[..$.\..5..E..}..-\.B...1.;.....d.p..VgeZJS..r.{ik.E.G..(=....H.Z..5....e.~QX...8QB..,.w..._G.....\..Z..i.?.l...D...?....k...%...x..9L.mz..d8.."..F...... .r..G..yaz2..$.......s..^M..x...n....@.O..I,z.... .k..-.+........h..q.~f.t.p..J......N0..jTQ6*......../.0.}.!....w..:..?D.).*.6.......|o...5.'< ......k.g.q...I.m".......;...@.9..n.X]o`..U.....e..x.=..l.m.'...|..z...1t...o..'..6.U.....F]..\...a.....O=L.2....*.{.....s.&..o....V3..,u.rhj.W.o..;#....W.)..@..v.,..\...s

          C:\Users\user\Local Settings\Packages\c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:91F39B2B197E28A810FD758039033ABB
          SHA1:17908AD3529D3388B8AFC02DEEFE5BB9E6C5F132
          SHA-256:8D528CF66904E9A34FFD7D3463CBD8AFBC4EB7D458A37F1C6F3918DEE4BA4955
          SHA-512:D3370DA49855058D6291050B7809D4085663E0871B3F91BF5B2FC790BED5360805C9F0B958D6F9F068E23CEB81A103316388BF2656D4D7BE4EEC792A551C9077
          Malicious:false
          Reputation:unknown
          Preview:regf.w....(...x..I'..QxY.s..,..[.3...W.?..'O@.Wj.,#.M..6.V-..2.gd...t.}Q+.L....T.eF..../wx.....(...........Y...+.....1_.}._.(..-.]W..U.?2.....#.....C..zR.xu.i.U.'1...b..l........,..T..S....W..#..M..m..M.L=.u[.i.......!.hB.C.U;.|l...?...lw\E.0.!...#!.F.7......^.......Y..A.\...y.~.d...D.).uE:C.......Pz............}...0..Me.}.|.].H.yh./.(ux..).'....._:.D.....Q.a....9?t.D..:.6.*.d.....wk.a..t....l'....vc...Z.[.....[U.j.%..K.#..a*.4.l_.q......@W.....K...(st.T..T..!..Y..p...F#.|..|....../...,...0.......X..&.O..G..g.........05J.&....[h....G=F.....m.......J.........h....{....i._&.r.?...r...U.Z0r...SLi.Dd.xgs. ....H..R...V...TS.........Wt.........(.8..H..y<{...O2....r.pz....x.D......)x...&..q..B;...w.B|......CQP...Vj_..v...$F...l.,...P...e.5^.(5....A.W`..y.k.Kx.8..Z.t..7........q..m&..".,q.|.v....<K..Y.. .....,....Bt8.Wo.....f.5....gD.E.....&...F.P.|Qz.....uG..:R...O. .....j..2...}}@N.a.B...c......h..5..w..j`....g|...-....%...]Y....s.D?....\...|..

          C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog.etl.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F8B481A10FD4F013177731E8D5B75B33
          SHA1:0ADE40D224F5F5466D66BD1B44B912266C43D456
          SHA-256:C4BC2C3CE9C04643E82104083489993C1E6AFDDA0294A7E2EF06245025008E7F
          SHA-512:E3943744B6DBBABB353E6E96E907555464D2F43286E2E282BD31F12F154C555D1BA543E4C14AA2D827D6AA52253C897030B26F0F9A76ECE87F5A2661DAE25A2D
          Malicious:false
          Reputation:unknown
          Preview:.....g...o.#.....u..J{-...........x........C...A.......#u...))...n..T.O...L........n....So.....Y.N..d.F...(.NwA..J..H.....5I..c]...i..!DG\...B....L........fx...Vkm.. ...#....... ...fj.....j.X?.}.^.f....Zmw\...2......|^..W.`.FuA.f..G...'.R+`.B...0T(...y../"....s....5..,u..u.. .M. e....... ...MqHa....QA.y.UM..w..^...C-R..#....Ur.@.`u......$..H.3.5.k...e.,.@...... D...6...;Z/....._.K.v#l.2b...l..?.m.=q.d~...^.FM.(....1...QE...K.K&,.#L(]......U.<vt....;n.G.....1...F...E.........A..#O.Y. .............'gCF..XT...@Nw....i...:f.VG...,J...d.."51X.....R..Q...I.[<>Ll...^.E\D..D;.hv@&w...SF..1..j..w..).l....3M?...T.&~.uQ.pY.y ..!:y.WB.B..3#g.Z+>....bU]...{.{.d. :...............F..n..b.s<^l.&u nH.9.w`..S....6...^Y..e^.Vp..7.b..E@....q...}O...k.m.m..2D......... .....L. ..VTK..l..=......y...}...O.!.(...].lwm.I!2.../oN....T.K^....v.#.....7s.py,of.5....Q.;.[m.F...I....~,....,....4..e...A...C...8........`/.O....v...l.=....(.....eY...O..L..!mw..4._.Z.v.

          C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxCommAlwaysOnLog_Old.etl.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:831D346427FC9A0DFD37261BDE166230
          SHA1:CD467BBB71F3AFA7C18FE5D5D8ECF206D2B10FBE
          SHA-256:615B1B0950D5415A25FF7127957E98A51A8B4B7763A76F2F38BEAC9707C61DBD
          SHA-512:952BC11A74BCDB7ED9D2C1EBD9118BBA1B63E0DAE81D3CCA418AC62996525823DBFA920E8CB2B84AA763D8BCFBA36A99C169EA5F7F85FEE6645540916588B214
          Malicious:false
          Reputation:unknown
          Preview:......QY.C;......BT....... ..A9D.!.....oa.-/.<./.....U2[.W..........I...J..a..L...3...$G:...m.z...]....O..r..3.>q.`..*E..vA..Rho.._F.b.J ..V..7..U?"}..i...}..t.X.X^...n..o.V<.>Xbm...a..7..K...-."......x..m.,_.AL....d.D....>..Y..9,...2.Q...;....u././*....Y.p.;...y<dx...fL?....{....p..W...4d......."." -...E..?.6...no..A.)......}.5E.!'C.<.............U..hB.I..J..cS.ht....J...p.0.......N.'0q.:.'.:C.y'.n.4}r......g."@..T.e.E.1%Q.....q.Hv\i..(> .9...f.....G.k@.DMkT.'...........\H...P3.hJ|.{...@M.;E.....ZS...~....8.cl5.o.Y.6......d...9..waH7.Z?.......y.&MQ....~..X..D7.kS&...q..I.0.3j_...P..P>........a+....E@L..z0BZ....f._...X-......@^.8.u...}q..Q...B..JE.%.....Q..Ut}..g...1c...n...X.<.....y9...<2.q...x.m...~...5z.D].f).n.'..nx..8.U.kN.S..^....6pV......nA...z.....W......a.......[.Hy..._c.z.|......aWqhYl..:I....F.G......).d.....Bz.+.9.2...C..4....@.i.8k.^.p.`.q}.w...5.,*. ..PD..6q......c...]..r....%...\3CT........F.=+...j.&......&

          C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxStore.hxd.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3D1FDCEB8F778AB354A1B9B30AF10261
          SHA1:5FDD550008F1C747928C92FDE0D3C5E05FB04008
          SHA-256:AA07F5ACE9EF5DB49FDEDEDDA8B175F5322F959A381386DA544946B0CB414272
          SHA-512:D09C10B207AFAE85AC74B5F91CCA9E3FD2A470A6C20EA5FDE41AD1E6ACA5F63EC82B6902D82BF0A159CB83ED35D5D1B94635FF18B5DC2E437634424ABA3BCC7E
          Malicious:false
          Reputation:unknown
          Preview:Nostr.......=.v.`x{..:[mz...........w8...,.W.nb.....,_....s.0....s.Q.F....sW.L..t..7...7S.....Y~.;...d.+..\.9.%..P...... e.T..|........H.&.*D?...,Zi.3..|..&Ep.. n.........K..[./.......[.....f.W.j6..g.4.-.,K..@.........Jl~S.,..v.f5@W.F?./.p.E..sq.L6t..*.....Q....9.:.b&.........Z.....0.K....m..y.....p0...........Z...=..T+..2*...4n.D....Mz.?F.g.....h.l....p...qz!....!..M.Y.(.g<i.._...`..&*..hg..E.C..9....VB.1....k......<5..'|..#\..b._.q.F1v..E..k.=.?W<...).5..\i.M,...]...I.<.I#pE..vQ7zq.y..s.N~)t.?6.4..\=K...U...B...~......._>..+..F..F...."..$.....;.8.H.6..K.2.p...;:.I..hK.../5..~.NT.n....*.?|..p....q....F..X..o.uYO|^.R.C.~.X?..g..qN..y........O_.3....S*..K....x.z.S....O<[..b.........N.3.`..Yx....\.r..H..(.b.oi........H...}$........>@...B..z.sC...4!B..)C...x.2..~.,@.../...Y..F...v..poq$...x..J."N.s..q...1(W.@.K..G.5..?T..]..qY.i.A.bW.S..l..g..........(L...=....5,.4".....~1.z(...$..J*4.P..(C.......M..2..H.d....=...9.r............&

          C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\HxStoreMigrating.hxd.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8996497D4D80B8E9B2B5BFAEAEEA483B
          SHA1:D7CFCF5CB4275D01FA1F241FDE1C527E9D983ABA
          SHA-256:7D923F43F35B43B6B291F40EA1C0B22A006AC0BEF20A8B6C6D7F43DFC76B4261
          SHA-512:E739CD01648433889FBC8B45EDB2BAD5C6A7C6024C1D187409A6F7217749178782422A071D19A1171DCD1C6F6F86EC3BA2E53D661F2D62E2FD10B10704042996
          Malicious:false
          Reputation:unknown
          Preview:Nostr...|.....R...?.v.c.........'.z...&...zb.u..q..D.}.|...?.......A.8.t.H.....y]..y.N..k.K.Y........t.:.Q)....0ba............X@...T...6...Q.;9.yOehs.r..^..(<f...B..VG..f._.s.0..F*.+...T.K).c....w...z.PV...H...t..*.H_.@.R.M.....d.&.U.:..%..E.b.B......J...!...".eN.B.II..../..dP.....R$Q...5."S.e9..sr..\ h...:.M.8S..DK%..e......@*.@..^.......>....H.u..Z.U....S<..=T...#mK:.......90....`TQ...c...!..Z.%.?a..H..!.2.hyWrXP.9~9.L.M...D..{...qc....i.....=.U>.\...y..$.4.}r...6?.-.....d.1)...u.(G....D*...../. ..f..#K...0~...SW.l..A.8.i.....*}..C+........iG:...&sv..>].A.5.#6..v...r.. BD.......R.R...p......D..u.@.Um.4..2s..y..?..*..U.....%@...K...q.f../...,.Wd..W....(.. @....yS;>.#.l..&..F..?.xDrt*7..d...t............C...b.,.<.1.3....FF..^] .3KQ..~..VeSC..>.4l.%`......4~..+...L9".x.kS?q....|...&>u.....:.f..<.M7X......).y.Q...g.*.E.M.*......5r.v..7.F...l.5..*..|O.....f+...J..>^....*G......6h.....h...?.m.PNPk#h...-.4.|*..)..8@)kSc?....2R.H.....^......S.m

          C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG1.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A9D1AAF78A1188CCAC61847F989BAE61
          SHA1:00CFF29691A354AE870E44EFBEDC5EA41609E9FF
          SHA-256:D3A208A2CB20CDC010C87FFBB3E06CD05BC653B81370CEC32042D9ED7796D652
          SHA-512:0BFE1E3D84158FDFDEFFFC91C276B78DDAD3ED426896724B0CA8E85DA10D8AE2000CAB42C90AF080EBF5FD187C5F2D1DC818E939A06155004FEFE04D9DD181A4
          Malicious:false
          Reputation:unknown
          Preview:regf..Jj.....+,.....*R...e..|..B.<..2OF...Y..:...5...k.jB..V......,A....Am.|...l.._H.f..)...=.;.N..:......{R...-..M....^.m.*..D......r.D..=......3.E.DY`tQ..LQ.....c.........g.....B..2Sy1n.A.,.._1...].$.e...>?..w.9...kY.v4."KN6%.lf....D1_.q.wV@.E.c..R.LT..p7...b...fl.._...lNm..;9yX....`n.....<}q3;&.\B...t.a8..d.f..d.d#".b)Z.v$......G.5....t....|.}.&_.f$.[.L.7..w........%.1T.p..&o.....=._ ...D...$1"s..2.hH.AAL~*q.......E1Q.U..*..?....F.?.K~...?..Z.J.....1.BG.q0N..R.G....7..{B...Q.\W{&..,.G..J.x.T.......d.....Z..w..=.F.....*.*h.....<{....o.P...FA...Gn....\B.......s.....x....V'.'...0.z.M...............sk.U.=.I..\.f......d..~'|bFmi.....C.#.c../.....o.L.,....L.....Pj......H......B..y*o.1.mS...^.D..U.k.*..b....N.?m...+.X\9Ik.yi>|..t.9+.........f....V..'....!..<"............z.w....E..)..........V..o............9........<:...)-8.v..\C.<..+/..2.+Z.Q..m|9\i..HW.....];...L.?.~..--....E.-+S.V.2.......*.t.[..j...\O.0...r....6.....t....x.KV..9..

          C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.LOG2.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C2D83590C841AA11D26544F6365275D1
          SHA1:61001B6049F7ECAEE2D74ED22D4459637FC7CF49
          SHA-256:E06A4FA62949AEC44A55841DE38DD8E329BA4F675F0478D50D8A13B42BCDAB15
          SHA-512:86F7A0B2E22FCD6A5A88C49F81743518DE2BBFA5AFBFB2EBE79593245CBDE1A785969BE1D167B044F6F660FA4854D062634643A2BE627FCDBBC3DB5BD87F0362
          Malicious:false
          Reputation:unknown
          Preview:regf..Ap....1."...S.#.`.y.[\a3..D..+..-.".~.^[....c.......K..1..#2.?x......Gp...Mtc.T..I;...%.%.i.S.j-.....{Dvo...R...G.s.PfV.3.>V...Wj5*........y..T...y.B..w.....@..B.@.(=K.H..du..&......r...r<..C...Z.t..Z..Ta....H.h....oD3...@.7wA?..>.~f..p<.GS.R...CT.u....3..(......e^......O..]D...m.V}.a..5Nmb..!...8._......1....rG..J?.._`Ck|=.......(.Y.u.?F..0.u.i....6.$......%]k.fZ.....x5.(.3r..q8&.e../.O...HL|..].(..4....d..&no.7..{^{.M...r]i......3k.....8.5|.sz=...#...>......q..i\S\.61.&t...D....1......%.7...`.......LUX..P.HgL....C..6.zF.....dk.d.i.17a.(..<.9.Iy;..5RE.>.1.b6..........f.B.X.R7...5...\&G.....<N$..,...y..(_....i..N+.I..k.4./.<...>...w.6.-..jD!w.9....Q...L.5....5..b.....V.....Z.2..f`.'.M..+.q.A.y.eWtX.W..j...S.`.9z.mw"...E.....]...W.~+Vw.@^..X..X.7.U4.&...l.\0%=,0.)..Y.H.G.k...s..;.aj.+@.97..,.C..e..z.....W"....6.._..^.....V..!..<......%.).o_v......T...3...Q..tC..+O..o.o./Ze......d..<w.?oi<H..g.T....)y..(.........3=(y.aJ_...B.i

          C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9F4E995C3AE1DA43D9A12FAD25F29370
          SHA1:42805258BDAD14D7E6F28843C722A9DEB245FA95
          SHA-256:058999A5E479A20D0E589D5806DDDB70CA6793AD0EB31C24AD9097F0D32337DD
          SHA-512:D651AD0175E0AB0BAE543276A152808527E3818726DE7C37D0FE529411A6BE23824661E4F457C2C6703BFB19322D94C11A6639E96C92FB04AF71FF5DBB5C586D
          Malicious:false
          Reputation:unknown
          Preview:regf.@..)8.$.{..n.......}1fA.....3kb+...&......5C..y....].ddN....0....bl.G..LiG.a..iL[....V..8&|.^.,..c.A.[......l.jq...{.. ...(....~..%,.....t.>./=..z..Y....(...n....X)...UgZ...d.5.;P.(.:..'.......LR.2.|.n.~...&....B.z...Z.a...{H..<X..f+.C....So...j(b..g>..L.(.R>............,bJ..-o.>:...FH{&..Fj .@.X#...%.2E..#...N..zfN..G1.@H.d."..S....5..j.xh...U.k..4.5dGY s....T..'.....n....l{_.".9K`a.2..........T..Z..y......<..:m..E\:y...E.e+.......N......$.YC..\.Gm&1.....mj..{.f.R.xv..8m....SA...V.j.....+.).K`F..}4BR.h@.4.^y.&..c...jv.Z<.!5.9.Qm.{.J.:..}C.t...O.[......!.V...6+-=..5R..-;...7.S5...93.m.T#..){T..V){..|......D...:..x6. .N) ....H.R.........b...x.=.........O.YK.K.|.0...zB...nf.h.0...=.x..#.....NEn...cuP....,....H..i..iM.^T. s9Z0...A.sw...\ajf..{.o.X6..(w......$J.T.i....w....^I........!.w........R.T..7.8.d>...U...Z.4V....@.`...D...z..........L...........E..XR.&....X....P..U$.[M...~Pc..jI..^.........E..-r..@~....u...'.?.s.fc.T*..s$.|.... ..P;...

          C:\Users\user\Local Settings\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\TempState\d5a8f02229be41efb047bd8f883ba799.db.ses.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8986AA9226FDB855358ECBF712C4714B
          SHA1:1E5DDD770225401908B735011DE25800AE69D756
          SHA-256:C2D21B9C2B1537C09870206F3ACDA74E513CB8DD01F5D140DD4C77F6FB2921AD
          SHA-512:950A8080E730934EFD88F82ABB9038EB5FD27241D544879297F8A02CE9D2036731AECAF702303CAD217B2F7A595BC13428022D3CF5EAF09FDF25BD3D844D15EF
          Malicious:false
          Reputation:unknown
          Preview:17255.^O.cadj..`y...u..=.,.H..,...q..<..O..Q.....*T......?.B......i\.[.4....zb.....M...7...X.!...R.G7.8..p\.(Z.W.....3...T[.M..9S..Q.3O8.zDlS..k....1..P...B.^...o.D../~Ul....".x..4w`=.S...e..Dh.c7.....2.=<f.....|.@[.*, \o..Lwf^....?..M..)..[. .D...K|d$H?.*.dUbKX'...k....?2.^7^.X....PW....X[.....NZ.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Packages\windows.immersivecontrolpanel_cw5n1h2txyewy\Settings\settings.dat.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS Windows registry file, NT/2000 or above
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:BEBD204D592E3694D0D30C1EDEAA8026
          SHA1:6DC344631B22E9AD68729DE0B6A349493CBE4FFF
          SHA-256:28B9358DFE10984CC160E7BF5F8B16BAD871700D4A28F83C9194DA76B1A282BC
          SHA-512:6B7FB88E53A87DF68CC3B09F6E8D3CCC3C775203355AA75C99F6A06EAE62EFA21770AD2EE67A430479C0C1530E72D8AD7DDC6BE20B85121E2972709AD2E51DF7
          Malicious:false
          Reputation:unknown
          Preview:regf..)MG.17O...V6<A...?D.|d.@...1>............K..x....D5..3....z..aMX..M.+.....T.0 }...iN.g4s..ah.k.~<E.='z`......5j.]..Hmp...Y.b..A..Y.c.|...t........~.sa........h...g*.*.m..Z..X.S..eeC'.X...P...IO...6............7.....b......5.XM..G.__5...j..!L.*...'.Y.[.fW....G.a.).kU9..p..5.@rnh.!....I..!.k.....c~..=%.........9..,....Vr..kS..{..nh.>..........5...1J.`.;$...1&...._4..>..".,.M/.s..............A.'......2Sh...+h.[..D*>.`...COc..D.....js.q...P0.!ON..\..[WVQ3{.x.<".H..../. x.L.$.m.......u. ......<..b...u..p........`.\.9>.#..;..\...Wg!..Md.J.2S...T......`+#N.D..a..i}.iQ..A...B.3...t...d.+....X.4r%"...s......EE... }P.uN.P.l...>...7?]....C....D.H.2Qq.W..h_....6c.<..><...H..B.J5r...X.C.p..b.c.<i.e......R...V.9wP4....9.K.....G..A....0&X.T.g.(F..kE...57o@2.X..Pf.,^.`.x.~].......E...~>`B0()~.H....,...]..........`.7..5..0...C.tN~.i...U@.y4..U+%..$.#4.P.s.2....7.pK..\..Z...#.&x.*....wW.i..o. ..D......n...x0........`3.g.,LH.."A]n.....r3.u.gM x..oMIG.}..|`.

          C:\Users\user\Local Settings\Temp\.ses.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:21053897B67ED70E818A8B3ABCA36422
          SHA1:B00F8071A23A92AA40FBBDD59C904869A9021E04
          SHA-256:C334AC97B0C868464BEFD3D39899684ACBC6314CC8CFE1BF791383CE792F771D
          SHA-512:EA80F0BC0A6D5C851B6E46A473DBDE80E4A41A2B56E839E19984ED32D0DC3B4DB1F78D7D415ADD0EBED18B8E933F38CBE0200517B70F1EE1847D93625447BF3F
          Malicious:false
          Reputation:unknown
          Preview:16965.].wq..U.Iu.....[l.,...AG.$.1..B.c.aqp3V}....../....j..`.K.0).lK...`].[.....C...W...F3...e....p..-.t.S... .l..^.......3.\Sz.......B.....T.......+..Vnx...Vm.....>..d`j....V...%Q. .1...y54.+u%..M...3o_. /..f.U.,.,.ra..........`..U5,.=......4.bR........w.........vr...]..X..oW.'.3.;r+....*.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Temp\18e190413af045db88dfbd29609eb877.db.session64.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3858AAAEE6DA79CE0B08467A28C60FC4
          SHA1:A84DED8D8913A4822B76F1EC367149F6CAAED5E0
          SHA-256:A88ED03FB68977F1BEE4AC116B497B859CD29DDFC2A7FE461CEA5F9CD54D503C
          SHA-512:AC0672850C623627CDAC9E31C03E17C77EDC6DF10D6C793A24C898495B1A84F0543D4B24456B1CC044B548B21603B487B00E11D16AC1B9818896C81FE44D6BF5
          Malicious:false
          Reputation:unknown
          Preview:1G.f..!.f............<.%.g.Bt.t../.e...1..Yf.@l.9.5....$.~..E8]..2?.......K.......3Q|S.....z.....)...........yq..[..-......hW;...^8.(C|.z.s.....Q..R.k........@.i.....]...... .8......h..-Dd3...j..k..a/'*..o.....Z.K,E..i..#..N....n..R...........YT....T...F...h....o..\...@...i.X!......].J.h.68R...Z-w@..|.lOl*.iX.....N....w.T>...<.yk...F..\..Y.6..P....u.......P.....H=...D...K.RD.........*P...M....}..okh%$.%..t........R..?#.A.G..\>.}.i.2..uc..*....\..p.M..x..O.......+h..<7v..R..0...#n....)...Ur......F/j{IT.Z.g+G.1....P..<.<M...."rvZ..OlZR.:...C..I(o.MB..E[O.....g..Q.G0....'...(...8..".smd..8.i..z........v"#..1....F.j...E..a^...h..(W6.k}..w..W....wV..O%..jP'.k8ms...J..R.M.).Y.n.L'w. c;.qt.......+p5.....Q..tOE4....up?. 3T.4O....M....k...lew%..F.;.s5.5...[.....u...%.:..j..D.m...NC.....c...._.&.XX.k..;.~......&.-..|.Y....i;|.........L6s...j...c.Dw>..[...&9...K...]..5...#..7.@.C.F.....-u......IR.....H..e.\*...m......~"...tc..N.B.S.$|.....,9

          C:\Users\user\Local Settings\Temp\18e190413af045db88dfbd29609eb877.db.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B67973DF851AE8556174AEB598638B56
          SHA1:B1FAB0D00B3950B5900B8EA78F3402983E251BAA
          SHA-256:18CFBBB752DB7ABBEE66ACAF5C8A9FBC81832F3B1EC2303076E45D28C283161A
          SHA-512:7456371BBD0039C5D4E10E939591A185A4A2804AA1EE2B4240B7637DDFF14F23559C04FFFE3051F3D7A4078D2CE74F2A2FCCC38A2C14446C1981009748BD400E
          Malicious:false
          Reputation:unknown
          Preview:SQLit..l...2G.k........y+.&...9.0.s.&.z...7|50.D..W.'.KZ.n............X....jQ....x].5......[q.l.l..Ep..0L.H..fp....l..@!8K5..lc.R..V.......~.6.2xF..}:..&...0...T.Y........^q..%..@..(..@.E.m.....G#.<...$:f.f.k.&..#.H.5e...exXQMLh.....a...J.Vv...!...29O.Wb...]..D4...)F......I.......J8@.`....atI.[...1A_.2..6.,. .X.5{-..A}..MS....m...u.4.Y.t.N.6.....+.........`.9.".9..'...|...R.z...mm...c.]9...f._.&........Z....Rh.U..3.fa(....g..5.P.[i.r*..M>.5O0.......;.......o..._....9SF....n.W~...a.*.$...x...x..../=..B..>`...OQ.{....n..k...Go..+.n..`.U.}.y....).-...#OMf.._;A...PO.....*|.U..r...e`....P.CUz_{.2N.....J.;.|....OSMKQ...h.3.......z\....N..l.!..m..V}......qD.i..M..._.....Ql.a..X...#T.1)...4&..6..=.......H...k.X.8..u.2.e.[.Y ...A.....{.."...;0..6z.......8BQ.H.(..2..a.Q.w.?/.r.j(=.....^..(.gd..).( .]e.r5..(c-4.......:t{...C............(.......+2p....U.00..RW..*..)..q..Hgp.....X..d.sX..1...)".}.....o..Y.1...p~.+...h...GS....d......(..=..G.v.Ioe%Q.2p......

          C:\Users\user\Local Settings\Temp\2a904597-d204-4621-9ec0-c3df7918db31.tmp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Google Chrome extension, version 590951683
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8A2241BA3DBB8FC399643E5EFA480AD3
          SHA1:C39825887FE4ED8C9C42186799725CBDB3BAB38F
          SHA-256:EE5A0E1D9711EDA9D6E1F20F094FE9E04300AD8CB0127547A04DA6E473B35E0D
          SHA-512:48CDA5AAB6831E8751423977ABE367542027E09108CFFA414C47F8AB229A4A47D55E172DE740E592D92622011A1820ADF40C88043A6A3C87E3E6B6EB270C6534
          Malicious:false
          Reputation:unknown
          Preview:Cr24.59#{O.|.....^"..r).{:N;...&.......p...;.y...i.=..i.,%.....F...>..qm4G..DlG(P.'._.I0...l.6>g...Q.*....e..gL.....Y.j...cIg..7$u.....O-....m.Y..n.e....+...:.#..*d.Y;,Hs..e3.@j.<...BY...Q.?.YnF..;..W.. ..f_uH...Ii.6................}"../...C..'f...Diu../..=Z....t.9.l.|........B..C...".....}!...bx;...u*......I..1&V.T.v...6.GK......t.IZ..6....!.K.h6o{.r.x.ox\.=.G.m.c..a.'s.Se9.O.-....}.........O...2...n6..5.B!.F<....7.~../.. .1.;.N4..;..}i.O!.%..@.....!.m..M?...`6P|.y....t?.r.!Q.&#..e=.Z..Z.......y....W...0.<(R...M\..9.[.E.}...w..?........+ ..^V...A....".-....2.R...>.0...C=S...Fu9...`.......fB..?...uV .d..g.V.}+..\F......y...p..B8.3v....~...c...g.. .o..\)r....\...9.`u..p.b.'.....N<....)........vs9>..._......@.....kMe.0.KC8R^..K.;.w.E..h..c#. L.....ll_ln${o..d...'..,oJ.......0$l.C.....[yx..R..8O;w@..).Y..>...;...en.[{.R..>n.d..o.....xj.zP.p.~...=..F..Y.Hg.E..!+.u-.+.+.c..Y.0...^h..;c..a.]a.....9....$.....V...J..,.).-..:6..#....=.d.4..4W.\w.d.

          C:\Users\user\Local Settings\Temp\6a6ff159-acb6-40e9-8fcd-b065f92748b1.tmp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Google Chrome extension, version 1024763907
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4065057EC232BC18E519ADC11CACC822
          SHA1:5174385BFEFAF10DAB800D5F6D9646ADBDF7D8AF
          SHA-256:DEE541BE9CA05E779A8A15BB86B4ACAF82786A53B2B63432E43BE22D4B23C30A
          SHA-512:8C447E742874EBBEF48B34BFFDD70C83FA9911A5CBCA1839C579707004EF84C9AC074EAC53B7356B6DC1629320D3AD63DD462ADB843E6FC953D521AF1F97F7A4
          Malicious:false
          Reputation:unknown
          Preview:Cr24...=G.?J..j!q......YXp.E.n9k.@.-....#......7..`W.n..p,....T .M~P.C..j.D..p..........VN....Ej.._s.T..p...Y.k.l.E......WU]k+......................[.m.7..G.q-...dT.y.....I....A#..n.........&..}./}s.. ..^4....F....n,.....C....Mpnj....Ks<.L.....*f.p..#....z..../....e.......<....?.1.b.K..__}.F.!.......WQ...i/..4V.z)%*`.....!.a{R.W.4...j....E.vZ..\.{.*..~',...7.c.?..8}.....0.dvH....`.zZy.K..../.{.L...1.x?...G3^.... .k...Kt...).....:.lc....[...c..*Z.n.s..z(1...P..,..b}.[.....)!.h...W&..^..FA..D.D.f..is/..C...dn5..<...KB....sp.8...O.....C..C..<O....Qd8....w-..~O. 6......C.C.N.|..J.2.)....!.<|..R......c..m?...U...t.a.`..3.!6..C..&S...J...i.{...[."....\G.....n_.`>)#....S..1Y.A'cq"m.f.......5..j. ...p)...h?z` .....V....R.s.V...&.....N..vK..n.....X.Ow.......:T...v..mk-...QCm.!xF..;O&.....c.o.`.UA.f.~...B..ei..\..1..7.%.<V...T.7....<.9a.B.O....k.n~.`..KiDn......".H...... ..".....mq..!.Ur.Kb;jn.w.Yx......0..._..s...y.|.R....-g..Z.+....f3.....

          C:\Users\user\Local Settings\Temp\AdobeARM.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C954B6916FC0B7AB0AE3DE92D4D4249B
          SHA1:32BF28236116BA7B8411E17348AD1FF88EEBFBA6
          SHA-256:E6DAB4CB38BB93098A69E7F9D3B18E7FB316E9AD4191DF10C849B0E8AAE1AC52
          SHA-512:8707B3E640D82E2EF85454EDFFC0C8892031C8DDF81CD5DCE0D3DB404027C1BD416B24C5F6EF5BB899857121BBF317598C762DADE9913BFC7DD854A4B97B360B
          Malicious:false
          Reputation:unknown
          Preview:[2023.pLG...iO...C..:$...f..$I..T....W....#.)M...) wN.%...Uo..9W....6g... ...!;........"..L._.f2.'.Ql<.4.T.sd.....J..3.v.Z....a.=.a?gk..I...>H.{tY.(.....&..X..E...r.......9...~D]..r.(.B..jed.rr ......Y..<...Oc....N..8p...5.a....j...)..*9t.s..C.e.:W.|.A......bL."G~..K......S..A.P+e.,..9"..GN...V.O..JEEU..4F.|...i....Y@..L..{..<m..../.%...~....vk8.6..Y....).a:....+.j....v.\.;.`.o..dl....kfo"{.0..W..=+q...I.^..\....vh#y.`rS.:...(.Ic..C.R.+.O+....a.N.~.Zt.3%....T..a..X.......@}CqDTm.j..`...b..Fy..Q{..d..IQOQ/....Q.cKc!&~cL}...I.i<..U)...5LB.y.h.;....hg../.gQv`zFX..D..s...........^...;..E..j(...9.m.........I".L..v.}..;z...e.cXNB%..Z.u.l.%_.t...R..A.9...=.......Kz86@(......g].G.Ty.j.............D.J(..!.'.)..V..u.....k.-.......CG....=...X...e#....]x....E...N.6M......;...;.1...-x..o.......7.(DKa.>...$.....Nr.n..G...V. .n.#....H.9Of`..^7..I.N...)k.D....!F..hbV2CI".f.!.....<}..t,..&=..EXt.....c..mf..`.I<.+.Lj..e.4K.8D..e7e.{......B,

          C:\Users\user\Local Settings\Temp\AdobeARM_NotLocked.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:85F6039FAAEF86FF2B05AC9B85887EF9
          SHA1:1328B0BDCF6777C6A66CAF9916053BE7A776EE92
          SHA-256:0D9E47D34A4F767127A454F1C8E37DBBFA003E3CFADCB6F2072626D0F8A830C1
          SHA-512:045EFF29DED548A30A404D46EC1810708208CD5EE44C4B56290DC557DBAB86D4C64B3614EEE36978FE61FEC11F43DD9A1163DE5B9E4816B4A6A3AB202CE486DE
          Malicious:false
          Reputation:unknown
          Preview:[2023..7....$..~..(....0..*....B,.....fbN...f.HI.Y.%.-./....v......v..-..ES......~z.Q...!.`.Q....t........7n.E..^..W.C..E(.?[....&wu173...........7E..8......;+K5..(C.7..+.XP..D..m.....X...Z..-u.Ti.1.......5.|...C..Y.9.._HS...._&..#.A.!..?.*.d..nn8.a....@)}..LE|........#H...9..'*.....qis."$.9...y.ETn.....n.8Zt.....NT.\..a.a?.c..n..HD.X./^.+....k..U...w.X"3.=&....C..C......~.._..e1e..Ls....I.w>,B...`.4.w....(...#..1\.b.w.!....6.|.......=7[.s....0...... ...H.#..5.[;....w'.$.q.>fe.:.Rk.0..p.W.........;.%~..R.&...5.2..*...}>.N.O*.....F.W.i..ZUR../Y.j.]..G}<.F|f(|...hP.E..l.g.Y.\..].ARK.9.......7..U}..kc.n..<..N.>..t.....l.....x0s...T....s..h.sF...y../V........&.O.[Qy..o......O-/.e.N......4...V..*C...S........ Oz..P.......s.>..............[,........O..J.;~r...[.?B.x).s......@l......J..I...o.Y..E....H.C:...+.......c....KOX.......%.6#..&x..].M.N.....7.".l...Pg..+.....e.....#.#7K.~.<d.o.j9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-

          C:\Users\user\Local Settings\Temp\DESKTOP-AGET0TR-20231006-1147.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9D006D366E7A558F8A25DDA6232F38FC
          SHA1:9FC0FBC955290F41977613350F836D0FC9C83CD9
          SHA-256:C2EA96BFBC54504DD3D64A9F6747F4DC776B09943810CB689C70135928AB1F74
          SHA-512:308CD342A81C52B83A2DB67137C4E18302D14AAEC8EE7830C2471C5F31503203CA7EBDAFA117EDBCFF84DC24C0EC57D03F2D3E7D536C9B298F2A896BF5678E2D
          Malicious:false
          Reputation:unknown
          Preview:..T.i.....b..va..\..z...DI.k.{..N.h..Y<....o...2z..`K.....`.rN5..J.[~....R..==yS...0...>......X.;.."..B._.)....Q.X..=\.hD.........~....^.I.c.z.-..!.@.&.2B$.c'.X{w...=W.e.Al.v;.{.K.s.,..qT..~..)........8.I...........2...Y4zC.M....j.Y-|..h.....\".r......I...3#HG....Q.K.9.dj...i..|..Y..E.}..?._.~..>....8....?5?Hq..[.....q.N.yi}..1$.o^..A...?p......8.\3!5t..,CA.../..+T'.....&....H..c......K]LSa>h(..P.blsm..K...eN6.`......X.....6.m.......$..s...Bq.tI....`VF.|./:..../l.....&.v.1H...(k....%9A..g..d9.y.%D..._..Q.z.F.a...y.ZU...._pV|#...%W.=..#. .k.v.D.S.0..Di..h.|Z.|p.2......D.{I0g...Kbl.....2..Ma...../`..?..,..F...'e.l .P.t....Z..T.....}.......vr.t...u..t...=....O<.4Q.S....:.)l..fr....#>Aw.S3...o.gs......?.FE.*&...?...u...nSS.J.>..|....r...u..Y. m..K.....7.?.....f..Ce.#.pnB.B..;...Z...J........7....4.W.O....g....Y../0..h........7n.9..r0..e..".B..#Y.9..x...c.f....I.......K..m...u.....M.........Z.!*...m.s .._G.vI.....3X!...........A..Ud....

          C:\Users\user\Local Settings\Temp\DESKTOP-AGET0TR-20231006-1147a.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:262E5EC35EEFDDE6C79CE1DD00E43602
          SHA1:92F089046F39920D22D6809303F697F184B645EA
          SHA-256:A56B3B3CDBEFA5692529F0F26A9E63C84B3625EAEE13C4BE0E4EC9564CC4917F
          SHA-512:18B8CD0934D5331090736631462A61AA20C7C42287B7539AF78B5E767B283A52231DA2759EB08453FDCA94CE3BBC9C12CBCAF479FA7D6EC825DE1CB2491E0CE4
          Malicious:false
          Reputation:unknown
          Preview:..T.i.....E.A.v*....\.T....D......D.g.D...^:w0..3e.w^........u......hK........ d.....>...&..J.H..}..=...,h.@<.....$&.L.Q.?I.D...).z.....TMY4..r.g.E\......!.#.(.V]X6D.....Yq...f.%.?lJ.@..G...q..A.%~~..m8AE..BY.G.mx.9-.......#..m.|..6..D...L...R..A"mU..6>X.S;......?..>.S9........?s..a.l,.o.....$...m.r@.....q.M.:.7j.e/....$..p.m9@..xL./.}........g..........W.34.m.VgI.f..^A....~g'%.=......3z..Y.GP3J..Ez....b.....]....Sh..O#?[.z..w.....S_.<pB.c./...D....[..A9.#+...%>9..d).0P..l.z?ED...w...}..d.s.%.]I\W.;.....I...71{......Q...m~Wo.....S.T....W.x.m..l....$.s...tCl.6f(.c[.*...*..$..2...+^}.`%.7.....c.n/"g..<..B...9.....ye.H..=.=...p..h....)..).!....)..C....m.....vv.;..e...7C..Q...H....e.aU.*dv=_r..%...Uw.T..K.=......L,...YQ_{.........S_`...........oN..x..Gz.bp0=..-...~l....V=M...[..Q.9.#.|R.wd.....k.... ......A.3.%q..#.+S.."....R.".+#2M.!.}'.".[i...m..lL.....M..#-......r6.C|........x.h...=....}...K..... :_|.v........XI.....itHvQ.:.....{.....\..z..3.}....

          C:\Users\user\Local Settings\Temp\DESKTOP-AGET0TR-20231006-1148.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7FF40C9D7E68B934E8D5962D23C92BD6
          SHA1:A692FCAEDF2BEC097D2B083602507D9532743870
          SHA-256:C6F631C369C73A7F82A556ED1D9F93FE212FE060F12DD130F8D0B31AC8A1C795
          SHA-512:D8C3A08C7BA436ACB3AA216BC6D5BDF1A4F17C87E8942B427CF23EEA2BB33642704805DCFF45EE93A7C913A494A2C09CE4EE8375C0E9B2A5E97918E084072592
          Malicious:false
          Reputation:unknown
          Preview:..T.i%...:.....h..8...0..(.F...s...'-.........E..c.[.Ag.jJ.,{.PL...,....dJ5.#...%1..,.a8D.....w3....~R......+A(.v.Z._.k......t..\+&F..p>.z.yp..3..hNo~...F.6.....M2.Cs........D.r<!<c..?.,..G...V7...3.....Ym!..l.>3.A?..x8.d.7..1%N.r....E..+o]G0.F.4e....C......x...1....ko.k..#6S.h..p.w...T.j.A....*.S.6..(O."....}.R.mu...!....t....y..d..:.n..q4...d........S.....xq4.... .....3...=..v...5.2:Q...Mod.4.2...LJ.+?....C......ZK.3..........D.J..7+...c.......M...T.~.>O.Xn...O..]F.....]d.............H.....W..b.4..lo....4.....].J]o.".>..x...q..du...W\.[OZ%BM..KbX.q..-....N.....qN..",%.m~7.>.Pj.......R..P.:..+..|Kt...G.d..."...._.*....d..?g].M|. ..c.......r"..zXl.....D.v.\..AlQ..}+.Y.Ux...z.|.Ly.......x.+...(.6A.@..{.)....Fh...Y.=.X.....O.Z|..O....5.jp$....A.......^G9...8f.eA.....L..p..T.......).A<.......Q../...r.....ZG.>@DY.C.....O..3....!8......<.k...<.d^..P'..uo.Wi...H.=..j..4b.%..........VhK.Az.+.......\.p..... O...5.........j....`c.G. KZ...SS.7D.p.

          C:\Users\user\Local Settings\Temp\DESKTOP-AGET0TR-20231006-1148a.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:0812888557984474158E6DBBB9C27329
          SHA1:8E1DBB5AABDC864920313C56F95E14BAAFCBE4D0
          SHA-256:76B247DB0FED1378E905C0D78404CA9013DB06AAC295C36800D38B605E04A527
          SHA-512:8054431C751CC856E4F33255372331A0A31EC32CC827A50DF05D6751E72F254B0AE2C2053955DE2B7BE42F1DBFE1B3FE6371CD6E11167167AB61C513001283BF
          Malicious:false
          Reputation:unknown
          Preview:..T.i....Q.b..}.a.....C.0..K!.`]..+H1e.H....?g>;./`\aa......p....b.;QW.0F..6.k%.q..G...`t........J]v.3....V..$>L..c.....H...........3.$I.x6..Wp..V3...*2;.*:.fj^P.{..u..$w}.+.....p='.}Tv.......H.T&.R....H..Ad.3..{.&!(.Dm..|a^..Q..V:.q.h4.U,.R.z..Nt...4.UZ.F..#..Y.v.ev:.4sv0x.e./U.3.........^,*_.:d..e../I8y.y..Foy...p...jl......D.:.1..p....L.?....c..M;.5........:..AK.......A[.....%....l*.P.au.5t...hxFn.)..\..,.A0..i..a..Y...@.]Y...%...Q.94(.(hm..C8|1.=...E.E...?a.K.8.B..+...T...o./.1.o.`.o..R....AhD.......M7.....bi......d.3.\`..6....e.{*..&...?......\..z|5TI....E.W....G.......3.S.(O..'....n..'.Z.....Yy...G.,yAv....n..=..~......s ..:..:.cW.....U.....N..]%..p.....V&.oJ-a."..d./.F...2..]x5.D...I.kk.1......(.Y.D.".gA\.O.C.}.....}xPcl.Z..s...xgz..`........M..._^{&f..Smw..+<.o..i.A.0 .i.8..y|7m....V....x +.....s..... ...T?..%.i..Y.jF$6...T.k!..nT..R..6....d.t..mW.v..6.<..;JT.,...o......*...<.7.......t.......4$.=QRe.\...f1.)0g.\..$N.......x|.]..#

          C:\Users\user\Local Settings\Temp\DESKTOP-AGET0TR-20231006-1151.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5FE991E37BC62E54D3A40A0861A51816
          SHA1:8D6B5E7B0D418766773D15B714795C01603447C8
          SHA-256:326DE1DB5B4FA1A5527E5C2E7A4345C2F31246F0501E1F5A235DA7F7C127EDE0
          SHA-512:B18E9D9512DD5E958F7C6F6F0EED5140387B608173C83027EAB44595734BEC96D3969B9673188D903A86C23A5449D7137465E5F7C2C832A924DB5699C2ECB08C
          Malicious:false
          Reputation:unknown
          Preview:..T.i.....F..>#g-..@y(.?..)..db.w.r..._~...j.}...C.?U....JZ.Q....'RkQ3^.(V.E=..ct.....N..~....A....R..BEt.5?...\....BD..r.zMo|..A@.q.......Ov...2..a1..S..&k..h....l3@._Yz...sJ1..0.....A~tG.To.tb......V.....EJG`.T..G.....?..<..).3B......x...C...(W.of.T.F...m..p3.....g.F.$.Z...Iv.../)..P8...Re..w2.<..W....L...5.<..,.k,...D}....J}...3..#n..X&...[.q..q?i.K@^``4.8v9...D....o.V..XA...=....... >...0d.=@Y......~..V8.H.pD1....)_..:...-....a.r.1c!...0...bVI..F..I..l.T..O&...h......:.LU.ph.,..-.$Y..._..&..%C.LD.z........2.k.qhz.....'..p.......l..26..dBm.:..K.T..I..Ax.W.4&'D....u..k/...\....mnK.Q@.}M.......8.2.I....=...E"......]....`.... E.....+..F.M.+.t1..P......]....#/&.3W..1.....P.q.mg.k.3.P....s....Z/.\nh.VQHa..L..x....9x~.t\(.<Y...h#.5=.c.Z...(w....l.O.pA3+.......uI...,.j?..6u].li..?.0........H...>..L#.J.1..o.z.E.%y..m(.N,c..R.|..0..I8.o.....]...Q...b.....R.x...!.4...... .{....u.:...s.I.b.N=f.V...K.N..Hc.7.!\.oF..'6;Q.r.e..g..z.<..2-...~X..R,It...T...

          C:\Users\user\Local Settings\Temp\Diagnostics\EXCEL\App1696586115564995300_071F4AD3-0F0A-43B1-A566-0CD1A278F3ED.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4C23FDD211E787A07E926D7461ED9597
          SHA1:D1EB5F2C6D2EAF868E9CF67CA61E47DFFC40D6EC
          SHA-256:1AC066A5A75AD665277C8F573A8D3D44F4C6D4A0C339992899B17DD9F1CF33C3
          SHA-512:502B25638714F62BF72F771BCFE5A1CA22A3A3587BCCD48EED44704E1C1D1D3F1C51255333CA96EF80542FB221B493A98458785B5C5C291EAB1B3DF4E9192BB3
          Malicious:false
          Reputation:unknown
          Preview:Times..1rD.P..x......7.D.-. .we. -gY.....j.,..T. $.. ..'..v.y..s_p.q...`.xF...J?.Q+..0!_..uGJ.w.~....a.M......w{..g."L.|L..wbO2...B.Fh$.h3.........D.....RRXU.Xi.p..Q .Y.e.#...g.r.b.0..0........p./..m...$...p.n.&r1..X6Om.....P03.W..$..c@Cg.|<.T|\..@R!.|.G...|...3...{$Fp.m.1`.0J.CK....?#@..6`<.$R.a...CIF.&..&b.#..E..q...m.2.....N.D(.-.Ss...9..~.l..-."....y..xZ.....X\[-....{]..7.<....$k..P...8G...wu<...vBm...$~...C.Z....B.......3.'.].Rfc.5.f..\#.8..sF.=P.:..E}..'.4.!x.........R............i.'j[.-.[I..76]....n......V2....6)r...C..T.T.I..Or._.C.zZK.-...Q`N........F}.7..{....Bv....%.-...F..j..{Q...N|..[...&.../h........&.b...{.mD.'..&..(.bQ.....Q&.....@.1....4..-..NR1....{.$N.Ch..V@+.....F....z.2...m......u/....H..w....b.K.,.m...6O6..a.B...{..J`.,..jj..2|.Mu.!.0v........\....o....o+.[J..Y..{.*.O....Y.....i8..l..:e]..9..J%.b.._.1...fjw..L3_...P...D....u..`=[.....i.X.....G.... ..... m.....G...G1.19.....O...aS...............9.S......]."

          C:\Users\user\Local Settings\Temp\Diagnostics\EXCEL\App1696586142000518100_5AC24207-9E3D-4F2B-B47E-70682EFD3B1D.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:6A6203106C12BB62DDF3F3F269466766
          SHA1:329BE64552DF558129D82BB94817A0A50FC30894
          SHA-256:54EBF6EEAFC9CFF1BD5966983858E25F98E5C05637D6E6164FC10BA65C5847A8
          SHA-512:363F12F5B9003CE6DF3ABCE68E02294A207D0D3877D6B7E8FDA2DCB99168B29B40C490DAE96E3CA83037EB7ACAB9A6C509B1E978122404F5F69846FDA85B79BA
          Malicious:false
          Reputation:unknown
          Preview:Times.y.t.. .D..........K..{w".......w...P.J0\S.EN.C....q..r.Y..!=....Gp.0.'.%..D.V.3bN.%.Ch.[..a..g......=.?.....F..[.........X#..=...p......L.6.1....u....wb-l{.i/{.=.m8....|K:w.GmoI..C3.O2-.V..G[.......E.K.T?.J....4..Zy.B....HD._..x...W... ....76..@.yl..Vr..B......^...^..Z....M.Lx..u.....k@`0.z....2.b.1.W.b\....Mx.6.Q....S#./41.Q....Cj.5T...........\.S..e..t.mL..x.H).........W....F...G......Z|q.N..\.t..iW7...-.O.v[....Y.t.K....X.Vq"_..rp~.9......%..s....}z..[.....i...N+p.\(t..;.G..E.Y..f.%.....6..d.d..g..|...E\..s7Nv*:f#..zR.#H.v8......A..o..7..cY..-=.7....>|}..$.9.....E...0.B...\).Q.....b`..\*._.Mn..<^.....!....6...G7M.....I...........Y5hl.6<....kSg...vS.c7.|..6....l........Xf.g2..Z....ON......D.6[86....\ag{..\p9u.X..r....aJ.5...Y.D..u..k.....ke.x.W....z......&..l...K..6......8p....,.(....D;t...k..%?Q.....!:...[........p..4.M0U-s..-'.s^. ..L.HO*U...Ku..".0..3....&...9..X.:........g..|.I.-.-H....F.*;".+..M].W....<..OSx':j.iY.?zY.......|..!....@.

          C:\Users\user\Local Settings\Temp\Diagnostics\EXCEL\App1696586151845122000_D1056913-D917-4833-8930-F2F72089236B.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:AA4E0A707BA4A1D78D21133BCDFC2C20
          SHA1:79B0F2CC57871647E6AA150F4A6FC8C651C31094
          SHA-256:E8E8946E1182405401CC2D873942A408EDB2FA7A838C44FE5E04250CDC0E3923
          SHA-512:F28059EEA06F610EEC9E08EB6A250A43C46D1423CFEC7B74A8DEF572F5F25262FC40951791140C239E49AD7B933C10364225B26A201721E926ED408A021EAB1E
          Malicious:false
          Reputation:unknown
          Preview:Times...E1x.C.7..._..\.`.7..-.J.u.......Nl..I.n.,98.......=..z...e.)n.....S..i0...2).;..I.V...h.:.Q..!.b...A...D4#]'.P1..q;x..d.JM?n..g...2.].r#..c{..R.{e9Y....4=..).f.......R.Q..}..*T...M....n..*P.U.A'jR.d.-Q.N6..1.5.....n..7${.......\..%....u......<@."$S..;..)jh..J....QM.............p..{>..L..K...._.........z.75...X.2......H6d:.G0.-jL..{.:....U....T...q...._B'.....K}....B#.Z{......a......K.\.$Y..3....AE..TW\.Z.?.._a..v(!/.......U.f.Z.:.fcU...%.q;..|An..mUY2f(X.bi<:..`.....S..I....Fh..=|?.la.....`..r.I....08.)....q.[.Z.....Do[....(JH8..*.....U.JE..(k.x....6Z.#Y....4.k.h...y.8Q-....?pX....1..=........q.Y*a...Q..a........g*..;...qA.>U..%I.4......06...AHd.$....~.21M......../..W..h!1...EZNh..&o...#I..u.I..y.. .Y-..&.<.{.S*....z.r...(vO`.E....o<......!..l.....]A.....~.}..+OgT.......&5....@...p\<.{a..........JS.......AJ..>...\..b..X.0PO.....I..5bNW..w..P.k>....7..",j^.9.......x1...k.Z.%{....{...H`.x.1.....+.=..n.(..B.<...E..ib.i.....<.~..+

          C:\Users\user\Local Settings\Temp\Diagnostics\OUTLOOK\App1725550491176359700_1C80F94C-89DE-48A2-8E70-7714657BB87D.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8E0CB2D340FD7576A8614732218A7F82
          SHA1:F9B776316D8E14A6406F4DFA9A8103FF9321DE80
          SHA-256:742624BE70CE070013DDF42280B750495FF9F569FD7671501BB4D39600F80AE8
          SHA-512:8377F6E867C47D36A12870D0D67B80D94C0BDE383D85EC5563BDA496FCD332FFBAED914FD29A0F009893A6BD8FFE7C50E4A32430EF38EACA8DB1639783D80704
          Malicious:false
          Reputation:unknown
          Preview:Times..1..A.:.ApF.....X.-._Sd.....Q....J7..L1..IJN.m....nV.%m..!..m.T.s.."y.(Z@H..4...(]A.L?+N...@t.W:.....V|....=...q.~....L.hoQ...+U...R:D....QG...Xv.....D...&R.z....>.k`.IT=]....^...2e...`...I@.8<...j.G...Ka........C.l..eQ$..]..... .]...r..X..1.....j...q..>W.;H.A=..m.{&$.CC.\......P...........-..Sc...u(....\.mu.R...o..j..p.......Qv.......>......(..U....uW.l..H.}#?...uIKd...aS.P.N..a.v'(.L...;.....*2..tw.B...m.4of["&.}...B...W..K.j......Q...RND.x..J.\.....A....VG../*;<8.t...W!DSU.t.u#.P.....]H.>0....?...(......A.....[..._.t..h..@.....P....f.....4=..`^...Y..w.....f.I.~...?+a.....nW(..e)z...D.x..Fh..VV.q.. ..W.)_...F{.E.!7H...;....7v...$/..HJw.-.J.......|.._.lz...PD\.*...'.-A.'....X.u.Xv.....l."..... $....Eg.....q..C"...T{c.!.......b..f.Jv:...:[({.a....'.J...qo.,6k\..q.=Cu.h........-.,.q......U....:yr[..\.l...M.*"=.....*<t,.............OFg.Yl.|..[k...A...q.[uN...Jy..ep....../.k.......!.V.H....~2$...<.7..R.o........W.9V

          C:\Users\user\Local Settings\Temp\Diagnostics\OUTLOOK\App1725550491176891900_1C80F94C-89DE-48A2-8E70-7714657BB87D.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A7639843E0EC9C788EF509957C3648E2
          SHA1:4A82320E6ADC1F46D30D6C925D027F6E0E622E4E
          SHA-256:CAEB260B8C04BE4C8D08D82020FCB91A983EA43348CAA960D48D531D4EDF3EBE
          SHA-512:1577B739DABD6F7B15F6BAE67F4224CB53BA02654561D4AE88455A369793B9EBBEB2A48F86F3C6DC070A334167780361E8ECA5577B925DF4EB7E5AB859AFCBB8
          Malicious:false
          Reputation:unknown
          Preview:.....|..I.W."..........}h%.Dh.....'..).... ..p..Me.*[&&.n'2.4......i.9,...{.7.P....N.......G.b.0..X......>.A..A,..."......[....8.^9...kLk`.....,......t.;C...u.V...h.%7....'.....%~...k91..C......../.3{...].....xd.F..Z....8~.V...1VMJy..^...;#n....(.E."`.`.Z..E.@.&,..&.p.....3...&B.%[J........8..q6.L...9.Q.+.+...8...8....)"....../U"...+~.T...I4vZ..ty......7I......JRY.L....}.K.u'...Ewd....T...j.:.J.@..tK.._*L.48Dw..a..P....{0C.ZC.....+..{,"A.......4.JH!n..0.@..{..C[...1.%..,GW......8.9|.....>..`_4.`.....b...k.W.:..Js.......v..B.Z{A....uM...a.....h......RKO.....]z.Cd.E.._.>..nVnr.W!E.....Q.]9..,%.O.Q....U.tO..s.9...lIk....}..6.iO4./.g...;b..}..F...:...+v.. ..k?F.;.e.0EAL`.8...TI^/...v+f*.$Y.=............RH.,".....1HF .._.F..>U...U...g{=v....X....4........'$.s.3.P.O..Ky.?....i.".5..{{3... ....+.1.MQ.......4P.......;....$6$F.cs..W9.oKI\..5........e.sP.y.$8G.@.p!k....R.j..\....h$.).^. &.W^s.........<.....\B..9..}0.\....2J...=.....a..-O..<z....h

          C:\Users\user\Local Settings\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240905T1134500675-2032.etl.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:966926B25676D1F49DB49EE69747DB8D
          SHA1:A2B98414DDF19D0E737C0EF995E88155A297E9AE
          SHA-256:507C67E2865774BEDA15F12DEB816E1E8DC3B71BAB217B1175DA1414868C050B
          SHA-512:E5D566093A362C98B4E9926487A953CE3A1C86A648762B8DD8F5CB07A9C8EB2330AA02EF7A2753D340722E8921A6FBFC3AD8817435AEC42B07CC590450CB644D
          Malicious:false
          Reputation:unknown
          Preview:.....c.+...*...r.}.;Y.u..[.......Q..6C{.)a_6....p$/.-..:..GX..........k.....i%...s.Z..R../}...&...{s.id.HeL...|..|.....e.....o:.m...g`.A......E..0..=..i".`.......k....)-.........`.\.^..%.?.+.}9.ye..u.|2.?......O......B8...i..Z.W..)8.0.@..gE..x2.eV.......zH.%....i.........k...<..n.8..)..J...........Y....w..O..g..u......O........".k.v.jq/.$g...... . .DF....C......y.'..;.B.R&bo...........K...0...Z.;..M.DE...(W..6q..'.....8.?...dF^*.#-...6.>X.*...).....E...}!.|.qU<.X.j..E.."+...6.."sn:.t..g.....t..'%.Y.......+. 1X...{-TW.Q.n`.]1g..7..H..._B...`..]tpw=[.T.....2....M...L.;*.....J.k.k.........[.U..OP.5g....f..g/.2 <.$odA.!1...2.].W...a.k...9Lf......L.c.r...P%..$M.D.[$...f..1Z..q..g8..\)|Td..+...(.9..."M.2d.......^.:.....|. ...sJ.K.,........g`.'..A\"...~tv.>...;$#z+o...Y.\z..u..P6S.........x..n..$.._.G...m......8.?,f......Vn.9...u......o.....G....E......S..W.y..a..J_n....&0.....u.....9,!.......G.wU.9..,Z...4..o._..{..D'IRfa...*.Q..ld.....E.v..q

          C:\Users\user\Local Settings\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-06 11-46-01-753.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8EA9388108FF9C19609B910FDACDB681
          SHA1:B8CBA70630FA8AE22BCABB15B94C6D0594968BFC
          SHA-256:FE904803A05FB53BC29BCCA26D73A384A40D218DDD53D4217859D8618CE64DBE
          SHA-512:8BFE388FF9BD2A1E9270D20410B45AE243EEC96436906D222C13996A3A983C1984231082BACCBC5F68217BF9A5EBF4A4516E54068E05ECA705903097104BD187
          Malicious:false
          Reputation:unknown
          Preview:Sessi.2...r&..p.s.......j..j....}:o..9O.8...!W|.S..%.w^.....v.....U0..=.p]%lj......4U(W....'.Q.8|....1..-}Q.e.vP..g=tYV.[N&|NeGX..".c....Y......O...Q.1.u..,.@..S.5.(k...bjf....6..3Y......z&t.U.E.......m...!...*yy.Z......2F..*\........wM.;....{.x.<.boK".......}*...u8. .3..h..W..?..gE.....,5...*...n.......Y+..DU...D_[....NA!3P9.|.......7.;..].=..n..?....x....Wg..;.E.#r.&.s.....}.b.c..$P.z..k...a.|..#&<..|..%L.{..h..(Sy.#..O......n......{^.KS..G.p..G..x..r...<~.....(....d.U2#..t.X\.t('.D.q.J..r...].U.@..';....la.....R.5I.L.B......p"}...0#<.......`\.P.y.k>.rSH..}...!3Y.|.'R..7.@....W......W*....(....B......7...uj.8m`!..w.G..+q_id:..p....Rf<,a...#.e.L.2........^.}57pao..!1...~.;...v..B"p.D.^....+..6...r.m......4.W-C....N.wey..hO..4GnTYkXK.@..%.....&^.~.<.&.*.N5~....2..L|...Sh.H.\..W.vM~..g..F..-..>3.L.u|.3.($b.[...L%.....e...M...R...h%........../sQ...z..4.....@O..D.5...W.F2..]..EK..........]z!.*.ib.............&/........S....`I....s.#:.../.RX.

          C:\Users\user\Local Settings\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-06 12-09-20-923.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:30D9F9A2B791652BA106CE87F4F38E53
          SHA1:EBA57E8AA3218EA3F5F664E860879A71BCE3D253
          SHA-256:6C25C925DC82153D44659083038C5E8416BDFC39203C64CD13E830C6DC88F544
          SHA-512:6C6EC37A170C5A715702AA3D62657D1FAD9DF86984D00EE64F476DB1CDF228EAD201819E44EF9C3C5792AF96C7028D96DF7EDDF7E51E538AD05CFEC1B629EDB1
          Malicious:false
          Reputation:unknown
          Preview:Sessi..~$.sL<>.j$.....%@:.<..sy`..*...5..}r.4{.I~...........L*.U....~.j.ip..~=.....X.BO...3...B..BU_...9~.F.2A.$.)0|.....DD......|...."r.1..@.X..*+.Q...YH.z.....p...U.`"-.L.h...n..4.8....+l...x.*..!..+_U..#...x..&.mQ1.f...e6&..ay.T..".........K...e/.B.P{;.u..o=D..a....%..C?.,....s/\U.i.%.....za{......8..o....Q.... ...L.a.n.h...(.Ml.L..u$.V..%B.w.y......).!-@..7v7i`..vy...`.Jw..y..O.......p..:._8..9cA.E.|(.".N.......xy.2.*......!X.5k=.~x^.&.F...Hw8.R.e.{g.k..]...yc..R....A..{ U.........s.^..6E.A.T...j........Hh.@.,..)r]..KD.)J...z.)lly?./;....`.R....a6.4...G.sL9Ac....l*SaIW..G..).[...HI.. .r1..:....w9..X:...8....I....p....lEw......w......i.. ...,!6...t.Q.h.w..79.rP..F.\q,F...M3'T....B.e..u...%...{......L+..6.*I...D{..^mrd...fCpTV./..R...=....!.......7....auRI..<..k...;.w..%Lq.`p6.....j@..#.<..Q.......t.^.....).v...!..+R...p.#..UV.......S..o..BF.Q.Jo.n.......[.{slw..P.+r..O.....`3..Olh.F=.Z.E......-..{k..,..A.....2F...O...B../g...

          C:\Users\user\Local Settings\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-06 12-09-32-741.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:85AD386ACA4943FB6B4F478B4C877BA6
          SHA1:8BDAA3D6269E9D38128EE71AAB1901DC0A3B04E1
          SHA-256:A36E79770C4C1266A28F34E65AD6C2872D47F08B5FB5F8F712F38742568CF3B2
          SHA-512:D0B26EA550CD17A145B58068D33BA3582A3644840B0E5DF34793C62360DDB2B6B15E7F0DFE2BFEA1DBE039F8B08129310FA8E1E0D3D01257C66497C50088DA9D
          Malicious:false
          Reputation:unknown
          Preview:Sessi.....+_(.j.3}..8.u.>|N.g.%@..|..t<...(4!P..~.N.....?\..{.....U...9..R.gW.%....J..0.z..E...X.F...;..,Q...t?..D...Xx....(..z.....9..i.....s.'{l)...%..J..:...o.>.a.Y..a.b...N....AwV^jr.o...Y..(_{...h........k.x... .8..p..o....M.!L.F..f.....nk.Gu.."..n.r..W..i.m..y.......;c..$....g~.eG..U.&H...D.....(.s...z.:..%^...\n*... ...J...U !-...R.J...~4..g.Z.B...../..c.l......z........B..4@Ap.V_4xM4Mz...}.b.L...}a.r..T..H..fM...^..q...`.m&....Z.x..b4.3..(Zj;X.&.U..b$xx.R:...z.oq@..b...U=%WC......._in-y.,*..`...7......IF.=d...+......LVmeR\CQ.ke.Y.c.x............%.......^"......)....t.j...K.c.........$.. S.<.@..7..Ue.U0;..:...=\W...vV.e.%_......0EX.:V.Z.i..%...h.LU.^h..:|..@..e.+....+..=.zn.y.].KK.f..I..!.....E..{r...!........?....=wY....e.V.8.x.......'.f...Uk.Y.h.3a..........rB...Q.0Y.mS........#....?#.eF..#..x.%s MF.E.v._.]d.t._"....7.....]..k..*ltl.../.....=.....\./..7....7..El.5?<SU..[...|..G.BOQ.R....].0.H.wRz4.T.\.d...F{:.|.x...$g..y].?..w.4...R.

          C:\Users\user\Local Settings\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:74BFD9C9DC0A1B8C0992DBB8A31902E2
          SHA1:EFC09B5D276D483DCCD1C1F0CEEE6F0C1248BBC8
          SHA-256:8C6FB550A8B4E5C6B79C2AE36D149AE0D08AC5108F5C8DD0137116EDD329936E
          SHA-512:D067D8397D8D8A38F14C24092778F71D3E2B51E95758AEE04361CB0D734A683732286B2DA6A6C294EB879932D30560C7FBC5B453177423D9434E61CAC8E31F8F
          Malicious:false
          Reputation:unknown
          Preview:Sessi1+...` ...Y9(..>...pN":.p...C..g0.....<.U....P.!=...\.L>I...H.t...G..kd.#.R>.>e7%.I. 9..b..........0v*jx....K..*....;..uw...7......0...L..wt.S.p..0}._...Nf..X........\a...$..k[W..$3.....8.U.{..Qz.....l..-4J ...u......!...#...T........!...........3.v...".'..._c..,}.H..g..e..f.(as&.GNs..jN.....\./.....Ip.@..= .bV...;.&..A.p8v_r.2<.,..z.-.......Iyn..D.....w.3...........&..?.d.V.@.._...!.|.K.A ..O~P.;...U..e..t .^V.x......MKy.w..\..(.D..0......;.....E.~.-7z~.U.?..QF...].]V.M.HgV.D<...8=f.o....3B.A.B...e.ig.........h.WL.II..?R..h}2.;..gh&D..U.9...A....E9..d...0.*c.Z.-..u.P|.6.Ob..r.iPo.Z..N...C.u..J.Q.x[q..b.z....F...q.#o..y.....4.N..9...!`....phd.jCX..E..R.]"...E<}!....(..........RM.. :...l.f.....#..8..z5i...........". ........lo.E.w\.(...Q.;.s...t....INL...rY3.g........K.J....N.....wx...5q.~..B...*.W..N.#O}S.....`.O..f\...S....zz.U.y..@K.....G..916ZF..S.J.(..>~m..h}.....A|.....f...k.FA7....C9Z...p.Z..../.I.......x....z

          C:\Users\user\Local Settings\Temp\acrobat_sbx\acroNGLLog.txt.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:621F47E62B68A67AF9CF1D06E44D0E0B
          SHA1:FB16E5EEF0E7CF45AC9E24584BCA196FD9FC8F5D
          SHA-256:4942F275C2E569B4D4B89913A0055B09E5A01AAD002A7106928890F65FD59323
          SHA-512:EC8A94574F3BB76AFB2093BB32F58C8C17B16A88BC11C6C722DBC6DB04C049D6AEC34A8DC6E807ED1AFFB53695B2134F8AD4C499920B7F4223AAEEFBFC27CE0B
          Malicious:false
          Reputation:unknown
          Preview:06-10b.[.-.."...F..$.W.._+C..[..n...jp..p."+.>..mJ.E..^AM.....EG.."P6........R.Z....5..iB......@......a....9./R.tG..hh_bBC....|.`..<yQ.-.....HJlc..V$R.....(...{.w}%xV.._...m.....i..-....q.,.......l.`..O...){@..&d...<.6i......D.{9.x.p_..:.m0$/'6.....;..&r.|.=.>.U..fc...8.d)......J....wt2.....".....:......9 9^.....N&S..z..1...9.A`.gA...^.}Ug.< ...=...~...8.5.Db.h..X....=.T..9........>,./N.....Q.l..3...GJ......!..R...I...y.4*.....z>s7.*...<JS...;w..\_...'~<..od.gB^g..M~a....$..`O..pJ.-:.t..'..*...C..@u%.{.P......S..U.-.E.1...t&._..E..U........f.......!.".?..?....K.3...s..g..d..Q-.*b.....{....P....5.\&.}.Fc..6.R..i..>r,F..........z.(..4.c......U}.0J........xD.)..@..#%.(I.7.?n......Y.B;mB/Cj3x23j.!....{......mG'[.o.....+.&.%....=....My+..Ls2e.>..ANo.D....,..G...j........ .._5<..k..U.m...(.6.nq;.,..)......x'b...H.q..k..45.K.....J.uW.]P....%.......P-...1TT..%L*...1...C..{.j.K&<.kX.".[..Pm.Ga..a.......?.77H..8...+....2..9...:H.....tf7.(K9.z...\...!.!

          C:\Users\user\Local Settings\Temp\chrome.exe.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS-DOS executable
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:95C40FE2C622950096D0ED928F0DB083
          SHA1:654B6509C30505AC91EAA3CA8CF2A7E1E1AE8CF9
          SHA-256:53A300FB0304C7DE708ED7B2A209803F267999E51502DD48F12868B6F8BFA739
          SHA-512:7C54A6FD38EACFCB9F462F25C7C39F1AD8666FC2F07F13400688E9EB7AD2B59E308BF4CF66C6667FC9A4DFFF9FE9C50847022B4100A526E86E7DAE5A3370398F
          Malicious:true
          Reputation:unknown
          Preview:MZ...e%ZOTZ....=Y................mSG..2@c..&......[TU.6....,-5s8.>.m.q....5.:."........y.`.I2 ...y.....&...b..(P...t..b..e'@..l...+mx.7.y... .L;G....i..HJ.;.Q..0}p].C......GRwI@..j..u...!eh.b|.....).C..9u=/..Sz.....n....j....z.B...Q.....?.....,S$.3..F....#...M./..N.O....9......%..MR&..Jd*.......:...$..0Z.g.....l..../......1{u..*F .$T...J..[.E|.....i..*`...=.[Y..._MZ...!.m.:...U.:.I.......~.a..q..F&....U#....s...2..Q..q......:DT..7M.....8.3...}6......d..Rk.....$]Q.t..p-.(...D..Y....-v[-..4.r..8....kX....O.rMW?j...HX.TV..w.V.pNq...._...-...4..vh\....vM..`....>.L.........../.s.U<.(&..ie.........%.X....u...y....(...9PJ..b..0..W.....]...0..R.]...aZ.....!...........q4.eD1..n|..G<...g.u.%.d.{/$.......bJ=!4g./..mt....B...#.4........<..O...7h....l.k..,........Ig...`$.L....&.S.....#.D....(.5..Z.zp..I..W.....sB=LU:......G.{w.T..G..6....IZK!.?..x>Ybi.E.-O.h...e..g..W.e..]..].u_...&..j...=..-.{.i..E.g.(..K...FZ...3L.....X>....n....{.............n....

          C:\Users\user\Local Settings\Temp\chrome_installer.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:96FF97C879961F70FC24294D41D0BFE2
          SHA1:9B2BE10457D0D63A48E1E011C214729D593A54EA
          SHA-256:0C783F739652D1A06D861E9D4F7305932BE93B26D69BF5B44D5EEE49158D9F70
          SHA-512:7753F344176B26F0E654675BB5116376303176C83F3048EDB67C7B8F195B948670EBA7DFE2D9CFB2A51A93788C30796062849B0EF09B32DAA976C215E9A08D7F
          Malicious:false
          Reputation:unknown
          Preview:[1006...V.7`....*.&\.v1naoA..l..|..VR....UQ..4?..F..C.=........(...o.<....D.F".c...wQ......4;.i..W.>..:......e@..'..6..c..^U......a..E.b'......9......l.t.o...~..y.8U..E.W8\r.....D}.L{..9..u$....Uk....r...7@..C...*$A.1..j?.JgPI .)..0.L...c.Z.{>....|P..2.......!t......>.w...c.a...+9..I..l....:..=. a..h..l.0.Qm^..sL..1...Dut!XR.BS.bU.31..{..k.,.C8..<0l./..G.Sv..re...}...j.S7.zK....E...>.c....^.2..v...vNN.s...3......*.......z.V.5.aO..+.Zr...+(......P......u...O..=.w.....U..>.&._...r...4..%....@.F.........yO...Q.:n..Uf....P.:?Z.Lt.z..?&.Y.....CY..$b..w...f.I....3x......EPP.VZ..$...y3...<2....?....h....Jy.Cv.@.O.58j....|.~.....[.)........?tS6..FW:...l.!9....$".v<.k..n/s...|Mu....d.....F~..C.{'.'Q.9.O.$..s.7...(....:..@...`y..D...5 f..yhQe....0.....Z.)...O.K`.Sq.....+x...M.j....K.%V.9.e"..l;/.:.c..R.+.....w.Yg.....8."At.r.'x....<...T.IY.}.T..*>........&...F...L...zl...-.L.J+X.db.H#..O[.>..i...r..2.4:......C..9..n.0....I..{.0|.J...>C..\....*d

          C:\Users\user\Local Settings\Temp\cv_debug.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:85D58C66991A19C5C738AC75D6EED190
          SHA1:A7268DFEAB64B45049701A31FEC5BEC02E515FC6
          SHA-256:D1A9444E864044F34607232A73300CEAFA8247A72B9E57F335195E4CAA845F68
          SHA-512:0447E43148876F6FEC0914EA363BE527F8B97293F002E5ED24DE2007537268923F34703C4ABF043CF2ADB75F8C968AD1C27AC24C1FE1E0DB35B2597C6BA2CC3F
          Malicious:false
          Reputation:unknown
          Preview:{"log...q."rS...U..l.)`..}...h5....v.........1.....z...A..q.=.uw...>.3.?.j....#.....#..y..Xw..,.i.I[s.. L.I-.*......,...[g.r|/.M{O.[`.8.W..R#....c."&e..c2...2.....WM.x......1.06....9....._wg}7....&.kR....%vF...-....[....5B6|s_m......|KE......*..}...9)_.j.g&].*4.ZaAh.O.!w..a..&G..i.).Q...#[a(......d..;.......qq.Fz......@c.3a..~.[P.a~ez..aF"...r.^.7R..?...J;......=h+..."..2&...bW...H..EYa.F.\l=..6j....z=.k..{..8gO.....a.V.v.O.v.9...@.p...3n......!.$.........+S....R.t:"....j.4......u.S.....5...Xa...J .f....O[.y..'.2...T...m...~..}..7."...w.j......G.m:*.l.......IH.7.....3..rN..l...V.%.b...%....}.1..?..4_Y..*.tdz.X.w.$.8..D.z._..=..c}.9..Z@........e.|.E.;...*!.!....a..J.|.2K?...........n.\..y..^.#..Od.t...Rc.._..,u......u(...%.'....e.Pii...q.8s..;.G....~..S|.....A....&...m5.9..H.1..o..O~.DQ.k...;....U.hy.nUl...AC!].#}..E.....L.<|..K/Tz...... )l.Js9../I.-....~8..0....y.......c...._..K......\.k...?#._I.w........(-..'i......}1mV/..).Y.......

          C:\Users\user\Local Settings\Temp\f4c0ae20-77d7-4756-be71-10b79d362b85.tmp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Google Chrome extension, version 3536100355
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9747EF460AAB58709C1522C9E09BAD90
          SHA1:3F68273D4C2639A5391D3C721DE4C957C3F75FF0
          SHA-256:8EAFFFA6520ACC92576F67E4CBBB712B35DA10691069DA45B5EB5930B150CF00
          SHA-512:CC790052C260C122294B21D79576F837A711BCBF7867A106BD6F80CCD236613DA5FF171356622407B1A700D7E2F39D82CB69782AAC1CF479868599043BAD2B54
          Malicious:false
          Reputation:unknown
          Preview:Cr24........h.y..W(.y..m..4..vm-..x..Z..<.N.}.Z....(.......[~aRr...a.kp.:..t...Q.'.^T.k.:......{..'3.ls...uE..Vv..GP(+l..$.f....c./m../l.F..+3...kh^........<V.|..W:.Y......._...i.4F.........Fc2....=....;..Ay.....Y..'.<....t.....{.~......XB..."....&.,q..rd..s.F....k...Y.*`u..+.I.4.=.:}.O$(...e"...$0.\.xS..[o..P...&.Y|C...I...&=.5&.........DC. ..0s.EK3Y4J..1..[....U...._N'..lK.]*..+.G.8.jp....)v.rg.......~..u.3.....K_...J..x.GT.4......A.{.....;.l5...I.u.%s.......-.=........kX..R...zM<_..w.a...?...*.(a...2>.4N.0e7.N..,..r%.Oq.zz..i.M..i.._..e ..fO.H.z..Q..=.X#.....U..A}oZ.>.....J.)..A.6j...?....8'(...Y/..g.......{n.]....4.HHP*...6..@...........H.^..h>K.YK.C.._.E..m.u%W.F..h_...*gs......Yt)z.....Q..E..1....w.|.X.{f....#......_....OSt..O]N....>..;..i>...0.F9pY.cV"D:...p.H..U.f.....-!.*......Q...JP...3N.b.c...\c.OD8z....G.(..1tw...'....n;..\.E....vw.i.,e..p.q...v....z8O8x....|dI....J.B.vn^....T..)z.V6X..t..RfG.]7L.B.$z.....dEt@.a.g...I

          C:\Users\user\Local Settings\Temp\jones.bmp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A2746104F6E3879048B905F8A818DAEB
          SHA1:E816A6B5A7AC13E5900B765315360800C63DB871
          SHA-256:17F72C964C03CE48B067611D3C3674242D34B995126D8DDED4A29FE82E2F9B53
          SHA-512:CC81D242D1D8D702B4E7069A112EFBAA51A660ECE3BAB027F28CF3A96879984682B3E827B56B40F379525805AFA39E580ACB249F69F310FD5BF9184B61997043
          Malicious:false
          Reputation:unknown
          Preview:BM80.t..[?....I.\.E.y.M...j..6>.8.$_..:..G...P~.j.N..n.....u.....6..K\5*.f....]..-K7..j.............v.k=..yT#...xA}`...XS...|[.u..K.N50..!n...t.....(..R...J.I...b..g2.Y>.._P.a&$U...{ ..a.....S...i.]>:.7../!......4........>.6)W.T.L.>K.q.T.....J.5.... .X..._.)..1.9.t..P2e....XI.iS....U....J.*..G...a...T;..}....Q...Q=,.*)x..A}.u...J=..O.X.@x..S.Mz...K.....f.b......z....._...`c.Y...My...;q...a.a\./..Z..]..\.....~|.../.FPU...%.`z{!...2=...[+5......^4.,@S....}{#..U..r...b..4%r...f..[...ib.h9..H...b....W....l....NG.....d5..\.`.G.d..^bFv...4...$.s.O.cY.DN...V..'^ga.%vt...@..R9R.8]n...4.....9..I.........@..H.FO.e.._.[....../..Q....*....9G.4.f..5`g).!.G..!.JBn=(.I.S_sDcM!...%..pHC.(2Z.m....S...M..@.m....q.........-VIw......\../,..Y.zG.-S.0X(....@4....u....$.cQ.Z...N..y=z.zy.......K#..n.6;..C.v}...7..J..|1K.VdZ..._.0..h...M*._.\...g..hzT......$...r.+.jy7,..RW.L..J.....O..I.?.8.-..(...Yuk0.y.......|c9.;E....s.7.5.-Ev..F=..>..P...`....L:..%vB.

          C:\Users\user\Local Settings\Temp\jusched.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3757A56D08FD974B930772EBDBD44909
          SHA1:49A2A6B5061AE80B71FC55A2582DBB361EFD7F9B
          SHA-256:62E74463740995E4086311F343C0D414862EA0F85434C2B80DBFD8037C809D60
          SHA-512:46E62FF7683E9EA949BAFF351575A061B202063F13455B72E04C97083B5C118FCF36CFDE19CF925D092FF0E8B6578AFEA50CFC83540D8B13CDC7B0FEAB42D751
          Malicious:false
          Reputation:unknown
          Preview:[2023&.v..@O\............^= .%..D..=T.U-.)0e(.9..!.5.:..v..A........%..$....._GZJU.FWp5..X.d=.G..N..[.gey..X.%...r.'1...iF;.d..>.8.....pp....I.....M.m.l.}.{*^.r..\......|.dp<.n..3*...<.I.f.....S2......Ts..]d|&.W.... Kr..g..:.b.*..Y...l.E\{.M&.....m..G....~lWGO.ZdH.cl......o....=.S.N....r..X.u[Q....Jv....v.(#...X.t.5.g..*.l.a..qr`p0.p..ijP..1.fM.H.RY....@..!.Kt|.*..Q.j..I.....K.:..+...c.V...W\!i?Y........1.[b.cBfcR.f.KP'.2,.........t]...?.t*....:.h....ANk1.wFW.W.b#S>.....}.s.-.n....=...'8mf..".O.~m...N..Gm7....."...L..o..te.../....B.-.W.C.e.....=3<H.<........A...#..F 2.M..K.9T.|e..-Pc..S./.,u..!.3o....HL..rV..q.....N..!....J0........E.P.l(]l.\{............7~..A.y..~..!.`I.543.k.K...%?....T..........i.|n'..A....y.Sj~JO......L.3Z.....i=...<.'.(.V...d..%.A7.v~.:E.....z} .!..)FrR.MK.@...|...l2..P|.D...zEI.|.i..\.......z.m...#p v...j.hp.c...!.l.{.a...R4..s>..5G..I..\pp.e..0.......\de. ..~}....T....4,.%;...CZ..5...v&.xzMo..K`C...#.aT..S...a..

          C:\Users\user\Local Settings\Temp\msedge_installer.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:976808ECF39E9BCFE4125517C820F951
          SHA1:28875FAF689EC86C407ACD55377B130E3DF5A62A
          SHA-256:4491BBF725AE4E491E79BDA4F2A310D131D62302C944D803CD9EDCC9ADF6241B
          SHA-512:78AB05817E02477197D3F87E6ECAE9D3B3B46F97FEEFCD668E81500B563DBED438118776A299D005781AE0851B2FB90F0B38971D7E5B25CED4E73DF099B9021C
          Malicious:false
          Reputation:unknown
          Preview:[6396P...._r.._..\...FJ.....p.,PEb.5.8.u9.$...JU`.....iJ.^*..<....Li.[.v6.y.l.B.:...9..K...Y.....A.Y~...+.r@.Ey.Q.YTsq...U..&p.*4#..^F.f..?.9S..O...eG..L.....f..,.9...U....T.9m...K..y....V@...LR....a....QJ..O4.b.."....E.......a.....B.........A._...+.ud..............\...F....8.f1.%...w@..P7.7.:..D{a......Q.K.HL>.LdWm9..k*.U...b~.$......,...zd.e...a:..KR.U..I.1.-...5b....)...k.j.G..*?....+.A.....1.M;...k..]..3...T..?.]..[.G..r.d+........(..8........R/...l....\d.V>B..@#.....qn..8....e..%s."i,}hZ."...fFj1.P~....M...C..0..C.o.('.,.L...S.%z*t.}.I......<+{..Pa.3.I&..T.(....A.../.q..3.._3%4..K.K|>"&....._...c.=@k..=.....\.@.]..&Y....u.{x../D#HpZ6....$rS..1gT#..D.u.S..w...IrS`..&..5?.o.+b...aI......C9{.=.[. .1;..B$7."..u..L.c.9...OK. H.\.?..M....o.`.?../,.....m~......\t.H..N.......Q.....9.$<........|..n.t....w.5.B...P..;.&......u.c..-......!....J...."<.....JAg..y .d.z....5..U..i.O...(I.P.YG.....}..O.D...[...M.o...k.(.q..#[Z...2.....!.[a3X

          C:\Users\user\Local Settings\Temp\offline.session64.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4E06BF4B9B670881CE1973E37E71F569
          SHA1:843ADB29A733191481ED9E7001FEF1431F1E533E
          SHA-256:4CF9C6F92B8FD753A667E6BE03BC98F02E874EF3938DD47E40D43CB8AFA56117
          SHA-512:79F5FCD70F5A9E027A6B11E91658009AF5F0A584D719A46796EF735622C99A535E1C81BEEFBE619581A851D2295C8FCA13D5A3D25FD1AF50B88A91727D7ACD34
          Malicious:false
          Reputation:unknown
          Preview:1G.f.#'....a...L......-.(.g...A.k:.Z.....u..6<......z!V[..1..H..U..p..-..[.....\..L...'2g.....H.j.).n.Q.......].g.[......d..u[..N......U.G=D..O....l.[/-9.<5.M..-R....>..Z._Y....:|.ueoH..S..".z2.E..K..-T.w./...............5..(...s I...$.96.R.=.L(v.d...b.t.A....|D..Ie.. .u}....*..gJ.7Y.[w.u[..>....?................i...buA7.<`9..sQ.m...T(~.?..G... ^og)..y.x!...<.'...B^....{.pnO.m....}...XN.t..M.49@....*.&..i.4#.h...~].........cn.K.k]....f.e^<..'H...n&...#...q....X/Z.\.(.J.............k..hOk)=....V#...pi...t....{<a...7L..7.:?...Q....l.|'.........f.....Lc|1x.w...5I.y......7...E.C./.-.9V..xI$fXp..R..|........Y]K.3..7../W....j..8....{...z~66.....S.Uz..j..c..O bA.......L...`:..-......^s.9.....*.V+q.m...d....d~FO.....-.@.;~...:.'..~%2.f+.w.K|........x.y....9..j...N.sP.4i..IJ.j_...E..."....c...Z..4..~..-y....d.Wu.*.(.....;..W.........l..F....T.b.:P.).z.9...tQ..../[....w...}T_.~.`..rvv.2.Q."...V.xW..1..W..~...P..$.}.Q..,.*..^..i..j....-I...n.6H...6Z..

          C:\Users\user\Local Settings\Temp\prep_Form_JSI_API_not_a_real_file_V8_perf.cache.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5B41E746D0886B83F454301F3D68193D
          SHA1:CAA33E28C3A97B3EF7BCE38109135B6E07094849
          SHA-256:9950B8A6A254D212B6B2637517694B925460AADB6A967CA975EDD2AAED05A031
          SHA-512:A82BAE7893DABFE6AAED749CB6D5D776C1C34D3B0057D85A5EE631C8CDF64B2234C73DFDD41D85C8B6984A0B9C82F92B9D1AD19DD29E6DF813FB6A44BB5F25B0
          Malicious:false
          Reputation:unknown
          Preview:RNWPR..V3AW.C.]2T...|..!..vC.....'.s..[..........1..a..)RA,=6.....7.d.r....b.2.|..Cs...yW.v.R....6gGh..eX.<...E@_H14.r.U8....=..|............i^...K.<D.._...j.*.....N.O..zz.}..*... ~....O..9.y.Z....xux.=.7.M<.9.i..[12F..,.....td..-4.n.T|.-....a/.....5......<9B.>z..p..U%.X.^..'..!>......H..l.E......J....&.....u.:a..2.$..r..Kf..;.f`.9..!'8;...'..i.M...u;_.!..M..\...`.....bRm....YwT.^".....T....4..."...-...*.O..%.........r..m.;.M!....9..I.\T....T..U...N..*.^.....=..QZ$Ph.A.{.....p1......g;...F.0..H.!...3.cA...u.W.....*3..b..[..E.d.@Wf.......w.^..z.B_...Xuf._.6.C.....c2...W^p...v..I<m.u...v...M..F..w-T.%..s.5q..lez<..nr.Ey.IsK.k-.e.w.n..Wx....G\.F....Q.Q..=.r.....v_....4.;R..Y<N.......l./.EzS......CwpA7.t... %.4;Q..mN..YE........fL.......X]fM....c.;....]+.1..#..&...~"0H .'v| K.....[.y....9.~.'...k...w8.h...L7N.......#f..m.B.1.."lg.z.....-.....I3F.p<b.u5..7...$$..h6..|&...A..........Kc....z..Q.v.F.9pbW1L8qQshua0c0KnGl87DEySlTicffx

          C:\Users\user\Local Settings\Temp\prep_foundation_win32_bundle_V8_perf.cache.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:69DAA49CABE07A654AB2E128FB817FA2
          SHA1:217FD8A8D43050A470C30A5864FE1DC29592724B
          SHA-256:60FD21277DF171FAA1628CE7296AFFC404AED05DAB813A612907183045D531E4
          SHA-512:E6F3A61A1F875B353BB23ABE80BD09297269608371AFEC3A2B7AC2F43DC64EB67B1E5E6FDC2F0E8C24EB916ADB2A05B9205AD7590DEA6D8A9E11FF6C02EBC14B
          Malicious:false
          Reputation:unknown
          Preview:RNWPR._.._.Ir.........8Y.!7..t.....e`K.@.N:}.W....qQ...xuvS..g..U.8@..%...o9.us...... .U3z.NK.1(.%.....fZa..<~..'.Q....?5.rg..p..<k..l..O{.,_..1.T.T.......@....?`.8}.*S:....U.P!.3qE....A.|..7.GD..?.1...Y.0.LR.........x...2.^.8...;s+O.=I..R.zLP..p....F...4%.........c|.s..B...e5.......<7...f..B..+.K...v.C.M.%..M.#...q...we..p...k..?S....$H[>].i.. ..g...6'2..!Hv,.A... ..f0O`.L21...)NW....n....U....M6s.n.0!m...../.....C...%E.G.*I.-/.[q../...H.V.....6`f.......jq........vXd-...:.bd...2N.....=b ..@...p.rv4.1+`..=......)TI.2...P..iJ.k.@o.o..}M...?..<E.<8....5.1.Y.O..X.U14o..Y...v..b....|9Y[..V. vmI.....'.x.g...g..+A..F>T{.....6.1.Hq.z..m\....\..i.#.Ao+.9.![7.L.....%2W.U>er/....v^..D.R._X.5.|.V_v'........].!...FP...X...~bW....9....f.a~..\....>..}.c..ACu..8...2)......H_q+1.`S.>.xW.UI.^...X..@.G...2.G.....!z4....vf.H..3.{q.0...}.V..ng~..T.l.z.&6o...W..H.-.\WgU..e..|.i.......Vma.D.Y..C.I.PDg....}.W$x./g.....WT...6t.^.&.Y.wHjSsI.G...Y_..T..V..,'bl.'?z..Y.6..D...v

          C:\Users\user\Local Settings\Temp\prep_privacy-sdx_win32_bundle_js_V8_perf.cache.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:96E1C151ECF5A84FABF9390CFB400D6A
          SHA1:A070B017EC97BB584A02F7B9FF8749CB4BAC2EE7
          SHA-256:2A368E138BAC0464943433EFDEF47EDC35400E2B25B594CF4B855DBE8ED9FCC4
          SHA-512:BEE9AF001FBE9D68215469A761F12DD1E9969EECBE09E6C43AA41452974FCAC5326D8492BA6954B7847447ED70DF9A42381E9C75530CE89084DEAFFBFE6E8C38
          Malicious:false
          Reputation:unknown
          Preview:RNWPRA..w......L....."..4...8.._?x..+...7K.>..v)Whc.....5.....[.z...(9[V\I..?.C}X.[.+..u..'_.".j.X........q.-..//.#.O.B^E......>n,.=.l...UPA:.XI"..3..e.l.b..?*0p.t.....v./..$b..../...._.NFl...g..M..%e...X.O...)..B.Z..h...(.........a......8.9...1wa...,...e..*.5...?*.B-..K.i....vs;..8.Z.a....F...E4.lU*a..6...#...?z.....$.P|.J....U.oS".~.[.9Q....H==.N..;Q&.....3.O3.....5X...E3..E.H....e}...c..}dP[FK...g:".3S..FS..n!....S@~.x9@:.H..Kh8t.`.)..L.!..)z..2"B..h...5....iR.M..`.2]...`.0:..I..m-[R..z.gU......84..c.[..'...._.H.\.6+.R$m9....A".w.......e..?]b<N...n.ji..{.........g........;....R../yt.....r)0.#......iKDQ.....}.<.......RU.....O[...^.....=.2?.2.../..`.<q.o.4.A.5.O....Q..!......8K..nE.r..x.a6..++...R.)#_..%4}...E.DA@.d... ..J....~.../..j...^.@:..B.......wZ..B.t.....}A.e..;...j.......a...l...f*...8......tZ.K..O<4......p.....~Co..o...hEX........9H..Z.d........G...T.....A...8g....1y....-i..-x.....E...%.......$.l..XE3..0..p.ychO

          C:\Users\user\Local Settings\Temp\prep_ui_win32_bundle_V8_perf.cache.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4B77D9BCD70CA34531A51A32AFFA48E7
          SHA1:C07B9091BFB2743D66A123C336A754E33F2E32C1
          SHA-256:E799F896201F914524E608DA4907D4E1B646D4576595FA2BA67ABC74F5B11C1F
          SHA-512:9CCDE731B5935462D3573720F4AC308D784D3843292233968EFDEB1DA75A60432029316E4ECB0FCFEFDBA4ECDEED3664FC7FB549CE57192B622BC44C60068053
          Malicious:false
          Reputation:unknown
          Preview:RNWPR.E7.(.k ....y..`.9.?X|..:.......+.w.z.=.X......"I.....U=j...1.1...1...U.H.X...dldtFz.F.k..]..o .tl......u2.o...^.(.N..wr..I.0..........I..bj~..$Az.r....^....5E......F%.Ax.A.....................Q.C..$.C*$K......'...Iq._2....;...f.K......|.....J.>%QRR}.....z!.a..y....).a...'ch..z....k.J6......2.B#CnD...{....*L5F.S.z6...Q.......N6..%B...F...D...n.L.V.i.9.:.D...?O.N.sV.x......+..xTS..F..3>Y..)..Z.n......E.,.}rz.W.....~^.a..h.............F...fF...........M.\.......W3O.u..Ul..V}/.*.bGK..z../,...d...$>m.K...:g..u.{w.F......bG.#.-1B..5.'.W...x....z..s@...1.Z .b..C.#.x,..&z.eabssdRR....4......P......0..J...'=..U.Xhe....r.=.....<dDD.Z]..[.Z(y..0.&..M.u..m.....p...).>d.......:S.x.^.....8e.Z....z'J2_V..(....Q/.%UT...P....?D..d.].la.7uV...t..Q...T.f...h...S..^......kgBa..,...5U...u....w.&.H......ho>...U.'.5. #<B.C..r.L.&vu-..<3.B....,...!.R.N....o..G...9....*u`.3.P...'v.e....S.......l'n...W...H~..c.F..X..&.6R..t.......\......E...9OI...h.....n6...

          C:\Users\user\Local Settings\Temp\scoped_dir4744_1680836309\6a6ff159-acb6-40e9-8fcd-b065f92748b1.tmp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Google Chrome extension, version 2118910211
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:711C701925FAF97C2ECACE2E15F3D9F1
          SHA1:A7F68657ACF04069C8661D9959642BE411B981CE
          SHA-256:ABC6AB86BDFCF204AC345446332DBAB6EC697FB61460A00EBF9DA52DD0ADB7BA
          SHA-512:313BE79D20BCFDCE786666E071DF8E17E4EE9E567286924F93606A1025F8AFDBA6A1AD5A398AB342985BACB666FB8BC35607481981529143875F0A9E44B7C095
          Malicious:false
          Reputation:unknown
          Preview:Cr24..L~1Kem.....@SvB...Q.....{.B..>..,....;......?.m..A..[..0Z.......".5..#:........L..v1.j...$...?sgCf...%Q.....u..@q.........T1..IV...........wl|..(..n.M.../,F.L,11..S......q.....~.:.`V....J..z.8..........+S/..x...].[^...w.o...Ey...{ +9..+.3......sE.[QR<...@...J.)....@D:..;|Gz7...P...o...;y..Ry.._./~R.......q.v.I...D...&.."...<g...Q.R..._.c........./:X.>..2iz_.5.....>3........-....r......Y..tV.....Y.9..`.../e.DA3.f.?.....j..m.J.I.]...${3+..L.G]..N..M...X.9.b...=.?.P.J."..\i&...LV.P...P..T....J.Ctte..k.IB-...8...I...}.C...jl...2.<=..P....GV..8.2k..e..x..{.../.N....|i ..48..$5..\vAvy..I..).....a.\...Z.*....-..`..i..|.J....o..B.}....|....h...g.y.l.c.&ODzk}G.V...g;v....l>...l.3..C..6g..H..c....5DCC...Bu.[ ..~g...B......E9.2Y.YI..c)..._..51.h2..x$....q.K.JjW..Z..._z....1.n.`.....[..H...^.TW:..m....{.....=...K..r".%......2k...........m_......9..F/.t-.Xn.Wt#U..Z.a.z.]...j?.i.U.q"..n...].....}."zb.k..5.q.lFG.[*5..v.;..6.

          C:\Users\user\Local Settings\Temp\scoped_dir4744_1680836309\CRX_INSTALL\manifest.json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3F580893A93A94344C966B7F200AA402
          SHA1:8ABB6733C04A96DBEA2A2E96485BE7C3F0ED65C7
          SHA-256:B836EC0BFC0A822B0929C8F8E52BD2582D829E7E94EFA8FF85179E9642C96CF5
          SHA-512:C36FB0D801DCE17A8968EACD1D0F9BC0EE7F95C943BEE5B7AD6472E2F7E85BB46157F91E4D7B220C1ACB1850734F3BBF1A6C050A26B5E7E6C688DF5EC6A72ADB
          Malicious:false
          Reputation:unknown
          Preview:{."up$!...U..f&1.....D....`...E.$*{56Xe.@.9.{...8..~..j.F`o._g..`.+u...XyG.se(.)3._.....'q..{.....N`]..=........N..,..TR..drR.[!.f.@..d.Q..G.ZF.I`.(8MC.'%nF..</.....O.d.,....`.......$".>..>.........%o..%......l.....Y.Z.0.Go..{ecu/.jTv@>69..v,....V.Pv...<W.&.z....d..YQf..I.x4.9NDE.7..Q .....{~..W....6.wV..<. g.au7..=.GY*B.N..A..Y.6G/...#..n.../..f....6`...A..b.....R5#M(.....UYmx..8....1R.Z...p......C/. .........YQ.S....iv.=..G....5.H.K..Ox..g.G[b..CpL'.M...@pk...705@Jcy.Qw..pO4...x.i..q!.bF....C...%QuO!.[..Q..\.$>.=...X..o..W.....).......]y...O.n...K..<.q.Q.5....).v..`..&...q.M.4^Ig........Kb...0..R._..A......Jj.,...H..t._.....0x..x..I..v..2H.G...s..t.c.K>..... ....O.t?FQgx..n......U.F..^E...b.....|........)...._..7b.}@...7.tj..{y..o..[.8....3DPk'.`.._N...nT#v..#....k.2.$..@./I.'.cCs-...-'....z.:.}.rx.6..LZ.;...sf.}".].KcB.Dl....*../..uG..j.u.m..\..n..8nLt..G4...(..<......Y. ..B.L.B5.......T.W....c.0..~.....o..=2..._. 9...I.r.

          C:\Users\user\Local Settings\Temp\scoped_dir5144_986825897\CRX_INSTALL\manifest.json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:C0831E13E3850E04B9B10A93CBF1FD47
          SHA1:358551391F3E4719C8B1E6A4B69E208C86DAB58B
          SHA-256:03C9C369690F66C12E0B253C77A358E4246A579E27AA4037938679D8D98E63CC
          SHA-512:11012C9885FE8024772623CB97E344C9E43C79E2B0C5F893A831D121E7BD7A9164995FF387521A18433F27A874D1FA05827C94FF6FB1B7C658577802A1C9F6DB
          Malicious:false
          Reputation:unknown
          Preview:{."upF^...Y...e]...j.w...C..T....a..3^......7mK...E..@......W.0AY.UM...aI.z&a.U8]/.v.E......`dkUA....].......X....^..H....!.5.-..4I...^f...3...~+...{...P/B......30...C..Y.....T.6.l..m...z.T..z..m...dd$..hw..."K.....a..y-A.)I.Y...$.........c.m...y.C.o...O.k..8....08..q.c.+........._.\.7-v+l8.=b.-Vf...[..."b......B1..'..(#W..V..8.....2.``2.. ..|a....%.0S6j..~..L.W}...?.-B ..... ksB..pd.3`Tk.c.....S.5!.....=...?P.K....d...t*.tV...(L....~..).........#.,.M..x:s...V)>.,.K......S.zN4..>.c...d..u;+.G.!.=..!..I..vS..:....g.H..sYa....![.y.5...Q.k.1.#ra...F......3.1..s...-fD.s....74.<.CM0.49....g..s...D._.......Z....;..\O.L72...HQ..4..?}.~v3s.;\.V..(.q[..wm.....A..Y..oy....nn.8....".^.....PY.....`kW1.e...B=...E;kG~&.I..ME5].".ms..;....\Y,......p....<j..[{..'....(...R..Y...:w.D.....-..<....Lo..d.p...s...=.E+"3.J."..37a.....R.@..Q.)).W..kL.n............>%T...w...b.Hz......D)T.=........P..+....7t8.vo.....}...r.[.+j...:.yP+$,....kMwY.......0...HX\

          C:\Users\user\Local Settings\Temp\scoped_dir5144_986825897\f4c0ae20-77d7-4756-be71-10b79d362b85.tmp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:Google Chrome extension, version 85068035
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B5AC09285F24CD766AD1AEEBFE492389
          SHA1:53025A52AF8B0BD269E5EF2207D1B7CE270AB895
          SHA-256:FA691F7EBBB205C1CCFFF7C56E9F867EB8DF25B428347E0463464B955C7676AE
          SHA-512:5BEA5806EFB2DF2AE196C1B5A2E5878299254E75475EBD41EF602AF485E13575C31829C2F73AD56C69B3B4351401B4D926EDF3ED6F93B2FF297349CAE60BC4E3
          Malicious:false
          Reputation:unknown
          Preview:Cr24......Wf/5].4..).S.....B....u.5.|...;...MP.k.C)g.W....cn......N.........e......j.A.3..i03!.._..Q...l.._JQD"j.....1.5Kx.d.B...A..X.....n.l.....(..0.K5...G...J...2..d.Z.Uq...4..o...o.g..\...v.W.r}o.~ec.$..e8...L.]$.f.Op.&.@.9_z5..1..Z.?.!Us.m....act.A......}R.%..#.ByN..g.......LE.......O. .....B.Nk...|.!...fq....i..z.X.K>..4../D..e....c.....+s....'...s...../H....u.%...!.Obj..fa.......;.v.p..l......~..O...A.3uRi.....<^7.....3.......[..d|.ka..STrq...u<}..WJ|..j6&....-g.$.....E>...k.3..2...Z....U..N..}.[=.z.O..9.o9Pg{OL....i*.'_?.Lo%7....~D...).q*....".Hm.....Q.A....rM.M"Z ....~R].....X..o..y..........c...l.NMvtg..s.....{..K.W%...._j#..ff>...'....;..X.$c9...F%.......".L.......Y.zf..{....}..../f..6..:.c...m...9.......aMS1.4..y.'l.m*zzT.So.P..}......o.....j.C.T.W.$>........!...oj...f...........g.H...G.Y./aI./\..X.L...I.....lm.........*.i*.H.\..V.#..!>.0L..T...........nrR...m..2.....I.8..N.pZ..c....|..}....q.le...%.k.M.F.1.}..../u..B.OZ=?.

          C:\Users\user\Local Settings\Temp\tmp3AF1.tmp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS-DOS executable
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B3806AEB060AC5015711F736016ADBA9
          SHA1:9317EB6C7D3563CDDE5DC9CB245E98E6C3EBA03C
          SHA-256:49EFCF508E57D15D7D8D925B5F53F9456A2D8243CA8D423EB8D9489C80C24223
          SHA-512:B26F255CE90588CFF724532705CEB388278EF75D21E3966AF0A311212707540239A512237F584DFD5BA10BD7DA6CDC83E878645291D7706F7347510BC181E365
          Malicious:true
          Reputation:unknown
          Preview:MZ......._..F3?.p= ....6.{...[2.X,1..3.. ........wfM.......w.e<.....odR..9.!.c...........Qz...O@z).p...YW./r}.[.R..o8<...#...Y.K..[...#..o.;....D.....w..c~....Og.S..$....d}.;.4.."...`~.4..e..I.....}.]...<.Y...k..;...<v b....o....g......n,..5.Gs_J......~!.G...x.ELJ.Tsa...j.aO....P.U.V..Ep...|.T..^$#.......l.R..%.=.z.+....Q..(.M..f.9..&.3e...Fk..Dd_.T?...:...*...#v[..4[....F...K..R?.`..%..=..j(.-.1...X..3K._+.bN.z.c......Ps6`.B.(...!..E.U..B....^...gL.."..n...."*2.R.F..!.[.W}.).....w.l......H.t.2.Q.R...*.1..:_.T....!...MG..Yw^..m.....1..R....g...tZ....H....*$....}....`u............mq `{.'......u.+...(B. .^.........b....,PY..z..yC.e>........<27#...)..6i..;^.p..O..7d.L......nc...:...^l.w....D.*I,..+.A....s.\;@...QR...*..qAz..u5..to..].f.m.............83#..B....B.*.EG.n.U.[....^...b...V...K.[C.1^..~L.....y.O..X...7...j ......7..nJ.~....V.kk'k&..P,|@.iC..(.o.[.g.O.....C.S..b.Y..v| .(...,.#...u..:.>.e....!.;..$..d...]..e8......0w[.2-#....(?.}.'mv.....

          C:\Users\user\Local Settings\Temp\user.bmp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:25BC0745FAE5FC45E27C49F5E646C313
          SHA1:566224D0E31F420DC4ACD669213B16664A0540CC
          SHA-256:E19F5714A9D4739752B091D9484DA50F3B793204CF5C2DC874189E3726C0443E
          SHA-512:E6E3C1C5068B7A443F49EB288E7C74D9757F1B86E114DD58308A2075A0E0F36785D3417F7B1EA5CD4A6DF9D3BE060C59D4DC68BBE3B7EFB9646640FADCC06D47
          Malicious:false
          Reputation:unknown
          Preview:BM80....&C.&..#....},R.2o..m...E.Z....v.p/..0...++...Mj...jVl{F.&t`\.Q.......*k.f....v.]I...n=...t.C.T.B...dI..g.1#.=.o7.h...0H|./....tW~3...C.Q.<..!C..........7s...t$I8at...g.v..<NPNy.w1..HK...he....8(....v.~(.kH@.....Wp...Tz./..{|..m...,%?.u@....b..o.....:...cO+.........6..ZN..Zv..3.{H}.u .F...u.w.....QF...@...~..}<............=.2..Nu.F..3.f....L.......s....7.R6......{....z..."T>&M|C3....X..J2.0..y _.SX.M....7....u.N..j...((.....N.xvGw:k[.a./.I.V.ZSU...TW.N[.I4....."....Z<..n5.}.h..h........s.ei.4..i..-...._.1..\........0..}[L..1Z...MN.i...a......./..0...px.#PKo...SM}.WO..C..S(>Z`.^HbC.].....p.|.....V.x(.h...,...u..J{Ge.+...R6z.meR.S.%..u.....g..X.\..(.0....!1..=..}..o... .t0a.....&..;.,1f.Wu.P....^..T.....h........V+."...q.?O=..H..tx..#.^...!v...W0....8..U.. .4..O.E..=\...VF.....7....[.=..X!F)..#.............:..1.....!...5$.'..2..........?Jg.<.c_f..v.XV"9>...."..-'+W..]JA.7........Y..{/..oJ...r.f'..R.3Y...R......dmq.4.,...%0.[.N...Y

          C:\Users\user\Local Settings\Temp\wct4019.tmp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:A32F668C4E2AEC21AECBDABEA6C36751
          SHA1:9EAC2FC825AE1777C0F6B6F25B0C90DF4A8CAF63
          SHA-256:281F8B0E255116137549024B17DC0F43C3F8CBC240BCDF9A124FFAFF679CBE91
          SHA-512:412B99A3844A1DFAACCF30DD40AFF3A09D0519D3D92F2DCE66D14B61327F4B6AF1EB15F82361E13DA45584F7E3D152190753C4CA00A13BB448C4CD0C74A7012F
          Malicious:false
          Reputation:unknown
          Preview:{"ram.`.!..Kk.5.[.h*...D..`.~<.OD9.s..u?d.u..I...!.,.e.a2..i...+..,..A...Hf....Vm...1..3.9.....Q.Fk...S....D.....#..'l.v.........]>13Vme9?;...7r).u..>..t.`K..X..ee/.6..d...b~..;Y.O..p$,.GE.@]....lA..`......I........`.X...`D.cp...X...1.g.J.....7.k.M.>...[o..V..u..-7g,.>... `..A..~.o2..9]..9....`...F.<.u......mL*..2r..3.Ol.Z....E.T...qgZ....O`....l..... ..I..m[..f....>.Ry.......@....(...X..._....N.M.C\..2..:......1l...+U......"n..>/...D.a..H..^..+x......g...b............3Q...>..@o.B.....kJ._....m..'..4.}r43y1..w.&.CU..@...al.0.0I.6...J..G...E.A!.....h....~...<=.V.~...73L.ai.....[...HO$0.`..D..C*#g.....g.H....../...b......B.%..;...H{}.F.7z....A.[e7..T..........D.=.<.).......XR(...+..l.H*..2>@8..D.!..(..U..4...t.Y.O..o.}..p......:....U,!0j\..3.....S.B)2.4[.>...@...2..s....4U.R....m.}....g.[.x..}n.MGnT.k.<=......#`?.U...........u.k..2~on.....""_o.GO.l....\/.t.Q.ParC`...(.Ua.h......Z<. Qm..@...@...........b'...3.>:.=.....yv...P.g_>.7p..

          C:\Users\user\Local Settings\Temp\wct4C6A.tmp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2317170C4CE7E4C7CF4366CDDEF040B5
          SHA1:26E809C6275DDC6895DD7DA1F38900ABE9AB2FC1
          SHA-256:89A3E5559D789B0638A0C294356251E78CF1DF32D691C9A1CC4B837F069347DF
          SHA-512:3E20234BC91752377C59C5ED0782C845ADC061380FE903A9D726054A31354C9E2E664E19306631321F67C6D5A8E813DF6465A1CC6C1B447E381F906D76CF8CFF
          Malicious:false
          Reputation:unknown
          Preview:{"ram.M.,D:..1.....h]O....~.-.@a....K.....,.'.'#....E.......G.J..V. ......f%P..;.j.O.h.*..:./..v..|.Hj.Y.$.d.K.^...I..!.@%=.j.s.......z./:p...{3a.}.4...+.2f..T.O..Y.4..A|..V....9......*./_.+.3].....$..r$L.......H....(.y.a.%.....z@!..3A.,d..s6.#i...4I.H...#=.R.C.....M..#....s.%.G.>I....G.q...h...."...*..`..8...Q.xH...5.G.r.d..5..t./tD....y..>....\.....)...0;.=n..f.x.h,.+..E...z.m&..#.."~.H1.`y....3.8..}...z...).......:&i........7.h.h.n.Y.y........T>..b..V...1/Z.H....4.....}..t.R..%.]5"A.9.=&.<.ax..F...2.......J...F.#.&......-....(...s(Es.Ba.;..."jF..k..(xSmw.t...W....a.;.~..A.O./~.dQ..Y.=......<A...=.1d.....VP.......>.=.F..uS...2H...&.]E'1..U.R.I....<4..Z.$`...'....H..{..}.Fg.&...&..u,....8..c\....'`.....&Y....."..1..JX.....Ox.4/.).....X....P.@..l-.E.........t.c.@.G....A..y....A.%....0...O....`..\.!.-...\B...../.#.g.w.&..|..Vjt.......rT..............Tdid..4.......M....TK....]./.:........QrU...1.[.P.(_-...|.........K...8.P........9H@.3.a...hL

          C:\Users\user\Local Settings\Temp\wctC2B0.tmp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5E3786D389390EAE2C513029D5020FBD
          SHA1:B6E46EEB75E1C09ED7CAF8A9C24EE70E0DDE2C98
          SHA-256:1E2319417B6C107C4D9E22823D44996DE6A934F54AC62B36464C8D11271912F5
          SHA-512:ED808ECA7214ADF52011A0F968945C4EDF60BF3590E8BA72FB8841074732E0CC2459F173E907737AD541F24E1E4B1614A2B2257EA9786BCB52A86AF7588BD7EF
          Malicious:false
          Reputation:unknown
          Preview:{"ram.}8*....]Pu....3&.C..g.....}yS8c6.e..F..[..A._..:X.e[.~...:x.T..SrC7FxW....=.q...p....J.u.@......D.2GR...A..~...N.h$......X.-....}T,.......K...v.U....g.k... G\.Y.Zq..z.+f...8%#..f..."..X8.....=...........).t4..k..\~o..$.z..L..y.q.....e......&.4$..ZD&.{.%..m....|......v.(Wt\..J.......5Q..J.#U.........2...9e.5.B...8..wF.&.Yfi`.5....N..H..@.RB..lciu.[...JF,....V>...+!...R..g.h{$....R9...<.#@....7DuT2..pm<.7...Ap....7..H.`.6Y.#G.Q..........8n".l...?.}.S.0.Q-........G.O..ZU...@.....%......GJ .........M.R..~..<..f....g.+.....c(a..r.v.`.NH..1.%.......qU.|......\.)y...Qx.....<..(v...5........w.G.Q(..#s...w.3t../.....S..nV.."|...-..7>...4R:/.....6.....|z.%*L..."....].<.....B2..+?..@.t...U."....y_h...F..O.;...Om6.|..3[:.....X....6._T...K.68.X.s.W.nU...W....a..(....p.%..QasEs.....d...J.../z......}...w..-.?+.`9..=(.r.8u..ka......t....$;.L...]hZ!.l=..v..B..&........Apj:....qt.V..3.K.....x.........K..ea{..D...|....m........r.....

          C:\Users\user\Local Settings\Temp\wctD44F.tmp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:MS-DOS executable, MZ for MS-DOS
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:93A8985390DE056E9CEC062E58A736A0
          SHA1:0E558026DD453D111A6D9A065BCEE3D4BCBE2E96
          SHA-256:71191854FE47AD15067E39147783614CA7F359CE073FBD76D40C8526520D20DC
          SHA-512:46F7E35588C540CA4960DB56FF57270F37B96A99EC3B4BB46627FDC6C9C12558E0C9877AEDAC7B690172533AF58FD2EABD97690EF729DBB0E827A88B56715B04
          Malicious:true
          Reputation:unknown
          Preview:MZ....{....Y...%..[....hu....P....#1pD..4..~.W....W......@V.a..A.T..r.....F..+.ym.+.j.|......F..L..+..W....Pv..{X...%:..u.xs... _...X..\.....ds.)$W.)...e./u...5.6....R.]p..;.....`a.....y.....D...@.b.6...G.. ..#].R2...'j.(.Q.I...b.F..;.`.u..8...O.x......dUh....].t.!....... .p....2.....;....$..I.l3...*(..>...w.9...h(V...Q..._......WC.M..%....13......c^.....b.<.U.7....<..m.!..X..7....&.....;VE+d....lOxn.... z..F=..1"..C..$.+...vu4.>......K.......<v.....P.jp..ONQ.Z.j.V}.j..g.....X{.f.B.v.$.z.y.!.t........wV..I/..{.N.uz..'.nP....0.uR=..;..n..-.i ^C.uM^.G.e......2........w.-...L.&g...,..\n.T.....'.......6X.|_.gR.T....OU.Hz...k...A(..&.S.`:.RZ.T[<g...rxb.C!..@.+.".....KW..........ze.I......v....u.hns.|L...U.D..Ay.P.&|.....P..k.....4p.W{.a.7..e[.WIK8..&....%... ....L..MA..7....o).a....H.!.....E.......k..AN+H....l.:F...<.\4wm.... K{....e.^q.Ep..yjN.:..V..K........M. d.....&)....?..@.#...4%........v....:.b..B.8.o...j..j8.;..}.LaY.Q....N+q.,_5..

          C:\Users\user\Local Settings\Temp\wctFFCB.tmp.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:CE71A4A0EBBAA243B9CF468279344892
          SHA1:A041AE69DBE13E05F7149C6235BAE6351B66C89F
          SHA-256:AFD545CE4DC1D2E0FA15C2C47508036B50B6874A3AB49DFC7F5286699F471A95
          SHA-512:5614AF917C634D330CED130457F0E0633AE5B792E7B968F4AA3D37ED26B6CF34D1C52F0A75022D8D896EBFA8AF7D5658AF68503D222038A1AA11A1BED5C5C2F1
          Malicious:false
          Reputation:unknown
          Preview:{"ram...|K..TE.......O..H5.}.'.!.)..C..):...f.'l|..n...@......G..".J.@[;.7....7.Du'.*a..px....coM....Z...RM.G.|..g:..q....~......n..._qY...5,.4....||.9{....%...x...u..5.v.Q......w..6........&....-.]sLs.%...$..G.3.....Vm.!.].H...%.0...}.m...^3.X.*9.kaB.A.....,_*`....[....F....n.\.cXr.Kkt...n.j.t?....BCick.....!<d..p.....2i.NT..H\..).T10.S....0.~..`...-......UHz...=..v2;..Ai..Y=i.%W......e...QZP.....w._.,V.. {...S.?.Y}.gW........@E....6......|......T.r........,......(R)gn..l.....s..<r..Y.|.L4j.B.DlH..9_].q.....6...(.(7..h...)...Qu....L.C}..n.d..|...W......$.{....}....{K..a@.X#c.r...$..%k....p...z...dR|.......U;....b...@:...."..&....m.0..IfL--.05...S..a.+3..|..n.@.....#.e.e.........5..3.s.%.'.f.JnZ.,.5.......5.5.N!....oL...F%Nz..un..".W.y...+..<...FS.[..E*r..wO..r]..F.Yn.+W...V.gLT~..%&>.......s..>.....<r3I.,N.J.[P..."....R:..m...Kc.\.l....U.Xr@..o.y..+.$..'=s.)./..*.-.....U........\\f.w.../........{..}..,./L.po1...".Q....1.....1....:...

          C:\Users\user\Local Settings\Temp\wmsetup.log.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FBD2676D218A453CFD000E9341C919EE
          SHA1:D455F12F2DA957E2F6C84C080C5BD5AA81AB461F
          SHA-256:7672632E43DA6CB3207AB24F90CC0CDF90E7614F84BB73BD747CAAC8F7674C98
          SHA-512:45B79C97177959336FE568091D1E9D20A80F4432762099799F7E49EB0D64A4ABE2B88E8D024FA9EA7E6E450B166880BECEA317B83B4665B12587500EE912E75F
          Malicious:false
          Reputation:unknown
          Preview:..[*W..w......=...*z2.i?x._J..n..cV...Z.`NG..L.u.....N.~.c.=v....Q....2.[.*bs^.X1...s...ni...csY...9N....i.r.T%..>.05{.....'.1..w.E~......9._-..LP......a.%..Jkg.-..M...>..Q#u!%.....W&#m0..$.......".....`.'a+^.N=.....)%A...'.O..G...3.~\.%b?._NE...pkhF.V.7..u..wje.zL"........E.&.=g....?.......hzK.....{.7.*..f.S....D.2`xB[O..t[fT.1...f...&.'.#....O..N...*..(Cj.XN.U..a... ..`.......w.P)....k.S.%3.|..<..y..X..4...MS7.p..J..r......%..|.iS.w..NqT.e...q..T.........|.....Y..c.l.t6..>.D_.T.d.F....{..BQ..K.S.....Y....W{..[&F9.......S+..j..QSV..I.39sJ.VRG.kf.:...]..Z..k.......>D..|&..[ .Za..>...6...fT...M.rF......#...f..5.E.^..z..,..*.){.z.....4H.waAz.|F..9..:k4!.w.f...o.8..G.N?......5/.....vW.*..K.U......7...~....9m.../....i...........Z..._D!..+;.._...........z.[..eb...;......R.G.L.b."6.|...&...W.g.KR..R.e...9x...0..`.....a.o..g..t.T..M..w...S...0V...V..+..Arb{..l@{NF.p..g.h....7.=.....9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698

          C:\Users\user\Local Settings\Temp\~DF8D0ADE21C2405713.TMP.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7665E022B57B94951B43A0F8B1E0AC4A
          SHA1:E56A2AD2EC520C3E39ED3D95C1F66D7F7E49ED88
          SHA-256:20887FE6E342A44FC0DA77A344982488BD420A6A083D610B7D36BA5BBB1C128D
          SHA-512:DDB7E8C2163050E961D802CB63C950A2322FF42237D7D2DF19DD68BC4AFB33AFE0363EA049EED224DC2116074DAAB960355EF7EC13FDFA2B2D4479DE4E02A41B
          Malicious:false
          Reputation:unknown
          Preview:....f...V0y..RN.,$...z....P..f.[.y.D.K...v...RV..X..;..P.....C..&..nK.....}0.N...^....{...$...{..iki-.l[.=..c. o....Q(.B.....%. 9.RzH..P......R..C:......W..iA.+,.._...l\b.)_.GEPz...pm/..Q.[V...z.8..b.._.w..>K...7....w.9L.,bP.S..=...v...W.".....B.&!......".,~.[...{.....9.8...w...~|...&..J.y.e.....':.....5k............8..|*MA....O..t.$.;.......[*Zuf9.}.F....".m(U.k.a..7.V*.{=..a...................m.O..c...'RH....$D...&n.ZJb.[......>.7.D.6tX.....i.[.=....X[I.t@.. .a...6.I..Z.,`a.1..%s.6}V..."........g\....f.y.&Q...(.-..cX...aJm....(.x..t.4....%!*z.~....g..8t/.d.....I..^....].>........?.....@..._.k9..2j.ls..8.Gy..e~.{9i.-.^..`C....0.D...i..n..F.... .ag..}.......}.R.0%`*........9.p..."6.p.1._2+S..mh[.......=w.y.k:.D..c......bw7..1j>..m.Qd...u............-q.O`/......@%.g.....W.&.....vk.l)....T.rL'...........J....C..Zw..K...!m.\.E.>.....P...#.....&:..z>dz..T.?5c...F.b.B....l7..)_.@0].K...B.h.b-V7.1e.J......0.p..R;......="....+.>.1...[,F....c....

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\5IQBCSP1\19.043.0304[1].json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8E81295FF8D8C457FB173C0A3DDC6E46
          SHA1:9066297EBC95B02DE610C7D820F7B9BD278D5CFC
          SHA-256:DF03E63399B445F454F6742654C9F2B077DFC280CB16DB0D7A65376B408B6805
          SHA-512:0F89FA1BFD2F4ED42EA873399DC6AD6F666DCF9155C80ABC7B0EA81B2A56AAA1CBE0BE738839E6B63E4DEA7D8717F17E6FF81A930DDCB3354E472A444ADB34E9
          Malicious:false
          Reputation:unknown
          Preview:{"ECS.}..5=......V..jF+B..s0brw.'.G...AP'5..!..C....19Zd{N0..I......XP4.:..4...@YPN...&....KV.$U....<....wMl.....j....V......3.2..p'.J.a....#.VE.^..U......._...'..s\/9......,..)ra.K.GJ.9z.....@..p...g1.....Q.3...N..v...W.q.}.J...\...0....m.Y...#.R.H.e ...M;.'..p....g..C..{..[.-h}.5...s....r.GO)*...".a.a....~...j..}...%...W.M%#h..Ky...../....j..Q...hV..2.IM..S|.......C..v.C.....N...l..Q....X..u..r.<..9..o..4....D..)ogF0......5.....@=^N..B...S..4..j....GQ.bu.=..n..5.E...)=.-..${.(y<..u...@K"j.y..O.....A...|h.Q<...0N..;7..lq..-.r..{.M....K..0....+.......6.Cr\..B..5.@q...\..8...h.&.)...n..SLug?TL.q.........(...........b.....'.~...-+......>iDT.2...@.H.....".MM..I.'..N..m.0V.d.t..Q.....n_..#t9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\5IQBCSP1\Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2[1].css.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9C9DADD38A038D9C835EC975EFF3AEDF
          SHA1:4D6698C7A03BC0DB661FF6B99A4C47A5D727E47F
          SHA-256:29ED781BFB7F853D74DA8EA2BEDEE4BA29745FBD30DACD95BECC92379560E9A1
          SHA-512:41615FAA5E0EC844C0685E99FDE8D7BEE13587700F753D74F11E2F5FC1135774585A86FFA5B0B368E3532EEB3533E3DD3149FDEEB105CDCC3FA2DFE7CF6E04BF
          Malicious:false
          Reputation:unknown
          Preview:/*! C..D;...7..C!+Y...;..r:....[......E...0c!]...C.?AB.z...\.1J.!.t.Z..f..ko...g.n..S(7..-.1.J.CE....E.+ ..M...r.......m...4..Zz;. ....x9Az.o.....@y(.....\;`..0a.....6.......%=l-...u...|.!.+...$..F.......0R.0>K.)mP.....6.i..B..g.lY.|v.>&r...8+T6.....&...c.....U...7...h#jL...L.)..w.;t...G..rL,.d7..{............)t............z.p.JAr.n...2.C^....l8k....M.@vl...:f^&.......{..K......q.LjI.h.....*...Z.~.`X...^!...s....g!..N.X....p$V....2...3.^s.^..Ay.X...Y..k..!..z.K~X_.<].V.....%.,V..D.l...=...Y..t......F...... d.S....(.b3.l.f..(.q...9KQ./I....s.7.hS....#..W.#.(..cb.x.M..2.Z.(.;.Tc.\..e....y`4.m.Z%c?.^!.$....h..lW=..*Q.:......D.....3.[q.$.s....S......0O...(.K.g.pqh.s@.8...hJ9p..L..!.^..qeP.u)_LG.....vO...j..Y...:.....xZ.%.....x...&>.E)!.S.+d.!>.Hq~8.*..~.Z"...S.......[....I....aW...B....O9b...@!.B.20>0%.x...!OEr,P.!d....rs..K..._?._N".n.O..~.......;5..v....I...f..(FOr..z.......e.b3..s.k(.Q.&.Y.n5...~......|..pn....N}g..f.{..U.HH.e.waVz.K .u..]u\V.n

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\5IQBCSP1\PreSignInSettingsConfig[1].json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FA93BF693522F9BA6C6C73000F2324DC
          SHA1:9142CCD44840350ACE826DD09F4E7ED5BEC9E4A9
          SHA-256:B15F5266E78180B896A8F5332AA6DEF332728A1F740093050E2FE0E620AE36C5
          SHA-512:F884D9D54F0C92221E9C681EC5C605EF7FEE64CA3CAED9591EAAC2B19398B6B9F927893F3050BFF0D6A238DEC00B94F5F7E75B2985C70D4E6CBDC90DD48C3999
          Malicious:false
          Reputation:unknown
          Preview:{"ram.u'..1...C.,.#i.^9g.-qn...5.E+...1$.:<...l...'/..H4!.....1...4d].~[.uy...k...#2....X.Cx.9.k&...:....B.,.<..#.K..cb..e..+.{t.......k.@j... ..3.l....~-.9.z>q/J...XH..Z.}.........8.*5P.dw.Lg..f...C+.=...F..[@.>c.wZv..vl.=086.I......../...M.Y..X?..}...9..K....>..8.Tk..r..6..>.b.....ZZ..*9f.6UG..p...#iS....K!..}p..VzgnG...3.....vR..@....;.7s|...>..f....G...v.r.&<u.?..!...-X.j.......KC.].0.i;..e.6...#27.x.?.Tz<..7K...h.A~.+.K..{.g$*%.../...Z.V.-.Y.Bn....l.&.U[.........V..,|...j#.i.].....^_...H.^*...*&.@...}F8B....la..J.......A...5......f.si.-N.....6.....i.W....9..+~.$...:._........(...V.1.d^..7/.=.._..MfJ..K..F.Hx..~...e..R....._~.....K...[.H2..7.D..a.....3....|i.......<...3...f..l.........-./.....Y?]...}:..."...@....h_.....[...^..#.......c.[A.,bc?.CMc.:.....f.PVJ6..z.....Q._.w.UP&.r.y..).R..t.h0,.mB7.....N.9...vb.k..s..0.#....[,k.......{.#..n.d.....T.A.f.F...+.D.W...HqH.t%.0..._....;.ja l.<....Y]~k;........S...~..HQ...0..B@.h..(*......f

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\5IQBCSP1\Windows[1].json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9E3DAF5FF58DC68AE8C317C2D7FEB5CE
          SHA1:D7F9117292BD192B89F8E5A1EE8AD2AEA05DB80F
          SHA-256:AECD80C1F4B25F7B20B2F5E83F55CEC59A2559C04F6CAB484624CA7F43F0C5C5
          SHA-512:70F7E14A2C8280B1881CA099F12B32EF0FF4A432A3EAB59F314A5BCDADFE0D1C72EA1BA8E50B285D748276BF93FA81C894921D76D3741018A3C28C38E3F77C42
          Malicious:false
          Reputation:unknown
          Preview:{"ser.C.=....-...%.H..Y(..%]CV..N.l@..D...xT....O.u3)...4'....[..;..>............}.P..V.....e0.ngyj.....I1.:..#..-.........P+_._N...r/.6.....n/.2.zfdlR[Y.%..mx..l.}$....g.....!$.xs..K.6.....s.(....x.).<..[YJ..[6..2.'_.\<7.O..K......n.{....j'.l07..tP=...%\o........#.2..L=.....=..]g.S.&.*..../..)(&.R"...k.7s.i.+...N-..(..z.{.{..6.......4C...%/$.}..?\7..........0..hy79.$.!.H."f.:+..\.e..D....J}..x(..$j+.MIT..^.G`..oq,K...|P..J....*.....<....|.c.t...W9.4.....C.Q.c.p...........>`d..0...o....m.....^..0"?..............O.].....{f5.*.u.....[/>.@8..Bs\.\..Y..}...- g.iB....[g.B.R.Q.'._..GnXi...q....4(...A.~bh...........PN...X-......&e..a.C.H.K2.'....._...`t..h]c!.......q.d.d......r'B~.......H%.....H9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\5IQBCSP1\Windows[2].json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:019447BDB744717C631FCFF0D513C416
          SHA1:3C8FCCC2E22F9149E63C26ABA3A6D670B740C6F6
          SHA-256:3EC303F31A49E7F9B78A09D9D4C7082631F893612990F3C5F6A87481788F2327
          SHA-512:B1466185F835FB1591062D9707B45DDA5A1E6351AEEC8857555AE3631767474A120ABC26EAF55D9022F23965F651E75B3351098258D49437066C91F5FD7A484E
          Malicious:false
          Reputation:unknown
          Preview:{"ser....K.....W.h<L>.D.Rn.&.uo./Y....?...#5!.y.&0)..}..=d.....a.....J..n.......i..qk{..b..5...f!w8W.c...:ik8..R...O.epkr9{m-.K.mJ......@....`N..K..!.......9....e*....!. w. ...y.{.U..L.........q...}..X.@..l)...w..t.b..f.... ..)...#)`.T'........}v9..P.H.... ..(.`...d..{.<..G..Gz..m-.2d.x...i.J+. ......G.x.1........+T....k.....K..'kSz.e..7....^...]...U...wH.p._......Aa...gb....~e.m.s+.'.R..t.Z.......='......{w!.)...$.K.....bE.w...J.....=....SW2....."......o....L..j....;u.`....#i.........$.-.W......49G.S_.Qr...l.K..(..W.)tK.,......"..sd.,0J........0..7.h.DG...+x.+.b..a{......?..{@.K.ID.....z..,.R....$.D.. .E....\.B\F.a...K(c.......9..35I~H.R..Ut..+...R.k+~.a....."......>.|R..\...f...k%{...%.^..w...\$..~WY'....`.h.2.6..h>..lU...4.........%8.-b..{.$I....ie.B..9.K...1..R.:..............6.......L!.....`.J.t|[...]..,R.~.P..Y.B....7r.......9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\5IQBCSP1\settings-tipset[1].xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5FEC2C3303F1E154F1F9FBA095C6DDD6
          SHA1:FA8BA28508D3F5E1FE85EC05F9EEBD69C62AE8E9
          SHA-256:D7EA88815542BB584501294FC1764EA734788190088D992EAD33BD23D9470D5F
          SHA-512:17FBB47E8E678568A46C511FF273923A9A15AD5E0E3E4D56984DF548EF121D68FB0A7EA904692D8A1216AD7A216ECECDD3C4D8ACFEF49FA01460769E3EB72E58
          Malicious:false
          Reputation:unknown
          Preview:<tipS..lU...}...K..k..M.?.K.aU...O..;i..pM/...G9.+.~.G.s...N..1..|.......|..%..^KMd`..L.3..r|f.c ~.Y....re.p@\."h..m....v.M.c./e7G...o.q.PX'.V.L.I.;Z ..:9.......:h.....[.<2P6..wK..1'V....."/..HLu#...T.9.z.pue|....i4..,.uk....."......V_%.~..:'F..S......,%..C.B..eW".2CU_24..Z....".l.wr.2...hm..|,.].Q.`+....{.}.l ...M..hJ.)+.m.J.x;L.:.F.~I.@.$.X...._..5.H...WI...Iq6...d?..E.;.Z..O0*Y..rl.....%..{.,7.R.....^S..;... ....E.>..H..4......5..A..k.$..mx.15.d|...IH..u.Q.........V...+b?.cZ...7.......[..*|...]m?...v}.."....g_e...1..[.f..V.ar...E..8..xi..L.{A....6VD.=.7>6.X:84.,6.....bP'.A..r...P...%.C..;.|...k..=;,c...[|q.K.+r.S..w..xK....zV.r?.Y.du.p......Y.;...a....RV..-.....'O|..Jf......Z.*.\..gl.nt.'.o.%.>.q..N...........a.......[....wO.a... 4.....dw...i..M7~.2Vs,u.0.B..).D.g.+...F.........,.^..@...X...2..7.;.DB....~.........d.W.....^c..............4{]|.v!..s..W(P..dw...H$....D.0..M..H......q..`.@.zNt..r.=.]1Gr.A.......T;.p8......=.o_......;...:.

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\96LGQ1XY\21.220.1024[1].json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:2ABD0A14F8D298395DBD47F628E99060
          SHA1:1F2B35E4010DBE96CA805710A7B8E4CAA6EAED70
          SHA-256:D089C53A6AB36B496FF9EC82BB72952400A93785790F942BD3052156B2AD683C
          SHA-512:40C535682D933EE62105125510FECADE15D04BBBD4606CF54312A3C7DEACD8301653B71663EA018A8F032EF149248577210B2BCB283282556DE61115E77781F2
          Malicious:false
          Reputation:unknown
          Preview:{"ECS66..a..[N....V.....T;.@LF2.Gw..<......m.}.A......hD.8F.g..pND.(.......{~....\.:..>.U.a&.....f%..N[o...^..-.{.u.....K...$:........Aw.8...m...w+.O...5.r0...N........,.7f+h.D0...HG!.W...#.D.....u.Y..}E.DR.a..t..b..'[..3.2....KRyL=+....HUSpk./.(/..Z...*..M....%..%..4....>."......z...K..y6.f..3=....I{.w..4.ct\..+k..........R+.0...i..H....7...........3.&......Y*-.bk...{`...,..#^.F/...|)6..V.>R.}...O.\...*......._..F...z@C...i...}.....j.*.'.M....X.V....%/nTG8.W/S.a FcQV.iM$....Q....u..l...^.$.6b..O.<...3.yx..0W..Ut...!k*.g.B.2.,...g.V..}..z.A.]@...fX...c..%.}.i..,.0..s...........-.....C.....V..i.m.O....8.8...RtF.6..q.g<..d.._(.`..+.5.v}......D~..mD.R.$...M$8...k..!.Z..e....V.<?K.5.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\96LGQ1XY\AAehwh2[1].svg.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:SVG Scalable Vector Graphics image
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:F12895A876266C3B3CE049A883BEF62A
          SHA1:922BB0CC82010C4456AE6C059487E21D959FC251
          SHA-256:E21EC7BFA64ED5358007AFDE0B7A1F89B429D4B9F760436E8F97FF2E2740E7DE
          SHA-512:3C7F1D6E07C198F12A3583DE6D0A886F2AB22295D15682CF6E24186F576B33F11793CE3BD1C10E46B3F67CE03DD9A29DE47CC63A5A040AFDE889B87E8E73B2F7
          Malicious:false
          Reputation:unknown
          Preview:<svg E.he.Bw...=.v.b....J..b..t..).c.w;..|...~..8...<.@.<..~.........W.......x.`<....K>jM..J.O.h/2C....C7O..c.H)...w.X.oY..m."V{"S.........XG.BZ.:..+.w....Q. ...-|....Qm....h.%.p...~L..(........,..Q..G.>..b....4.&Q.Z^..g5.4.....7F'.e..<..#..H.`........I.?2...?.b..5..U._s.^..".2..4..A..S........Y........O.Z....C.=p...[7_1....S.`_6..0.(.o..>.)Yll.$...i.m...L..6...Z.."32@..Q. ....z...N.e.6......}"...'..@..6....6../.l.T....&..;..O.....w.........Fjd...r.(v.c...CP.hb-...,(g..Qlc.>F.DB.R6wZ$f....QH..+.i..._=.."...&..V.`.5W.tb|{>C..qIn..-.oDh]NT..-..T.....T..i.......1Z...$.\..1yi\.yw....:.,k..K.O;...d..1M.:.%".Q.M.4.9*.nq.*..b........p.....TN&k.......].m.P.u...&.h.<ohV.7+.+.......Wx..o....mH...].(9..5.JZ.v.....<}.R..H.n...;^...=.TR"c......^....q(..Z...8.F.:....'..^.,=..y..8K#.zM...Z......%.v80`.2..g...d'b.(./.pv.W#.k....Qa..94.E.T.paN..q..9...c..2.5p.8.=.:.}.0.?...xr.AE.)..r7........'...8@..z.u.-...e.+.7.....J7.u.K.U.j9.8W..%.....o...... ...kZ......

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\96LGQ1XY\PreSignInSettingsConfig[1].json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:20FEF21E67A5C1DE7E7114197E78D057
          SHA1:5DA0073B29556CD7C84E1B8F03EAB7405C19803C
          SHA-256:F5F0C0335D33FE526ADF165DF2634E23B0EF1E04C40D50301D006615BD9464C1
          SHA-512:FBA7F76CA6F0630457FB328137B74DBA1FDBF33C6AF87E08EC43CEE77466AFA5F962749A3336084D36997023B9BD9D2B7AD677E175F924F817AC640827907AE2
          Malicious:false
          Reputation:unknown
          Preview:{"ram(.M.e.........K...C.i.#.f....W...l....3.K......t!/.D...*.V.s..vC.....^........E.{>g.HW.O.s...Y....L.Z...\iG.q()..Z.{.-.u.YO..s....:H'4.P..!..b........?..r.z...}._6....&...J'..@Y..1.|...8..r&.x.e(Qk.|:.....j.x.;h....Sy..:.............q.QeKO.[.......eH.f.Do..z\z..?.o..4.~..."F:p'..-....3+<Q..>.#.6...:..o..o.s..'...,.hY....A.;V.4.IH.$H....X....q.C.N..r..s.E.....p.A...?.9.yY....N.....5..fq.f.M.k#..RR..~c....;.....j.6.=....&....Be._q..KQ.......1 E.....E..h.6.d.....DSK\..TW.'...L......n....@........wp.^.JyRM..*..9,...)=_=.l...k%ad....q3]z..<9..Y....W"b.......u.{...(..2.jE....~.{Fd..~.@.L...).I,adX..N.fo^P[U.Q.Z6-......A....?......m..ur&.U.@a..(...}.......r..........u|.^X...zO.Q.....f.9....d...P.A.D.G.x......q*...^..T....jz.K.`...'R.I.!M..r.....cd.7W..E).r....b...s...+..Y..@A..A..$.O.....E....nCZ.n.$....+...\..E..........x.=#..\.E(..p^D..M.f...r.7]........4.9.4..J.?n...s.$.|..vy...{....Z..9.!..Qq$"~..#.....Jc..J.Zl.<%h.H.tpE"m..

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\96LGQ1XY\PreSignInSettingsConfig[2].json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:7D0146AB9CBB6718E5EB2BBE62F2E55C
          SHA1:9785095CB46C9AF572BC6D84EA141E61522C6F8F
          SHA-256:D83C64047F09E9D9379DA2AB629C9BC954FDC3CDE5B5FE2CF9A4A54906A066AD
          SHA-512:4977B92CD66158F3D0B3371EF436DFA25EDA72E5271639FF1B254D49DB71AC4B36C3CD18101544F130B192CB1C63ED94DF1A0B1DAABE4E946CF85BC196BB725A
          Malicious:false
          Reputation:unknown
          Preview:{"ram.q........1....^..ov7... ..V..7`.....,...G.0.P..7`a...&..j~.3pI.....E.fY:....]3..._W.G.{:Mq'..K.W.t|t....j...........X...5....+x....J.9....}......mq&..[.Ln/....l..g....m7.)...T.V..t.&.....S.L.W....[.B.wn0..GNn+...r......!..........u..s-..)./>.\...S..%A.s.L.$.....U.>...|Z.R..\....lQ..f...k..uA.".tW]Od..c..Q....Al...!%..o&=.g.R.`P..uFW..;...B....AJ..T.E..(..3..5.I........g...D.K......+#.....{.......d....eKA........:...G(.....,6.y.S.X....Qp.6...5.."....O.x[.`.U....=.).|/r................xac...&...$.d!xJ.x......U.9h;..Q".I.0..!r.q"m]84.j.!.z..T.T.{3Q.P...o......{1,[...q..SC.j..`y.c.:...6).(!...>L..R.c^.... #.pS.....b|....@...o...HCVs...O..L..dac.8......H` ~.....@a}...2..q...f.1..Sb....FLR..}.&..\.w..A,7.3....v..r?.LV..?`..;XT....1u.y..].../+..i..r<..L..%.Z+...tP.!N.o....my..D.1a.|..d..\....m......7.p.[5..........{.'{.%%.f.dKh....h-.....Ue..w.....#.l%....v.8.\.r.+T.B..~. ..b..E....tfR.V.#..E..\=.:.i..h......q.gu..Zy.@b....S<j_D.z.=...Y..EQt.e.

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\96LGQ1XY\Windows[1].json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:61500281B7650251DA867C2905F5E175
          SHA1:8F8EF99F64629A77C36F6B478A52A146CCFA153A
          SHA-256:8DB5FB2DDB170AB9A104D47A6F31F1F0FF61ABD27C1F3FA450115BD40CC0386F
          SHA-512:A822C58ECD8BFACEFA2AE9E04B947D9AD7391657A25BFB43A5191DC9D8CAFD9D6961C5ED73F9EF8ACF831F160F64816716EFB935B70AA8D77B772D1E1448D0CF
          Malicious:false
          Reputation:unknown
          Preview:{"ser.09...@..u%u....y.....NieX'k........|Y........2nC........'.92S...(...7.s`..*...@...1f./.4M`......(....kr.X6p..`..`.F.i.&.....Y.r... 1...T...8c....*...r.r.(.....]* 4.JP....0.`t..O,.].?...|.3../-.9O.....*...I...u.....v....9B.W.A.x5...^./,...E/.u.r46.Ut.....ZL.....l....x.6.'.bZ......n.6.b'...5`C........+GT..}.9.PZ._......\...:.<.#SK...$p).'.0W%...qH]..F..05...tG...551{Jh..H........!.L.. ..[......B.CR.^ E.+...="?.1=.e....l.63..,..F.,O.M...]@5....a.P..AQ*.B..A9.".k.mbLYE..y~.:..x.|..A.cQ.7..Mr..44 .x..V.%..........L.u`......~.3.BK.y.Q_...S..<.\..pj.Q....zHF..m..OG{..~ ./-`Z.7..>..{.]~i.^...DC.v.....v#&..<...K.#"1..;6}.lK...P..... .}?.s..SZuMT.U..C.......S=...|...3.G.;..G8}vlC.)..4.{...........u't<..huO^QO...|b ..$......^Gs..c.v2.ZJP....o~6.Z........!...}..bN..'/2.....o~..|......g.....t.h..i.&.dr.....'.:.$.@x..H..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\96LGQ1XY\oneDs_f2e0f4a029670f10d892[1].js.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:4CF4C17283237EBF4769D11E649C79F2
          SHA1:1EC5F1A5A3B6AAF7F1E93526DF47FCCF2162094F
          SHA-256:A88E64404CE3FAE0D153360BC4B224A8C5EBA9A1A8D197DFDDA5E6C931FB09A5
          SHA-512:9CDB634E0A455F6CD65088023A3A464F5538406F71A7955CD90AA806BD76C3E2B64C600067842E9DDCEAFE25E974F9804811E0321E8CA05C3F844DC81CE341CE
          Malicious:false
          Reputation:unknown
          Preview:(wind...9....E.1S.C..P..9..W#P..du.*.X...dcp.Y..].E.E.........j..m.S..x.L.F.zsrv..sW...d.l..?1...Y.1y..x3.3(... s...&..{..*.j...n[BR.w.;5."b.).+...W2}...@.ClD.$}J.V.z>`3......A......k1.>w....*,......(U.`..w0.b.4T...xU...z.H|......d..fs4.x......./.y3..h.0.......XB...h...89.{..Gy6..*QF.....Q....0B.......I....?.}...Ud.^.$~.AE.x....%D[.,}..#...n......2.L...sa....C.^..,bA=r....g.....b,+....z....)c]L.X..........$6...m.#..X.n...../...:}.!A... ....Un!.....|.....;..Mxs...6.%f. .......t/...g.C..`.2G....o,...8R..`..E.sy@/..C9.x..D.%R.R>..F..iv(s.|.g2Y..Wg...s.o\?.`.I.......q.=G.............\sp..f "..t.9. .J.p.j!y#......"........)._ ...2...3v..}j.,{s.....8{.k.g.R.}.<DT....dg4..T?...'dgO..vr..X!O.[.e&.^-...U.2..W...P...^.8.....>.P.G..D..Au..i#.22......UIh...?f.M.?..A..$.k.z..g..o..b....*..........W...8[..S...;qw\-.....e..F.a.?.8..6.].&.&c./a.6yY..K..b....n..2..!.G..4>I..$gsg%H....4.E..{(....)."....1...5d.....r.$.2.t..../...a.'d.C.v..nB.uo.Q..2<.

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\GO30WR0E\ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2[1].js.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8317EC6F1B6F33F439E778D8D2B658A6
          SHA1:CBB87887148A6984A891461F8073649D25626F42
          SHA-256:4710C6ECC293671A5F7E17FC72C98EA856F37EBDF117145961ECA9120C9FBCE7
          SHA-512:CBB61D37EAF21535D4EC1D27EDE6A2FD58587D4D7A59308715BE9F2A5B9A589446C5EB3438DABFC21D08FF2894758AED84A9F2136D1001C71302E8117EE1DF99
          Malicious:false
          Reputation:unknown
          Preview:/*!. ."6j|.FV<......{......MW..z"..e..d?.d2....n..<.T.r<........1.m.BY[}W..-$-..t.1,+AC^.....B. ..6.}.`_c.9.a.uut4........,.."J....#...t..v...>.b3I..._.....4.<..I.U....ts.)..e........|rp0}0.....t..3?[..C......z...`4...".Z.......;.....q...zM..W .D..Nm^.r.E..t.:..@.<7.............%....5.,p.......N$m`...]...|.....t.RC~.5.)........Z.B..8..#.\.Q...W...K..d0>...X.O.u.......................&.&..VCI_..u][~u3g..{:.H..:.J./...oBo..W..W.....P..B.."....F;W..}.....7..7..S.rw6...'.]....ihH.............3..G....<"..m..:.T..Q..hl'>...b....H..ZzJ..W....B.r..... X.S...M.'t$..<8.d..4.....v.v...7..J.H.A.D...z..oXFPK......e..{..m8.V..f.[.D.....S..Wy......+..f.g..\..p..9:.l....R...x3.S.$...kh...5z....^..a.0.;..Q.....I..gStE)..8.@.s/..vi...,w...3Kl.`....8.k...?......[5ZG'......[...{.5............s47R..Y....w......p..O%Y....{.....3....Y.('...>..6r+...X.L....).....m...k.8.1x2.ccK..{2..).D0R `'B....e.<.<...=Dr.(.. c@..k.E......=.........y...u..OX..

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\GO30WR0E\Windows[1].json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:FFE14D5F3302A26C05B217A0AA0FB6BC
          SHA1:D4FE98151A826AAF098078095369499519DA5933
          SHA-256:759AF9B33E1B412AD3D16659545373EE574AAEDD1567AEA28801C68E969F41D3
          SHA-512:14C5EBC130C897E5C40EBA04C8067DDAB11EF77391C7F96C8C28FA599216D4BE7B791C11E135D16A78B53C1D79169044683C6088D18A1A4A1F3827A47F3A59EB
          Malicious:false
          Reputation:unknown
          Preview:{"ser.,jy.2H..^PeiT..m.l`..ce<..M.e.u...QB..-...>P.|.5.3...f.F..~..c...B.6./...X'..v_.:.%V.bk .K2_1....V..B.@..R bLS.4.......p&......v.Dq..!.l?..=S...t.$.p..<......T..:..Vo1..vVY.*<.:.O...t~..~.'.A..e....L0%....n....^...L%..~...=...q...G..j.B$....j.q.Z...j...?+.1d.(\.%..(...k"U...:U.+8Ft..O.0.......f...m.!....+.....)....~p[.F.......*..m.....N..).Dr....x.. ..ud..F.Q....l...3j;;.)yI.p.bbJ..C5em.t..lG.....s.......F....B%*.3......U..F."i..=C/.j.b...9..{..Q.RGo....-.....5P.S".N.c.j+Z..}.I.9..u.'.......N.X.~....7%A.+..l9.....*.w....O......&..N..h0.. .7..{V.L_....h>.D......9.....!.n.......mW*.....".v.....}B...Q...y(...x=.`#..i.......EW.....H..t-..+.......x.j......W.........Y..h....NA..g9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\GO30WR0E\Windows[2].json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:177C61F1B556997AF0C1654CBACB2EEB
          SHA1:102EDCC7D74EF1410C41E028E27B8B9912F47F77
          SHA-256:0EE0039BD7B88E8E439B53DF8E5BF62C4D85DCFAE997EE494A895EAEAD23FA18
          SHA-512:7A28A0B925F02BA47033B08D2DF13E0A48DC2BAB7817C5FA2867548963A3360E94672F601C35B3D6C0A3B1A15BC06C50DF23A177E160E02DB9379A93B8BA3F10
          Malicious:false
          Reputation:unknown
          Preview:{"ser.YV..*,A.-..)r.......2L..4...O..F.8.'.RYU$6w.r...:<.....O.1.+W.7.....pK~)..r((..`UM..=%..4"M.u`%9E....&..4..b...Q.c.m).a"prMjE.{..#B.D...<.T.w.....C2.JT.Xs.u.@2-..9.M.......2(..8...*y..A8S;.7...|..6....L._[........+....vU.T.;..pu.m...*...j...K.)q..h.yC...)...~x...b ...L..?{......\......n...'.....Otq..pBT^.N.Q.?..p?L&.Q.2...... ...9../..4XB..9.S.........^M. ...0.!^..t.H/%....'MB#...Yc.;.V.E..z....A.5..u4<...FH........N.p=..<.x.....I....^..Y........gwC..}...;/..!.[...G.U.k..Y..t...9.i.!....^......xV.x...T.+x.d^_.u..Mxx.6.N-g....q....'Q....xw`......v?:.U.h..v.D.7A.cZ.:..LM.,.Se.b.*. .;..nX..E..)7`..b)~.n.g.MK.9..';.....V..S.(.h...)R!h).Fh7=R....*......R..oy..Z..+9....p..<5tWv.9..j..O..|..9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\GO30WR0E\Windows[3].json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B93F8D1A67003F542CE54B5DAE7C2369
          SHA1:11F603F3FD91261D97EFFF8810C1E6A3629DBD3B
          SHA-256:896726C96ECF49C41ECB13D589A7AFF25DC8F35F1E218A7C21C0376D4A96FE42
          SHA-512:D8EAF8766A6C0A84A12A73692586C60E0558F55F3646A261ECB3CE78222BC1C45336D8FB55CE64320F4F1FE702CF7A02F01F7E568A442D0E830090A31C9E7269
          Malicious:false
          Reputation:unknown
          Preview:{"serA.3..4..$.).{....Y.-.k.{"..3...}.oj....12.a/....h.f.6..P....n. 5...Q.).......L.B..q.N,H0.6m......e.W.)2(..8v.Dy.;...3.......`.$....S9$._... ...L5.=..v..A.+...6+..c.-!V....~..@.l...P.}-.G.d....O.S.s.,......Kg:....1Uc...4......2h.........`...J...v...?l6.:....gp.eE?:.........R.n.b9.,.L.z.C4{..{NDW..4.DC.c.....?...n.<..bx.s........(.s.b..e1....f.f.ZG....0.;..lk.?..ZOI4.$x...9<t<.5.........%..A.N...`.....3c........!....;.d....I<F{.S)...u.."........@....X..PIW]I...w..3.<%....m.....f.x...$| ..N..@Z.~...v..RL......lU..7.~>H.x..G..N.........2...t..C....,.d...P.....n...2.o_.)........k.>HE-..?|......}g..x..Gz6.....Q.........#...P.'.s\bY.^..4.\.c..f....G..J..5.;."Z..1.W........+........j..G9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\NB937L4Q\741e3e8c607c445262f3add0e58b18f19e0502af[1].xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:21CE27BFDE35E7C00462159FCD3A2675
          SHA1:DCE96CD6EEEB2074A9F7A763AEA4A76AE2594A07
          SHA-256:5D9A2D6697AE5F8EF442D017881890186B925BA9D1F49401F7D52150ECE4D546
          SHA-512:CEF5ECA396FF98305C7EEFA6DD72A0330C782E7E15F82A69A5891941FA1559D85687113DBEAC019C3339999AEE014954BA603CAD8F923533FC5D4153870CE562
          Malicious:false
          Reputation:unknown
          Preview:.<?..v.{.Iu$J.......Zu.!_....V.c..b.A.K..O.A...8..n=.LD.^*]U...k2.4..w5...._.......6?....}3@..e.M.(D~...N...K...n......d@*6]..!...y..:..cr..t.1..Jp....,..1.I'..ok..7t-.$.A..............pf4..~...D.8/W..7[{ ..cS.r..r.@\%F..MN#.'........I/E.Q.l\.Iu.JE.....$......;..;..].T#....T....1e..W.d..Ic.-.5._.d..,8%.P.X....Nxu...6....q..A9I...(......3.z.:}.?=J.i.2. U.'tR...E^.X...$..?....l..z......3q[_......JL.1.#%.....`..J..5i.%....j.A.C...qD.}..}..a......(.~|g.....~.=....F...Beb.6.,I..t.].{n....U.5..V..2...k.CV.W.l.=.8..<^ ..L.z..O.a..".7.gkyQ5e.P..DS.o....Z.....]z&...+...p..3g..G...../....?.>W;.2.DOJU.s.rV[..a.1S..Ar -...}.x.!LqA.>y.9U..Z..4ib...U.h?U5....;...j...E..S."c..\.t.BS.;..6.....C..R-..|.1[_.....v....2..z..)z.c..F.....^')..#....NP.3..9:~,.hZ..c.E...I1L.....tm-.(K.`Cu...dy..8S...<.....@......w..S.S..x.2....9v.x...m...b...s`...|...u.....5.\.Dm.S4..*u7..v......-.|N..Sf.PX..Vj...._.Kg..c.*R..vp..;...O.....f.......AZ!.h.S...D..t............M4...G.

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\NB937L4Q\ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOqiqEgQ2[1].js.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1C0C55EC68CBB7B4264D4F206B5FC33B
          SHA1:09BAE818D990A8D0AFF1B2F1F4101401FA782C41
          SHA-256:8506E0BBECCAF7682726111F52F7336329943FE0934ACAF903575FBB6E6ACA9C
          SHA-512:5D210654267E6CFFF7B005F6157DD5FEA695B9BFF4819E5BBBBBBA0F63D1FFAE54D1D3676FA19EF084F574908BB3A9145C4A725192476DA90811487625D4076A
          Malicious:false
          Reputation:unknown
          Preview:!func.i.Jw..v.s.b..Af.'......4...0.u*...k..7!.Z*.%....L.^N?..!:4.}...v....S.}.[#P.$.6.). 4.........@V4X..G..18]...M.......>!.`$Y........i....>W.........I.w.$Q..x.w.t.t.<..7....n..s@...SD.=...]\].1.g..o...3d......[.......#....Fi..&...Q..iQ..9...0.....N......\hm.....q..-.De8x...d.....p`xGV..b..9...v/.b.fn..X...|FC....VF..."=.ST!...R.....}m.p..K...M..e......Us...c\..;.*....KK.....<.\...u.k... IX..3$..s/.j....j....2....<..r..8.X...s........<.|.'.../8..O..O....fv..........L!`.....l.rg.S.K.....wB{W.o....../.ml..>h..$H..L1.Nd.n.{.I?.CQa.pE.w.$cht_'@.....CS..JP.H...5.e....{r.m.Q.C.'S...je..q.M.r...i'dN.ap.9..o.c.~..U.hR...<.............u'<RzI..6..V...X.G.......#..N...~?}j....=.....3-1.[}*.KB5...F4R....OK..;:N....e.. +.y..NN.2k.....,=.4.....=.3|..z,...ab{..A...j.}.7>d.:t....D.o.mf....B.#.<k8....5... !)6:.5..\6 .Zy.yD"....b.z..]..z.I.|.tn.RD:~.+...q. ).>m..Nix$.f..k.{...........<AN{k.+..6..E.9#..C;nJ.c8......|0ib.y....3.)....[t.X.......p..$f

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\NB937L4Q\Windows[1].json.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:126ACD23B7C12D89330BD2DD1CFFBD2C
          SHA1:E6FA46A6325B27A6CEE003AE153F26BD534418CB
          SHA-256:78405793032415E7AB75450A3FA50137E2EAB4875AB0583C3F59A92585E20B4F
          SHA-512:21547C98A07F02DB58BEBDF7E1A70A727CCB3DC659B98D54DE0BA304CA6DF9503ACD77C3DED889613504F3C964FC01BDA7949D44AC28AD4FA93B5A9464EE9067
          Malicious:false
          Reputation:unknown
          Preview:{"ser.QS'....Q?..$m...$L-... .g.]6..17...DR..b..J~O!..c>V.~&K.q..z.S.?.>.....aZ6...........9.R.:.)J.Z^4.|...i\.U0!3.OT..p...#N....kj.!..W.w../.YQ..g.P.,BJ..f...5.s.@..%`.4....O7....6.f...iHr.="C..-oU.f..8..Y.t...(>U.=8..)0Sg(oA.+.B...`5.#C?..g...mID....s._.t.Y...9T%."...y ......J..<>TV.V.[....j.F..`..P.5.w.|..d...uf......."...p8..&.'..C......&$u{>.....F.B..z_...Q.o..<..U....l{.!..a%.. ....z...y.R.........t.s...B..h..Z.c.....a.I........e..:R.^.Q.~.B.c..A'..vv.SQ&..2.#.q.Ov.._....l.....1.....De.-k"<.!V$..FG.......%..A.zEb.........F.`b..`....85......&....M..UODI1.."k./...R..&...mA~_.}...,.1..lX.a.<'.i.D. ....S.>X...<..#.......BK...0......5.&.\-.... ..'.|t...P.KO. q$....F,2L.].."../t.j\..:....yH9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Local Settings\Temporary Internet Files\Content.IE5\NB937L4Q\update100[1].xml.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:55EAFB3296BCD6D34B0FABE2E6B5AD2E
          SHA1:D41701009BCCD9DBDFA78B96D1774FD3F9DABED7
          SHA-256:7CFB031BAECFC5D9C7CB303DBBE9D480E04E357375E0BCB72770FB92CE2E29F3
          SHA-512:27F714501D64E22A535FA1F46C8F5023751A82DA789ADA6494496150763CA93ED1CA35C4FF4911EC620A07B3BB6F906175DA3416FDA0D3C8F3458D24BE5ACB8D
          Malicious:false
          Reputation:unknown
          Preview:.<?z{.+..(R(Hbh.<.{......c~......:d...a.:.4..N..O...3U.....<.....s.g6.W..0.T#...1...<.....X.,S.p......s..a..}..g../I.f%.\...T4.].....A.E...i.......1...C........N..;l.t...!......b.k..O......:....v..J...O\+"3R....n...hN...~..M.gp...s^C....{.....q<....AM.....m9........#ze.....h..9@(6V..6.h.OG4...6+.tS3.H..D. .g.bHG..hZZ<.E.,..nR.............t.......P.~x..4.:.b....(..S2b..T..}z...*.#>.....1.....lv.m.gL...%Gw~.8....jm.7;....P..J...M..K.....q#`d....)#.sT..)..bP_......&B\..7.7....e..@ms.G.\...r...g....m...<....\.v....y.I...[.Nm..t..... _. V....0..1.d...@.#{J..$*..nn..T..St..r^.:4I{...5\^g...........s.......S..;!.....>@J{..Q....X..4ZY7....A ..7d.......F...p.`Q..o..x....d.u..t.*y.. .nS2...^m....o..4.21I.. A..&............o..V.......\OW..bJ.3Z5>c....m.-.t.....*....Qn.@...u.BGr......K.J.R.'a..9.U*.?/a...~..r.........?..|.QH&.<.g4a....}x.C...QrgE.,.-...^#..&NLh...+.v>q..Q.&hs..mY...$.W.. ..<..A.O........C.l.&~.:-..L.g.?...9pbW1L8qQshua0c0Kn

          C:\Users\user\Local Settings\bowsakkdestx.txt.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:E4E56354C1B3979B33EF35900BCBD56B
          SHA1:07C27B520013495978764F71E55EEA1CCBC4EEB1
          SHA-256:BB222DBA634B82B1D3B1B1B745373DA5574BC681261995B21CE3887983B6A926
          SHA-512:63C0478CFA008584B1FD7D20AAE02AC70FDDB09A595C61732CE73FB0703AB3D0AD5A3035F3D53EB31F1C59FCDB1D3737C46615E5A99BFF75388C2E696CFDB37A
          Malicious:false
          Reputation:unknown
          Preview:{"pub....\....J6.....Pc..,..jv3.}..Z.. <..7./..Y~..;F..q%2...#......OWaG+.%k...N...Z.kQ....sK...<..(.1.E.(.B.v..'l..}K...(..h.._67A.w#d..se.y..K.M.......A..+.........w.p.v|....![......N.0...F.D.+.2..z....N..@C.H..arQ;O.,.}..B|...rw..c..t..5+W:K..i..y......s.?.2..M...Ri~.....b..b.....x........T..+f.fA....E..;...F~..M...'.WC.{h.................d..:..p.fG~..R.{.p..xE.*tGP....(0....!S......w.w*.R.PM.w?..J.k.....O..@.l...X-D....f...2.o.~.X.B..2.+e'....j...E.X2.......#L...x..=u{.x.".I...C...Y|.9....-...3.}...x...=.06...%..k..Nd...KFR.{....:.o..D...uk...D..p....(,cU.`.5.............^.."ch..k.%.;...g....=../...r.\d.A.q.8...c\.p..u..C{...B(...W..Y..X5]......sL....@..S.y.....n.G....|{..Xls.O.$.x.>......x...+..F...Q.U..........q.w.o1.x~..M_o.0{8[w....;.p.."...#.7-..*iP.>+.(P.EGbm9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):1193
          Entropy (8bit):7.826424021941828
          Encrypted:false
          SSDEEP:
          MD5:47060341DADBA934DFDCB42C43CE433C
          SHA1:7FF006351E53FEDE84740DF3202AD335E6F45360
          SHA-256:6D36EA7AC6DCAA846BA0F4BCE6C68837B201CA871724066C7F7619F393E3D4B2
          SHA-512:33AF4D32AFD200EB74A43D32013CF5F9104AF02765AC7C4EE4B21B369E251B0662A7E0D667B628ABF8A22F65EEEEE0ABFD6547494EAEFFE03B779A44D949F5AB
          Malicious:false
          Reputation:unknown
          Preview:<?xml...!..A.2.I.$...`..6....a...S{+%.D.,9.4...o.....Bd["..9......PZ{~Pe.w...........wf.RC.u...v....l.....E.#[.a/...d..},....F...F.....M....p.T..w......-mp.$>..ccb$...@..s?7.....@..].IjD.m.'//...'..);....@...t.lP..1.:t.....?....}..71.of"...l......6..Z.PLZ....T{..#...i..].\.Q.%g_T..f.F]!.....f...U..\...YP.@.....Xj.9j... .].;.c...U....}r...g\e....r.k$Rd...@....Y.i.6...>.g.~-b.G.......9..#.?../.8...`......SPy+.i.8g..J.pX{.M.C.X...4..eG.:.z6.4.6.svz6Z./....j].2.OQ..`..>.........W3..#..9....C.....9.Y.7.....h.s.c.)L.......)1j...Z%..`0G....\.).S.....m.&I".R.Y.......`.n.1.7t@f.>...X.-.y.V .P_v.v....P...A.../..F.d.#.cg....1.f.C.K.d].zG/..a..+.....gJ.._.,...8...s,3....4bH...dIG......t....P.h?.+c.#.=Q.L/...2&..."]u'.g.-[.E.s}..\i.#...-w%..M.....d..["%.V#s.P.x.zSJ....qJ..<^P......-R.#b..g:.T# O.$..kY]...rkI.H..Y..tG..pe1.[..$...+...Y...Quu...O..X.t7>...p[.zX..9!..Sp'.Ak......>o%YX..*.@.w.E...6.(......RZV.m....Yv.D/..7....gn....`.`(.m3.....uh...~I..@Q..

          C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:47060341DADBA934DFDCB42C43CE433C
          SHA1:7FF006351E53FEDE84740DF3202AD335E6F45360
          SHA-256:6D36EA7AC6DCAA846BA0F4BCE6C68837B201CA871724066C7F7619F393E3D4B2
          SHA-512:33AF4D32AFD200EB74A43D32013CF5F9104AF02765AC7C4EE4B21B369E251B0662A7E0D667B628ABF8A22F65EEEEE0ABFD6547494EAEFFE03B779A44D949F5AB
          Malicious:false
          Reputation:unknown
          Preview:<?xml...!..A.2.I.$...`..6....a...S{+%.D.,9.4...o.....Bd["..9......PZ{~Pe.w...........wf.RC.u...v....l.....E.#[.a/...d..},....F...F.....M....p.T..w......-mp.$>..ccb$...@..s?7.....@..].IjD.m.'//...'..);....@...t.lP..1.:t.....?....}..71.of"...l......6..Z.PLZ....T{..#...i..].\.Q.%g_T..f.F]!.....f...U..\...YP.@.....Xj.9j... .].;.c...U....}r...g\e....r.k$Rd...@....Y.i.6...>.g.~-b.G.......9..#.?../.8...`......SPy+.i.8g..J.pX{.M.C.X...4..eG.:.z6.4.6.svz6Z./....j].2.OQ..`..>.........W3..#..9....C.....9.Y.7.....h.s.c.)L.......)1j...Z%..`0G....\.).S.....m.&I".R.Y.......`.n.1.7t@f.>...X.-.y.V .P_v.v....P...A.../..F.d.#.cg....1.f.C.K.d].zG/..a..+.....gJ.._.,...8...s,3....4bH...dIG......t....P.h?.+c.#.=Q.L/...2&..."]u'.g.-[.E.s}..\i.#...-w%..M.....d..["%.V#s.P.x.zSJ....qJ..<^P......-R.#b..g:.T# O.$..kY]...rkI.H..Y..tG..pe1.[..$...+...Y...Quu...O..X.t7>...p[.zX..9!..Sp'.Ak......>o%YX..*.@.w.E...6.(......RZV.m....Yv.D/..7....gn....`.`(.m3.....uh...~I..@Q..

          C:\Users\user\SendTo\Bluetooth File Transfer.LNK.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:11A0CE7034AF5A302697304324665803
          SHA1:2130DC2B69A82D6BFA9253D52BC1B708415A9891
          SHA-256:750A023B7F30A5B837F058C3002EDDEA3AC669728D2705A39D8206122D460EC0
          SHA-512:A5DC486E1EC75D755804AC0CDFA818ACA9ED690D572639F52A5403B69916AF0657E387C31EDECC29ADC6E4C96E68713FDDDDB2CC2907309D3418181DE3CFA5EA
          Malicious:false
          Reputation:unknown
          Preview:L....Ds..=..v.W.p*u.q.7c..n.r:....9&.....b.A.TSn...C.l...7....C.P!.).T.u...1...^._.<...."x........hp"~.2..r.s.....d......1.&.a.5.z.?N.....E..`.<b...R......k.Z.$..MC+..W...x?P={....Y..F0 .f..^{.Uh.l.. ...2....]...V.,...H... e.r.[...=..Bcqt....|...z..'.G.8._5..H...".T.7.B.m#..l{.7,...X.eh.)........zo...w.....f...kc...z......-?.GmA..q.&k...NrFu.........ajy....w.ZY.N.!.^...{...~.\]\..'..O.?l.0....f..*..P.L...cz..#..~!..;;V..d.~P.Y......i.2.W...&hi...-{B....p>K......@..o.!..*..j..di8....b.jny..%k...aDXp.Y....n.Qo.-.C*U.M...-.....I8..zu..w...j...J...i.........S).D<.F..F...*....#....O.(....6....$.C..7i.4..Q...".xy.;Z_.....3......D.!.;q.L!...`.|........I......._<..r..T[.................r%{t.@.>..T".......1..'..<.1.z5.,Y..y.......xm.?...7T.n...d4.'.z..r...LJ....6....,NH.....JO.o.@(3.y.E...K.:.."3.N8.S......:...p...#(dvQ.0.'....r9G.*.l..b.~...d.5....V...e.R.g..'... ..H.......^.{.........3X.......UT...V..k.Hs..,..a..$...v.... {..7..[}...c...8..4

          C:\Users\user\SendTo\Desktop (create shortcut).DeskLink.watz (copy)

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:43AAB24ED1BCDA7FD9FCAC870BD9EE2E
          SHA1:40F6159A95903EACEEE71AD29AB4E9A991CEF20F
          SHA-256:92304DDA043A2F32C9C31D977445565F1F9D1E81CF1A8B5C06C3EB3D45C89A54
          SHA-512:8011FED54F26283F5220DCEDBCD1B06B13DF4CFB632E5153521BDB5ED3C3E8BB4E06B74AF0C866891B5F8A693FCC5B202BD495EF16582D721F70F295CDD47451
          Malicious:false
          Reputation:unknown
          Preview:deskt..Q.I..}$...e..9~...j..]..(...X.U".x.X.`I.|z.~.....>.r.A.$U.0VAo|.m......<..D`ZE.8!-.B..'..@.P\......Y.f..<..x..../...<....8W)7..a..t.bb{1c..5KF.$.^7.q.&...Y..O..(..r.d....j4{..k....7.Ybw..K.z..=l.@n8B..p../q f.`r}.Nn.C....~e...aa..=e...}z.9pbW1L8qQshua0c0KnGl87DEySlTicffxDNvdKO6{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

          C:\_readme.txt

          Download File
          Process:C:\Users\user\Desktop\Wm0uFsapfrnONF16Njxegq7s.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1381
          Entropy (8bit):4.884505111036778
          Encrypted:false
          SSDEEP:
          MD5:486F646784F099ABCAA66E834929A7C2
          SHA1:36462925C21CE4747DF55351966CFEE5B559C857
          SHA-256:11556F8503F3597CA63702D5057198ACD99ED35695A9D4E824F9B5A323CA877F
          SHA-512:13CCA552C1F56B3208706C9137C8E97D518B13CF109C2FD2DFDD3AAB3E34AEA62E3E38715C97BA9F7628E46603A73D79067BE303CBF0FE37AAEA007D56CEE226
          Malicious:true
          Reputation:unknown
          Preview:ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...Do not ask assistants from youtube and recovery data sites for help in recovering your data...They can use your free decryption quota and scam you...Our contact is emails in this text document only...You can get and look video overview decrypt tool:..https://wetransfer.com/downloads/abe121434ad837dd5bdd03878a14485820240531135509/34284d..Price of private key and decrypt software is $999...Discount 50% available if you contact us first 72 hours, that's price for you is $49

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):6.827754205591974
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.96%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:Wm0uFsapfrnONF16Njxegq7s.exe
          File size:857'600 bytes
          MD5:b3757b09ed2150ce857f446c0c61363c
          SHA1:04536100a4a8fc27dde91e006f4e2ea6b398b65e
          SHA256:4bb311ba0e479264b1d3c7deab5bfb44b0c1fb100d82aa7d605369b0ac938981
          SHA512:c7fb0efb95a96177bcbc50a60f2d900f4f7328a0a98a64ead6fc6e00f52502c904815e1e0a8b309a764c77db1fa65a8e5da5104593e0d987fb6bf3f794a82119
          SSDEEP:24576:c3eL/rX2Ev8KDHwSPxDwauHfz/eicEeb+8TYLL:NLz7x7PP+H7e0YfT4
          TLSH:250522807D54C433E47284744C14CEE1692AB967ABF68B5F3E50BB7B7C322925E26372
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V..............!............... .......................%.....................Rich............PE..L......c...................

          File Icon

          Icon Hash:63716de961436e0f

          Static PE Info

          General

          Entrypoint:0x402064
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:TERMINAL_SERVER_AWARE
          Time Stamp:0x63F42ED6 [Tue Feb 21 02:39:18 2023 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:5
          OS Version Minor:1
          File Version Major:5
          File Version Minor:1
          Subsystem Version Major:5
          Subsystem Version Minor:1
          Import Hash:694d481161f15a3a50297f304cce5a11

          Entrypoint Preview

          Instruction
          call 00007FA420DD34FBh
          jmp 00007FA420DD14FEh
          push edi
          mov eax, esi
          and eax, 0Fh
          test eax, eax
          jne 00007FA420DD1737h
          mov edx, ecx
          and ecx, 7Fh
          shr edx, 07h
          je 00007FA420DD16D7h
          jmp 00007FA420DD1678h
          lea ebx, dword ptr [ebx+00000000h]
          movdqa xmm0, dqword ptr [esi]
          movdqa xmm1, dqword ptr [esi+10h]
          movdqa xmm2, dqword ptr [esi+20h]
          movdqa xmm3, dqword ptr [esi+30h]
          movdqa dqword ptr [edi], xmm0
          movdqa dqword ptr [edi+10h], xmm1
          movdqa dqword ptr [edi+20h], xmm2
          movdqa dqword ptr [edi+30h], xmm3
          movdqa xmm4, dqword ptr [esi+40h]
          movdqa xmm5, dqword ptr [esi+50h]
          movdqa xmm6, dqword ptr [esi+60h]
          movdqa xmm7, dqword ptr [esi+70h]
          movdqa dqword ptr [edi+40h], xmm4
          movdqa dqword ptr [edi+50h], xmm5
          movdqa dqword ptr [edi+60h], xmm6
          movdqa dqword ptr [edi+70h], xmm7
          lea esi, dword ptr [esi+00000080h]
          lea edi, dword ptr [edi+00000080h]
          dec edx
          jne 00007FA420DD1615h
          test ecx, ecx
          je 00007FA420DD16BBh
          mov edx, ecx
          shr edx, 04h
          test edx, edx
          je 00007FA420DD1689h
          lea ebx, dword ptr [ebx+00000000h]
          movdqa xmm0, dqword ptr [esi]
          movdqa dqword ptr [edi], xmm0
          lea esi, dword ptr [esi+10h]
          lea edi, dword ptr [edi+10h]
          dec edx
          jne 00007FA420DD1661h
          and ecx, 0Fh
          je 00007FA420DD1696h
          mov eax, ecx
          shr ecx, 02h
          je 00007FA420DD167Fh
          mov edx, dword ptr [esi]
          mov dword ptr [edi], edx
          lea esi, dword ptr [esi+04h]
          lea edi, dword ptr [edi+04h]
          dec ecx
          jne 00007FA420DD1665h
          mov ecx, eax
          and ecx, 00000000h

          Rich Headers

          Programming Language:
          • [C++] VS2010 build 30319
          • [ASM] VS2010 build 30319
          • [ C ] VS2010 build 30319
          • [IMP] VS2008 SP1 build 30729
          • [RES] VS2010 build 30319
          • [LNK] VS2010 build 30319

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0xa37c80x3c.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d120000x80a0.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
          IMAGE_DIRECTORY_ENTRY_DEBUG0xa38040x1c.rdata
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa31780x40.rdata
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0xa10000x188.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x9f3ae0x9f40008afe2c56c62e23347d51f08db482cdbFalse0.9434007677590267data7.882834863988078IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rdata0xa10000x30660x320031c819e1d3171a808f09e8a5cb9e4677False0.33640625DOS executable (COM, 0x8C-variant)4.907015633341945IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0xa50000x1c696840x24c00b47ecaa49a98fca7def2e31e78971884unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .yug0x1d0f0000x4000x4000f343b0931126a20f133d67c2b018a3bFalse0.0166015625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .ruwuvoh0x1d100000x18460x1a003c63825015aabd810674f44afac6d12bFalse0.004356971153846154data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .rsrc0x1d120000x80a00x8200fbbee300bac06b9d7418141fb9f1ff5bFalse0.31775841346153844data4.091438032198023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_CURSOR0x1d155d00x130Device independent bitmap graphic, 32 x 64 x 1, image size 00.4375
          RT_CURSOR0x1d157000xb0Device independent bitmap graphic, 16 x 32 x 1, image size 00.44886363636363635
          RT_CURSOR0x1d157d80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.27238805970149255
          RT_CURSOR0x1d166800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.375
          RT_CURSOR0x1d16f280x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5057803468208093
          RT_CURSOR0x1d174c00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.30943496801705755
          RT_CURSOR0x1d183680x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.427797833935018
          RT_CURSOR0x1d18c100x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5469653179190751
          RT_ICON0x1d124800x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0TeluguIndia0.533410138248848
          RT_ICON0x1d12b480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0TeluguIndia0.41109958506224065
          RT_ICON0x1d150f00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0TeluguIndia0.44769503546099293
          RT_STRING0x1d194380x7d8dataTeluguIndia0.4213147410358566
          RT_STRING0x1d19c100x28cMatlab v4 mat-file (little endian) , numeric, rows 0, columns 0TeluguIndia0.4754601226993865
          RT_STRING0x1d19ea00x1fcdataTeluguIndia0.4940944881889764
          RT_ACCELERATOR0x1d155880x48dataTeluguIndia0.8333333333333334
          RT_GROUP_CURSOR0x1d157b00x22data1.0588235294117647
          RT_GROUP_CURSOR0x1d174900x30data0.9166666666666666
          RT_GROUP_CURSOR0x1d191780x30data0.9375
          RT_GROUP_ICON0x1d155580x30dataTeluguIndia0.9375
          RT_VERSION0x1d191a80x28cPGP symmetric key encrypted data - Plaintext or unencrypted data0.5291411042944786

          Imports

          DLLImport
          KERNEL32.dllEnumResourceNamesW, HeapCompact, SetEndOfFile, LocalCompact, CreateHardLinkA, GlobalAlloc, LoadLibraryW, ReadConsoleInputA, IsBadWritePtr, IsBadStringPtrA, GlobalUnlock, GetLastError, SetLastError, GetProcAddress, CreateJobSet, LoadLibraryA, SetConsoleCtrlHandler, AddAtomW, CreateEventW, HeapLock, EnumResourceTypesW, GetModuleFileNameA, GetOEMCP, GetCurrentDirectoryA, GetFileTime, GetCurrentThreadId, Module32NextW, GetDiskFreeSpaceExW, TerminateJobObject, DebugBreak, CreateFileW, WriteConsoleW, CloseHandle, FlushFileBuffers, GetConsoleMode, HeapAlloc, GetCommandLineW, HeapSetInformation, GetStartupInfoW, IsProcessorFeaturePresent, GetModuleHandleW, ExitProcess, DecodePointer, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, TerminateProcess, GetCurrentProcess, HeapFree, WriteFile, GetStdHandle, GetModuleFileNameW, HeapCreate, ReadFile, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, InterlockedIncrement, InterlockedDecrement, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LeaveCriticalSection, EnterCriticalSection, Sleep, MultiByteToWideChar, SetFilePointer, RtlUnwind, GetCPInfo, GetACP, IsValidCodePage, WideCharToMultiByte, HeapSize, HeapReAlloc, SetStdHandle, LCMapStringW, GetStringTypeW, GetConsoleCP, RaiseException
          USER32.dllGetKeyboardLayout, CharUpperBuffA, SetCursorPos, LoadMenuW, GetSysColorBrush, GetSystemMetrics, SetCaretPos, GetMessageTime

          Possible Origin

          Language of compilation systemCountry where language is spokenMap
          TeluguIndia